What is a smart card?
A smart card is a physical card that has an embedded integrated chip that acts as a security token. Smart cards are typically the same size as a driver's license or credit card and can be made out of metal or plastic. They connect to a reader either by direct physical contact -- also known as chip and dip -- or through a short-range wireless connectivity standard such as radio-frequency identification (RFID) or near-field communication.
The chip on a smart card can be either a microcontroller or an embedded memory chip. Smart cards are designed to be tamper-resistant and use encryption to provide protection for in-memory information. Cards with microcontroller chips can perform on-card processing functions and manipulate information in the chip's memory.
Smart cards are used for a variety of applications but are most commonly used as credit cards and other payment cards. The payment card industry's support of smart cards for the Europay, Mastercard and Visa (EMV) card standard has driven the distribution of smart cards. Smart cards capable of short-range wireless connectivity can be used for contactless payment systems. They can also be used as tokens for multifactor authentication (MFA).
International standards and specifications cover smart card technology. Some of those standards and specs are industry-specific applications. In the United States, smart card technology conforms to international standards -- International Organization for Standardization/International Electrotechnical Commission 7816 and ISO/IEC 14443 -- backed by the Secure Technology Alliance.
The first mass use of smart cards was Télécarte, a telephone card for payment in French pay phones, launched in 1983. Smart cards are now ubiquitous and have largely replaced magnetic stripe -- also known as mag stripe -- card technology, which only has a capacity of 300 bytes of nonrewriteable memory and no processing capability.
How smart cards work
Smart card microprocessors or memory chips exchange data with card readers and other systems over a serial interface. The smart card itself is powered by an external source, usually the smart card reader.
Smart cards communicate with readers via direct physical contact or using RFID or another short-range wireless connectivity standard. The chip or processor on the card contains data that the card reader accesses. The processor on the card contains a basic operating system (OS) that lets the card hold, transmit and protect the data.
The card reader passes data from the smart card to its intended destination, usually a payment or authentication system, over a network connection.
Uses of smart cards
Smart cards are generally used in applications that must deliver fast, secure transactions. They can protect personal information in numerous situations, including the following:
- credit cards;
- other types of payment cards;
- corporate and government identification cards;
- transit fare payment cards; and
- e-documents, such as electronic passports and visas.
Smart cards, such as debit cards, are often used with a personal identification number (PIN). Organizations also use them for security purposes, as MFA tokens and for authenticating single sign-on (SSO) users and enabling passwordless authentication.
Types of smart cards
Smart cards are categorized based on criteria such as how the card reads and writes data, the type of chip used and its capabilities. They include the following types:
- Contact smart cards are the most common type of smart card. They are inserted into a smart card reader that has a direct connection to a conductive contact plate on the surface of the card. Commands, data and card status are transmitted over these physical contact points.
- Contactless cards require only close proximity to a card reader to be read; no direct contact is necessary. The card and the reader are both equipped with antennae and communicate using radio frequencies over a contactless link. The antennae are often a copper wire that wraps around the edge of the card.
- Dual-interface cards are equipped with both contactless and contact interfaces. This type of card enables secure access to the smart card's chip with either the contactless or contact smart card interfaces.
- Hybrid smart cards contain more than one smart card technology. For example, a hybrid smart card might have an embedded processor chip that is accessed through a contact reader and an RFID chip for proximity connection. The different chips may be used for different applications linked to a single smart card -- for example, when a proximity chip is used for physical access control to restricted areas and a contact chip is used for SSO authentication.
- Memory smart cards only contain memory chips and can only store, read and write data to the chip. The data on these cards can be overwritten or modified, but the card itself is not programmable. So, data can't be processed or modified programmatically. These cards can be read-only and used to store data such as a PIN, password or public key. They can also be read-write and used to write or update user data. Memory smart cards can be configured to be rechargeable or disposable, in which case the data they contain can only be used once or for a limited time before being updated or discarded.
- Microprocessor smart cards have a microprocessor embedded onto the chip, in addition to memory blocks. A microprocessor card may also incorporate specific sections of files where each file is associated with a specific function. The data in the files and the memory allocation are managed with a smart card OS. This type of card can be used for more than one function and usually enables adding, deleting and otherwise manipulating data in memory.
Smart cards can also be categorized by their application, such as credit card, debit card, entitlement or other payment card, authentication token and so on.
Advantages of smart cards
Smart cards offer several advantages, such as these:
- Stronger security. Smart cards provide a higher level of security than magnetic stripe cards because they contain microprocessors capable of processing data directly without remote connections. Even memory-only smart cards can be more secure because they can store more authentication and account data than traditional mag stripe cards. Smart cards are generally safe against electronic interference and magnetic fields, unlike magnetic stripe cards.
- Information persistence. Once information is stored on a smart card, it can't be easily deleted, erased or altered. That is why smart cards are good for storing valuable data that should not be reproduced. However, applications and data on a card can be updated through secure channels, so issuers do not have to issue new cards when an update is needed.
- Multiple uses. Multiservice smart card systems let users access more than one service with one smart card.
Disadvantages of smart cards
While smart cards have many advantages, there also drawbacks, including the following:
- Cost. The cards and the smart card readers can be expensive.
- Compatibility. Not all smart card readers are compatible with all types of smart cards. Some readers use nonstandard protocols for data storage and card interface, and some smart cards and readers use proprietary software that is incompatible with other readers.
- Security vulnerabilities. Smart cards are secure for many applications, but they are still vulnerable to certain types of attack. For example, attacks that can recover information from the chip can target smart card technology. Differential power analysis (DPA) can be used to deduce the on-chip private key used by public key algorithms, such as the Rivest-Shamir-Adleman (RSA) algorithm. Some implementations of symmetric ciphers are vulnerable to timing attacks or DPA. Smart cards may also be physically disassembled in order to gain access to the onboard microchip.
Examples of smart cards
Examples of smart card applications include the following:
- Payment cards, including debit and credit cards issued by commercial credit card companies and banks, are used for financial transactions.
- Electronic benefits transfer cards are used for distribution of government benefits, such as the U.S. Supplemental Nutrition Assistance Program.
- Transit cards let local and regional transit systems process payments, as well as give riders points on their purchases.
- Access control cards enable schools, companies and government entities to control access to physical locations.
- Smart health cards help medical facilities securely store patient medical records.
- SIM cards, used inside of digital cameras and smartphones, store media and other data.
Future of smart card technology and applications
Smart cards are ubiquitous in the payment card industry, and they are widely used for business applications. They are likely to become a common alternative to passwords for authentication. It is also likely that the standard, wallet-sized smart card will be replaced with a smaller alternative.
As the financial industry changes, so will smart card uses and applications. As blockchain technology gains traction, smart cards are beginning to be used as wallets and payment cards for cryptocurrencies.
Security is a key benefit of smart cards. The technology makes it difficult to take personal credentials directly from the physical card. Unfortunately, cybercriminals have myriad ways of attaining this information. Learn how cybercriminals steal credit card information in the age of smart cards.