What is a Smart Card

What is a Smart Card?
The smart card is one of the latest additions to the world of information technology. Similar in size to today's plastic payment card, the smart card has a microprocessor or memory chip embedded in it that, when coupled with a reader, has the processing power to serve many different applications. As an access-control device, smart cards make personal and business data available only to the appropriate users. Another application provides users with the ability to make a purchase or exchange value. Smart cards provide data portability, security and convenience.

Memory vs. microprocessor
Smart cards come in two varieties: memory and microprocessor. Memory cards simply store data and can be viewed as a small floppy disk with optional security. A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on the card. Similar to a miniature computer, a microprocessor card has an input/output port operating system and hard disk with built-in security features.

Contact vs. contactless
Smart cards have two different types of interfaces: contact and contactless. Contact smart cards are inserted into a smart card reader, making physical contact with the reader. However, contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. A combi card combines the two features with a very high level of security.

How are smart cards used?
Smart cards help businesses evolve and expand their products and services in a changing global marketplace. The scope of uses for a smart card has expanded each year to include applications in a variety of markets and disciplines. In recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications. Information Technology Businesses, the government and healthcare organizations continue to move towards storing and releasing information via networks, Intranets, extranets and the Internet. These organizations are turning to smart cards to make this information readily available to those who need it, while at the same time protecting the privacy of individuals and keeping their informational assets safe from hacking and other unwanted intrusions. In this capacity, smart cards enable:

• Secure logon and authentication of users to PCs and networks
• Secure B2B and B2C e-commerce
• Storage of digital certificates, credentials and passwords
• Encryption of sensitive data

Wireless Communications
People using the Global System for Mobile communications (GSM) standard for mobile phones use smart card technology. The smart card is inserted or integrated into the mobile handset. The card stores personal subscriber information and preferences that can be PIN code protected and transported from phone to phone. The smart cards enable:

• Secure subscriber authentication
• Roaming across networks
• Secure mobile value added services

Wireless providers benefit from reduced fraud thanks to the security offered by smart cards. With the advent of mobile services such as mobile commerce, web browsing, and information services, wireless providers rely on smart cards to act as the security mechanism to protect those services.

As a result, smart cards are beginning to move beyond GSM to secure mobile services for other wireless standards as well.

Commercial Applications
Smart cards also provide benefits for a host of commercial applications in both B2B and B2C environments. The smart card’s portability and ability to be updated make it a technology well suited for connecting the virtual and physical worlds, as well as multi-partner card programs. The cards store information, money, and/or applications that can be used for:

• Banking/payment
• Loyalty and promotions
• Access control
• Stored value
• Identification
• Ticketing
• Parking and toll collection

Multiple applications can be stored on the card, enabling partnering on card programs and providing added convenience to the card reader.

What is the potential for the smart card business?
A survey completed by Card Technology Magazine indicated that the industry had shipped more than 1.5 billion smart cards worldwide by the end of 1999. Over the next five years, the industry will experience steady growth, particularly in cards and devices to conduct electronic commerce and to enable secure access to computer networks. A March 10, 2000 study by Dataquest predicts almost 28 million smart card shipments (microprocessor and memory) in the U.S. for 2000. According to this study, an annual growth rate of 60% is expected for U.S. smart card shipments between 1998 and 2003. Smart Card Forum Consumer Research, published in early 1999, provides additional insights into consumer attitudes towards application and use of smart cards. This primary research publication is available from the Forum for a modest fee.

Why are other countries ahead of the North America in applying smart card technology?
Card issuers in different countries are building their business case to justify the issuance of smart cards for different reasons. Here in the U.S., American Express launched the first wide-scale rollout of smart cards in 1999 with Blue from American Express, a credit card with a smart chip that offers extra security when shopping online. New markets, or markets that are evolving for other reasons, will further help make smart cards widespread in North America. Two examples are the network computing and cellular telephone industries that use smart cards to authenticate users in new systems that demand the utmost in security.

