Jo-Ann Fourie from risk management specialists PIC Solutions, South Africa
Credit card fraud has long been the bane of banks around the globe. And now, with Internet shopping becoming more popular by the nanosecond, it has become extremely high priority to try to stabilise this thorn in the side of the financial sector. The most notable benefits of smart cards must be their off-line functionality, their enhanced security and anti-fraud features, and their ever-developing compatibility with data manipulation.
The aim of finding more secure authentication methods would be to prevent the ease with which the older, signature based payment forms have been replicated and fraudulently used to date. As an example, if a password is compromised it is a simple matter for an unauthorised hacker to gain access to a 'protected' system. But when the access to that same system also requires the physical presence of a computer chip smart card to be inserted into a reader, life is made that much more difficult for the would-be fraudster. Couple this with the further authentication using a Personal Identification Number (PIN), and the process becomes even more water-tight. What makes it even more attractive than the magnetic stripe security is the fact that, as soon as the security is compromised in any way, one can upgrade the software on the card without replacing the card.
What is the smart card?
The smart card typically looks very much like its predecessor, the magnetic stripe card. But rather than the magnetic stripe it is embedded with a small computer chip, often visible. It is still capable of storing information like the magnetic strip card. But, and here is the main difference, the smart card's computer chip can be programmed to perform tasks after the initial production. Unlike its predecessor the data stored in the chip can be manipulated and changed, thereby creating a mini 'computer card', for lack of a better description.
The embedded chip can consist of a simple EPROM memory (e.g. telephone call-cards use this). In more advanced forms it can also include an 8-bit microprocessor, ROM, EEPROM and RAM. Sounds impressive, but simply this means that the on-board CPU can store, share and even process the held information in line with pre-programmed guidelines. This 'programmability' provides the flexibility required in order to allow the card to multi-task across a variety of applications.
Already there are various types of smart cards. These can be widely classified into two groups. The first is contact cards that are to be inserted into a card reader or terminal with a direct connection to the conductive micro computer chip on the surface of the card. The other main group is contact-free cards which only require close proximity to a reader.
Besides this broad type of classification, various categories of smart cards have been developed. The list is vast and generally is more closely directed to a specific application. From a technical perspective, however, they can generally be classified in their simplest forms as follows:
Integrated Circuit Microprocessor Cards
This type of card allows for the adding, deleting, or manipulating of the information held in memory. Essentially it equips a variety of applications with a dynamic reading and writing capability. Most mobile SIM card (Subscriber Identity Module) applications make use of this category of smart card
Integrated Circuit Memory Cards
This category of card can store data, but does not have the added processor on the card. Processing occurs within the link to the associated software and hardware used to read the information
Optical Memory Cards
This card can also only store data, but has a relatively larger memory capacity than the IC memory cards mentioned above. It might be interesting to cover a few types of smart card that are related to application.
Electronic Purse
This is an application of smart card whereby the card becomes a portable device which contains electronic money (also referred to as the electronic wallet or the stored value card)
Security Card
This type of smart card is specifically geared toward the Identity Management (IDM) software for remote access, secure sign-on, and digital ID cards
JavaCards
This type of smart card is capable of running JAVA byte codes. It is geared toward eventually being able to run some of the applications currently running on your PC
History of smart cards
Smart cards, it is shocking to note, have been around since the seventies. The evolution of the smart card has been a bit of a surprise. The intention was for them to be the successor of the magnetic stripe card and was basically to be used for debit and credit transactions within the financial sector. This has become, to date, only a very small portion of the application of the technology. The big bang conversion from the old technology in the financial sector has also not yet materialised.
Many factors have contributed to this slow migration, the most important being the initial cost of replacing the old infrastructure with the new. The cost of replacing the physical credit or debit cards with a new smart card is small in comparison to the expense of purchasing and installing thousands of card reader terminals and the software to run them. Consider this: In the United States of America alone there are over 14,000 banks. As you can imagine, each of these banks has their own business flow. The logistics of getting all these banks to conform to one technology in order to be fully integrated will be a near impossible task. It becomes obvious that we would need to go through a phase of catering to both the old magnetic stripe and the newer smart card technology from the same terminal.
EMV and ISO Standards
Once again, it is necessary to reiterate the importance of conformity when talking in global terms. Whether you are shopping in Switzerland, the Maldives or Ghana, you would need your new smart card to be read by the hardware installed in the merchant site. For the ease of this process it has become necessary for standards to be enforced with manufacturers of these cards across the world.
Even though discussions started already in 1993 and the first EMV standards were set by 1994, the EMVCo was formed in 1999 by Europay International, MasterCard International and Visa International. It was formed to manage, maintain and enhance the EMV Integrated Circuit Card Specifications for all payment systems around the world.
The purpose of this group was to create standards for the manufacture of smart cards in payments businesses around the world. These standards are based specifically on ISO 7816, which is the world standard for contact smart cards. This was to maintain full interoperability of payments smart cards from one country to the next. Another big requirement in setting standards was to reduce online authorisation by using the on-board data. It also has to allow for offline cardholder verification at the Point of Sale (POS) terminal. This would then, in turn, significantly reduce fraud. In order to set these standards, EMV had to focus on the cards, the terminals or readers and also the applications to utilise the cards and/or terminals.
Shakers and movers
There are significant applications of the smart card already in existence across many industries. The list given here serves only to explain the ability of various types of smart cards.
Germany has deployed millions of smart cards for use in public health services. Due to its offline functionality, it is even being considered and developed locally for the administration of anti-retroviral drugs, mostly for rural areas.
National identification and voting
It is envisaged that the new ID card (smart, of course) in South Africa will soon replace the current green ID documents. This will further enhance the progress made using barcodes for voting registration.
Entertainment
If you are using a digital satellite service in your home or any similar such service, you are using smart card for your broadcasting needs. The information could be changed to, for instance, allow you to view the live broadcast of your favourite musician.
Telecommunications
Cellular phones use smart cards in the form of Subscriber Information Module (SIM) cards.
Travel and transport
The smart card is being used in a range of ways for the convenience of travelling with public transport in Europe. It allows for the user's travel trends to be followed, which will allow for new products or travel packages to be marketed. It also allows, at certain airports, for an airline to track where a specific commuter is when he/she has failed to board a flight. More locally, we have been using the ADO parking system for a number of years already. This card is bought with a certain amount of parking 'cash' loaded.
When the limit is reached the cardholder can have the same card recharged at various outlets.
Banking
Entire countries in Europe have the system in place already.
© Banker Middle East 2006
