Minerva Studio - stock.adobe.com
Smart cards may look like any other credit card with a magnetic stripe on the back, but don't be fooled -- they are a radically different technology. Smart cards are equipped with tamper-resistant microprocessors that can store authentication data. They can be used in various electronic processes, including authentication, access control, sensitive data encryption and personal identification. Additionally, a smart card containing a person's banking information can be used to make secure financial transactions.
In a security context, this technology is widely used to enable two-factor authentication (2FA). 2FA is more secure than simple password protection because it requires something a user knows and something she has in order for access to be granted. Due to the security benefits of smart cards and the increased use of online payment transactions, the smart card market is expected to reach $21.57 billion by 2023 from $14.22 billion in 2018, according to a MarketsandMarkets report.
While consumer advertising has tried to downplay the differences between smart cards and traditional credit cards -- other than to tout them as "safer" -- the differences are what make smart cards worth considering.
Benefit #1: Persistent, protected storage
Persistent storage is one advantage of smart cards. How much memory a card has depends on the application, but 1 KB to 256 KB is typical. This is dramatically more than the approximately 150 bytes that can be stored on a magnetic stripe card. The increased capacity also accommodates encryption capabilities.
Once information is stored on a smart card, it is difficult to erase, alter or delete -- whether intentionally or accidentally. What makes the card smart is that not only does the microprocessor store data, but it also has its own OS that can process data in real time.
Unlike traditional magnetic stripe cards, smart cards are generally resistant to electronic interference and magnetic fields. Because of the smart card storage's resiliency, the technology is attractive for use cases involving sensitive data that must not be reproduced or breached. Due to the security risks associated with magnetic stripe cards, as well as a shift to the EMV (Europay, Mastercard and Visa) global online payment standard, almost all credit cards today are fitted with smart card technology.
Benefit #2: Processing power
As most smart cards have a small CPU, they are capable of more than parroting data stored in the card. For example, the CPU can protect the information by requiring the user to enter a PIN. One significant security benefit of smart cards is that the CPU can count -- the same cannot be said about magnetic stripe cards. For example, enter the smart card PIN wrong seven times and the CPU may refuse to let the user try again for a specified period, such as one hour or one day. In some applications, the CPU may wipe the stored information if the PIN is entered wrong too many times or force the user to call a customer support number to retrieve a special unlock code.
In fact, the smart card may never have to give up the data at all. In some cases, the private key portion of the public-private key pair linked to the certificate never leaves the card. The private key is generated by a random number generator on the card, and when data needs to be signed with the private key, the card does the signing.
Benefit #3: Packaging
The third advantage of smart cards is the packaging. Smart cards are usually made of plastic -- apart from the embedded microprocessor -- which is inexpensive to produce. While they are not as cheap as credit cards to manufacture, in moderate quantities of 100, for example, smart cards will cost less than $10 each. Inexpensive smart card readers are also available for less than $50. This makes the smart card system dramatically less expensive than digital tokens and other authentication technologies.
Smart cards were originally modeled on credit card dimensions and materials. ID-1 of the International Organization for Standardization and International Electrotechnical Commission's 7810 standard specifies a size of 85.60 by 53.98 millimeters for identification cards. Smart card technology conforms with these standards as well.
Potential disadvantages of smart cards
Like any technological innovation, there are potential security drawbacks to smart cards. Their initial costs -- and costs of the card readers -- will have to be weighed against the benefits of smart cards. There is also the risk of man-in-the-middle attacks, in which a bad actor can intercept communication between the server and authentication system.
Additionally, there may be confusion about who is responsible for this technology's security. For example, in a case where a credit or cash balance on a smart card is erased, users may have questions about who is responsible -- they, the cardholder or the bank. It is important for companies to explicitly state their responsibilities in the event of a lost card, damaged card or other security incident. Going forward, this may also help users become less wary of the technology as well.