Why are interoperability and enforced standards crucial to widespread adoption of smart cards?
Even though there are hundreds of smart card pilots in existence around the world, users may not take a card from one country or scheme and use it in another. An industry-wide trend toward interoperability and open platforms is now emerging, enabling the development of cards and applications that will work together in open environments. To do this, the industry must examine the business and technical issues surrounding the need for standardized interfaces between cards, terminals and slots, which is the key to securing dramatic growth for the industry.

The International Organization for Standardization (ISO) has developed standards for smart cards. These standards were developed for use by multiple industries. Individual industries are now developing proprietary versions of these ISO standards to support their own specific smart card applications. There are numerous standards developed by members of the Forum, and others, to support and promote smart card standards.

What are the major benefits that smart cards offer consumers?
Smart cards contain unique features that bring many benefits to both consumers and issuing organizations:

What is a multiple application card?
A multiple application card is a smart card that can support different types of applications on the card itself thereby reducing the number of cards in the wallet. For example, the chip on Blue from American Express currently offers two applications: extra security when shopping online using a PC smart card reader and online wallet, and a ticketing application that verifies a Card member’s ticket order. Blue uses a multiple application operating system and American Express plans to add other applications to the card’s smart chip.

Meanwhile, Visa’s multiple application card strategy is based on providing applications that add value to Visa’s core credit and debit payment products. A key component to Visa’s multi-application offering is the flexible Open Platform technology. In addition to providing added application security through the use of ‘firewalls’ on the chip, the Open Platform allows for downloading new applications to the chip, without having to reissue the card.

How is a smart card different from the magnetic stripe card that I carry in my wallet?
A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).

What is the cost of an average smart card?
Trying to respond to this question is like asking the cost of a car without defining whether it is a used VW or a new Rolls Royce. The price of a smart card depends upon its capacity. The average price for all microprocessor cards is $3.79 USD each, whereas, the average price for a memory card is estimated at $0.47 USD.

Why is reloadability important to the development of the smart card vis-à-vis disposable cards?
There are markets for both disposable and reloadable cards. Disposable cards work well for an event and as a collectible card. If the card is a multiple application card supporting, for example, debit and/or credit and stored value, the customer would not want to throw this type of card away. It would be more appropriate if the stored value application is reloadable. A standalone reloadable card (as opposed to a standalone disposable card) is very attractive to some customers. This customer would tend to be someone who uses their stored value on a frequent basis perhaps for public transportation, corporate cafeteria etc. and wants to be able to reload the card on a periodic basis rather than have to buy a new card each time.

How secure and confidential are smart cards?
Smart cards actually offer more security and confidentiality than other financial information or transaction storage vehicles, making it a perfect solution for e-commerce transactions. A smart card is a safe place to store valuable information such as private keys, account numbers, pass-words, or personal information. It's also a secure place to perform processes that one doesn't want exposed to the world, for example, performing a public key or private key encryption. Smart cards have computational or processing power to provide greater security, allowing verification of the cardholder. Entering a PIN is one method of verification, biometrics is another. The benefit of the smart card is that you can verify the PIN or fingerprint securely, off-line.

Smart card glossary

Authentication	The process whereby a card or a terminal verifies that the other party is genuine.
Biometrics	The technique of studying physical characteristics of a person such as fingerprints, hand geometry, eye structure or voice pattern.
Chip	A piece of silicon etched with electronic circuits (synonym: Integrated Circuit)
Electronic Purse	A small portable device which contains electronic money. It is sometimes called an electronic wallet or stored value card.
GSM	(Global System for Mobile Communications) A European standard for digital cellular telephones that has now been widely adopted throughout the world.
Microprocessor	A chip that serves as the Central Processing Unit controlling a computer. It provides programmable intelligence.
Personalization	During this process, a smart card is modified to contain the information for one person.
SIM	(Subscriber Identification Module) A specific type of smart card for GSM systems holding the subscriber’s ID number, thus allowing him/her to call from any GSM device.