Minerva Studio – stock.adobe.com
Smart cards may look like any other credit card with a magnetic stripe on the back, but don’t be fooled — they are a radically different technology. Smart cards are equipped with tamper-resistant microprocessors that can store authentication data. They can be used in various electronic processes, including authentication, access control, sensitive data encryption and personal identification. Additionally, a smart card containing a person’s banking information can be used to make secure financial transactions.
In a security context, this technology is widely used to enable two-factor authentication (2FA). 2FA is more secure than simple password protection because it requires something a user knows and something she has in order for access to be granted. Due to the security benefits of smart cards and the increased use of online payment transactions, the smart card market is expected to reach $21.57 billion by 2023 from $14.22 billion in 2018, according to a MarketsandMarkets report.
While consumer advertising has tried to downplay the differences between smart cards and traditional credit cards — other than to tout them as “safer” — the differences are what make smart cards worth considering.
Persistent storage is one advantage of smart cards. How much memory a card has depends on the application, but 1 KB to 256 KB is typical. This is dramatically more than the approximately 150 bytes that can be stored on a magnetic stripe card. The increased capacity also accommodates encryption capabilities.
Once information is stored on a smart card, it is difficult to erase, alter or delete — whether intentionally or accidentally. What makes the card smart is that not only does the microprocessor store data, but it also has its own OS that can process data in real time.
Unlike traditional magnetic stripe cards, smart cards are generally resistant to electronic interference and magnetic fields. Because of the smart card storage’s resiliency, the technology is attractive for use cases involving sensitive data that must not be reproduced or breached. Due to the security risks associated with magnetic stripe cards, as well as a shift to the EMV (Europay, Mastercard and Visa) global online payment standard, almost all credit cards today are fitted with smart card technology.
As most smart cards have a small CPU, they are capable of more than parroting data stored in the card. For example, the CPU can protect the information by requiring the user to enter a PIN. One significant security benefit of smart cards is that the CPU can count — the same cannot be said about magnetic stripe cards. For example, enter the smart card PIN wrong seven times and the CPU may refuse to let the user try again for a specified period, such as one hour or one day. In some applications, the CPU may wipe the stored information if the PIN is entered wrong too many times or force the user to call a customer support number to retrieve a special unlock code.
In fact, the smart card may never have to give up the data at all. In some cases, the private key portion of the public-private key pair linked to the certificate never leaves the card. The private key is generated by a random number generator on the card, and when data needs to be signed with the private key, the card does the signing.
The third advantage of smart cards is the packaging. Smart cards are usually made of plastic — apart from the embedded microprocessor — which is inexpensive to produce. While they are not as cheap as credit cards to manufacture, in moderate quantities of 100, for example, smart cards will cost less than $10 each. Inexpensive smart card readers are also available for less than $50. This makes the smart card system dramatically less expensive than digital tokens and other authentication technologies.
Smart cards were originally modeled on credit card dimensions and materials. ID-1 of the International Organization for Standardization and International Electrotechnical Commission’s 7810 standard specifies a size of 85.60 by 53.98 millimeters for identification cards. Smart card technology conforms with these standards as well.
Like any technological innovation, there are potential security drawbacks to smart cards. Their initial costs — and costs of the card readers — will have to be weighed against the benefits of smart cards. There is also the risk of man-in-the-middle attacks, in which a bad actor can intercept communication between the server and authentication system.
Additionally, there may be confusion about who is responsible for this technology’s security. For example, in a case where a credit or cash balance on a smart card is erased, users may have questions about who is responsible — they, the cardholder or the bank. It is important for companies to explicitly state their responsibilities in the event of a lost card, damaged card or other security incident. Going forward, this may also help users become less wary of the technology as well.
VPNs are nearly ubiquitous, but does your organization know how to deploy one? Learn about use cases, requirements, deployment …
Citizens Broadband Radio Service enables private LTE networks and supports enterprise WAN deployments. But that doesn’t mean …
Despite claims that VPNs are on their way out of enterprise networks, to be replaced by alternative technologies, research …
The market research firm said enterprise IT spending will endure in a tough economy, but noted an emphasis on optimization, …
ESG considerations add a new dimension to IT purchasing criteria and, more broadly, could bridge the gap between business leaders…
Climate tech success hinges on the technology’s capability, the team behind the tech, and their vision for building a viable …
The latest Windows 11 update offers a tabbed File Explorer for rearranging files and switching between folders. The OS also …
A black screen can be a symptom of several issues with a Windows 11 desktop. Knowing where to look for the source of the problem …
Jamf is supporting zero trust with new features across its suite of Mac management software. The proliferation of remote work has…
AWS Batch enables developers to run thousands of batches within AWS. Follow this tutorial to set up this service, create your own…
Alloy, a new infrastructure platform, lets partners and Oracle-affiliated enterprises resell OCI to customers in regulated …
Dell dropped news at separate events this week — one that showcased edge management software, another that showed deepening HCI …
Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products
Google Cloud has seen its market share and revenue soar in recent quarters as enterprises flock to its platform, but …
Dutch defence lawyers say in an open letter that there is a risk of unfair trials unless they are allowed to test the reliability…
All Rights Reserved, Copyright 2000 – 2022, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info