Smart Card Planning & Deployment
Smart card system design requires advance planning to be successful and to avoid problems. It is highly recommended that you graphically diagram the flow of information for your new system. The first question to consider is 'will the card and system transact information, or value, or both?' If it stores keys or value (i.e.; gift certificates or sports tickets), greater design detail is required than in data-only systems. When you combine information types on a single card, other issues arise. The key to success is not to overrun the system with features that can confuse users and cause problems in management. It is recommended that you phase-in each feature set as each one is working. To properly implement a functional smart card system, you should be able to answer the following questions.
NOTE: These are only general guidelines, provided as a basis for your individual planning. Many other steps may be involved and are not mentioned here. For more extensive planning information regarding identity management and national IDs we recommend that you review the GSA Smart Card Handbook.
- Is there a clear business case? Including financial and consumer behavior factors?
- Will the system be single or multi-application?
- What type of information do I want to store in the cards (ie; data or value)?
- How much memory is required for each application?
- If multi-application, how will I separate different types of data?
- Will card data be obtained from a database? Or loaded every time?
- Will this data concurrently reside on a database?
- How many cards will be needed?
- Are card/infrastructure vendors identified? What are the lead times?
- What are the security requirements?
2. Does all, or only some of the data need to be secure?
3. Who will have access to this information?
4. Who will be allowed to change this information?
5. In what manner shall I secure this data i.e. encryption, Host passwords, card passwords/PINs or all of these?
6. Should the keys/PINs be customer or system-activated?
7. What form of version control do I want?
- Should the value in the cards be re-loadable or will the cards be disposable?
- How will I distribute the cards?
- How will cards be activated and loaded with value?
- What type of card traceability should I implement?
- What is the minimum and maximum value to store on each card?
- Will there be a refund policy?
- How many types of artwork will be included in the issuance?
- Who will do the artwork?
- What is needed on the card? For example signature panels, magnetic stripe, embossing etc.
Multi-Application Card Systems
It is highly recommended that you graphically diagram the flow of information as shown below.
Large distributed multifunction systems require lots of advance planning to make them effective. Smart cards often act as the glue between disparate software applications and use cases. Below is an example of a multifunction card that is issued by a large enterprise or government. Everywhere you see a CD is a separate and distinct software application that interacts with the data and service from the card.
The critical first step in this type of planning is to understand the data requirements on the card as it relates to each disparate software application that your project will deploy.
Building a smart card system that stores value i.e. gift certificates, show tickets, redemption points or cash equivalents requires an attention to detail not necessary in other information management systems. The most important detail of a successful stored value card is that the card and program are perceived by users as being compelling, justifying the switch from other payment options.
User information and system wide training should be part of your budget. It is recommended that you phase-in each feature set after the first one is working. Here is a list of some questions that are pertinent to these systems in addition to the above questions.
As the minimum steps in deploying a stored value or multi-application system, establish clear achievable program objectives:
- Make sure the organization has a stake in the project's success and that management buys into the project
- Set a budget
- Name a project manager
- Assemble a project team and create a team vision
- Graphically create an information - card and funds-flow diagram
- Assess the card and reader options
- Write a detailed specification for the system
- Set a realistic schedule with inch-stones and mile-stones
- Establish the security parameters for both people and the system
- Phase-in each system element, testing as you deploy
- Reassess for security leaks
- Deploy the first phase of cards and test, test
- Train the key employees responsible for each area
- Set-up a system user manual
- Check the reporting structures
- Have contingency plans should problems arise
- Deploy and announce
- Advertise and market your system