Smart Card Overview
A smart card, typically a type of chip card, is a plastic card that contains an embedded computer chip–either a memory or microprocessor type–that stores and transacts data. This data is usually associated with either value, information, or both and is stored and processed within the card's chip. The card data is transacted via a reader that is part of a computing system. Systems that are enhanced with smart cards are in use today throughout several key applications, including healthcare, banking, entertainment, and transportation. All applications can benefit from the added features and security that smart cards provide. According to Eurosmart, worldwide smart card shipments will grow 10% in 2010 to 5.455 billion cards. Markets that have been traditionally served by other machine readable card technologies, such as barcode and magnetic stripe, are converting to smart cards as the calculated return on investment is revisited by each card issuer year after year.
First introduced in Europe nearly three decades ago, smart cards debuted as a stored value tool for payphones to reduce theft. As smart cards and other chip-based cards advanced, people found new ways to use them, including charge cards for credit purchases and for record keeping in place of paper.
In the U.S., consumers have been using chip cards for everything from visiting libraries to buying groceries to attending movies, firmly integrating them into our everyday lives. Several U.S. states have chip card programs in progress for government applications ranging from the Department of Motor Vehicles to Electronic Benefit Transfers (EBTs). Many industries have implemented the power of smart cards in their products, such as the GSM digital cellular phones as well as TV-satellite decoders.
Why Smart Cards
Smart cards improve the convenience and security of any transaction. They provide tamper-proof storage of user and account identity. Smart card systems have proven to be more reliable than other machine-readable cards, like magnetic stripe and barcode, with many studies showing card read life and reader life improvements demonstrating much lower cost of system maintenance. Smart cards also provide vital components of system security for the exchange of data throughout virtually any type of network. They protect against a full range of security threats, from careless storage of user passwords to sophisticated system hacks. The costs to manage password resets for an organization or enterprise are very high, thus making smart cards a cost-effective solution in these environments. Multifunction cards can also be used to manage network system access and store value and other data. Worldwide, people are now using smart cards for a wide variety of daily tasks, which include:
SIM Cards and Telecommunication
The most prominent application of smart card technology is in Subscriber Identity Modules (SIM), required for all phone systems under the Global System for Mobile Communication (GSM) standard. Each phone utilizes the unique identifier, stored in the SIM, to manage the rights and privileges of each subscriber on various networks. This use case represents over half of all smart cards consumed each year. The Universal Subscriber Identification Modules (USIM) is also being used to bridge the identity gap as phones transition between GSM, UTMS, and 3G network operators.
Loyalty and Stored Value
Another use of smart cards is stored value, particularly loyalty programs, that track and provide incentives to repeat customers. Stored value is more convenient and safer than cash. For issuers, float is realized on unspent balances and residuals on balances that are never used.
For multi-chain retailers that administer loyalty programs across many different businesses and POS systems, smart cards can centrally locate and track all data. The applications are numerous, such as transportation, parking, laundry, gaming, retail, and entertainment.
Securing Digital Content and Physical Assets
In addition to information security, smart cards can ensure greater security of services and equipment by restricting access to only authorized user(s).
Information and entertainment is being delivered via satellite or cable to the home DVR player or cable box or cable-enabled PC. Home delivery of service is encrypted and decrypted via the smart card per subscriber access. Digital video broadcast systems have already adopted smart cards as electronic keys for protection./p>
Smart cards can also act as keys to machine settings for sensitive laboratory equipment and dispensers for drugs, tools, library cards, health club equipment etc. In some environments, smart card enabled- SD and microSD cards are protecting digital content as it is being delivered to the mobile hand-sets/phones.
Smart cards make it easy for consumers to securely store information and cash for purchasing. The advantages they offer consumers are:
- The card can carry personal account, credit and buying preference information that can be accessed with a mouse click instead of filling out forms.
- Cards can manage and control expenditures with automatic limits and reporting.
- Internet loyalty programs can be deployed across multiple vendors with disparate POS systems and the card acts as a secure central depository for points or rewards.
- Micro Payments - paying nominal costs without transaction fees associated with credit cards, or for amounts too small for cash, like reprint charges.
Bank Issued Smart Cards
Around the globe, bank controlled co-ops (Visa, MasterCard, Discover, and American Express) have rolled out millions of smart cards under the EMV (Europay, MasterCard, VISA) standard. Often referred to as chip and PIN cards; these are the de facto types of cards for bank issuance in most countries except the U.S. As Canada has just recently started its regulatory shift to EMV cards, the U.S. will be the sole island in North America that has not yet made the adoption, which is being driven by the increased types of fraud with both credit and debit cards. Smart cards have been proven to secure transactions with regularity, so much so that the EMV standard has become the norm.
As banks enter competition in newly opened markets such as investment brokerages, they are securing transactions via smart cards at an increased rate. This means:
- Smart cards increase trust through improved security. Two-Factor Authentication insures protection of data and value across the internet. Threats such as the "Man in the middle" and "Trojan Horses" that replay a user name and password are eliminated
- This is improving customer service. Customers can use secure smart cards for fast, 24-hour electronic funds transfers over the internet
- Costs are reduced: transactions that normally would require a bank employee's time and paperwork can be managed electronically by the customer with a smart card
The explosion of health care data introduces new challenges in maintaining the efficiency of patient care and privacy safeguards. Smart cards address both of these challenges with secure, mobile storage and distribution of patient information, from emergency data to benefits status. Many socialized countries have already adopted smart cards as credentials for their health networks and as a means of carrying an immediately retrievable Electronic Health Record (EHR). Smart card benefits in healthcare include:
- Rapid, accurate identification of patients; improved treatment
- Reducing fraud through authentication of provider/patient visits and insurance eligibility
- A convenient way to carry data between systems or to sites without systems
- Reducing record maintenance costs
Embedded Medical Device Control
For years, embedded controllers have been in many types of machines, governing the quality and precision of their function. In Healthcare, embedded smart cards ensure the best and safest delivery of care in devices such as dialysis machines, blood analyzers and laser eye surgery equipment.
Enterprise and Network Security
Microsoft Windows, Sun Microsystems (a subsidiary of Oracle Corporation) and all new versions of Linux have built-in software hooks to deploy smart cards as a replacement for user name and passwords. Microsoft has built a complete credential platform around the Scard DLL and Crypto Service Provider (CSP). With enterprises realizing that Public Key Infrastructure (PKI)-enhanced security is what is needed for widely deployed employees, a smart card badge is the new standard. Business-to-business Intranets and Virtual Private Networks (VPNs) are enhanced by the use of smart cards. Users can be authenticated and authorized to have access to specific information based on preset privileges. Additional applications range from secure email to electronic commerce.
Businesses and universities of all types need simple identity cards for all employees and students. Most of these individuals are also granted access to certain data, equipment, and departments according to their status. Multifunction, microprocessor-based smart cards incorporate identity with access privileges and can also store value for use in various locations, such as cafeterias and stores. Many hotels have also adopted ISO 7816 type card readers to secure staff-only rooms and facilities.
All U.S. government and many corporations have now incorporated a contactless reader as an access point to their facilities. Some companies have incorporated a biometric component to this credential as well. The older systems deploy a simple proximity card system as the gate keeper. But as the security requirements have become stronger and the cost of ISO 14443 standard systems have become lower, the world is rapidly adopting this new standard. This market shift is partially driven by the US government’s adoption of the mandated Personal Identity Verification (PIV) standard. There is a rich ecosystem of suppliers and integrators for this standard.