The Evolution of Smart Card Technology

In a world where every well-intended advance in technology has a habit of soon being followed by someone finding a way to abuse it, it has become imperative to find an all-encompassing and secure solution to service virtually all facets of modern life.

Try to imagine a world with no keys, no wallet containing numerous ATM cards, credit and debit cards, retails cards, wads of cash (if you are so lucky), identification books, cards and papers.  Add to this list of unnecessary items your driver’s license, passport, medical aid membership card, health club membership card and various papers that tell you the statuses of all the above mentioned.  Now imagine all those components combined into one single physical card with a minute embedded gold-colored computer chip.  Sounds impossible?  In fact, one could go as far as calling it inevitable.

A Smart Alternative

Credit card fraud has long been the bane of banks around the globe.  And now, with internet shopping becoming more popular by the nanosecond, it has become extremely high priority to try and stabilize this thorn in the side of the financial sector.  The most notable benefits of smart cards must be their off-line functionality, the enhanced security and anti-fraud features and their ever-developing ability toward data manipulation.

The aim of finding more secure authentication methods would be to prevent the ease with which the older, signature based payment forms have been replicated and fraudulently used to date.  As an example, if a password is compromised it is a simple matter for an unauthorized hacker to gain access to a “protected” system.  But when the access to that same system also requires the physical presence of a computer chip smart card to be inserted into a reader, life is made that much more difficult for the would-be fraudster. Couple this with the further authentication using a Personal Identification Number (PIN) and the process becomes even more water-tight. What makes it even more attractive than the magnetic stripe security is the fact that, as soon as the security is compromised in any way, one can upgrade the software on the card without replacing the card.

The biggest surprise in the production of smart card, however, has to be the widespread spectrum of industries climbing onto the bandwagon.  It affects our daily lives and will become more evident very shortly.  Since it can be used for any application requiring the transportation of information or data authentication, it would seem that the original use of payments authentication has fallen somewhat behind already.

What is the Smart Card?

The smart card typically looks very much like its predecessor, the magnetic stripe card.  But rather than the magnetic stripe it is embedded with a small computer chip, often visible.  It is still capable of storing information like the magnetic strip card.  But, and here is the main difference, the smart card’s computer chip can be programmed to perform tasks after the initial production.  Unlike its predecessor the data stored in the chip can be manipulated and changed, thereby creating a mini “computer card”, for lack of a better description.

The embedded chip can consist of a simple EPROM memory (e.g. telephone call-cards use this).  In more advanced forms it can also include an 8-bit microprocessor, ROM, EEPROM and RAM.  Sounds impressive, but simply this means that the on-board CPU can store, share and even process the held information in line with pre-programmed guidelines.  This "programmability" provides the flexibility required in order to allow the card to multi-task across a variety of applications.

Already there are various types of smart cards.  The types can be widely classified into two groups.  The first is contact cards that are to be inserted into a card reader or terminal with a direct connection to the conductive micro computer chip on the surface of the card.  The other main group is contact-free cards which only require close proximity to a reader.

Besides this broad type of classification, various categories of smart cards have been developed.  The list is vast and generally is more closely directed to a specific application.  From a technical perspective, however, they can generally be classified in their simplest forms as follows:

• Integrated Circuit Microprocessor Cards - This type of card allows for the adding, deleting, or manipulating of the information held in memory.  Essentially it equips a variety of applications with a dynamic reading and writing capability.  Most mobile SIM card (Subscriber Identity Module) applications make use of this category of smart card.


• Integrated Circuit Memory Cards - This category of card can store data, but does not have the added processor on the card.  Processing occurs within the link to the associated software and hardware used to read the information.


• Optical Memory Cards - This card can also only store data, but has a relatively larger memory capacity than the IC memory cards mentioned above.

For the purpose of this forum it might be interesting to mention a few types of smart card which are related to application.

• Electronic Purse - This is an application of smart card whereby the card becomes a portable device which contains electronic money (also referred to as the electronic wallet or the stored value card).


• Security Card - This type of smart card is specifically geared toward the Identity Management (IDM) software for remote access, secure sign-on, and digital ID cards.


• JavaCards - This type of smart card is capable of running JAVA byte codes.  It is geared toward eventually being able to run some of the applications currently running on your PC.

History of Smart Cards

Smart cards, it is shocking to note, have been around since the 1970s.  The evolution of the smart card has been a bit of a surprise.  The intention for this bit of technology was originally to be the successor of the magnetic stripe card and was basically to be used for debit and credit transactions within the financial sector.  This has become, to date, only a very small portion of the application of the technology.  The big bang conversion from the old technology in the financial sector has also not yet materialized.

Many factors have contributed to this slow migration, the most important being the initial cost of replacing the old infrastructure with the new.  The cost of replacing the physical credit or debit cards with a new smart card is small in comparison to the expense of purchasing and installing of thousands of card reader terminals and the software to run it.  Consider this:  In the United States of America alone there are over 14,000 banks.  As you can imagine, each of these banks has their own business flow.  The logistics of getting all these banks to conform to one technology in order to be fully integrated will be a near impossible task.  It becomes obvious that we would need to go through a phase of catering to both the old magnetic stripe and the newer smart card technology from the same terminal.

As much as we would like to attribute our formidable progress in smart card technology to being technically advanced in world terms, the stronger argument would have to be the lower cost of manufacturing the cards and the hardware to use them in South Africa.  Various applications of smart card technology have occurred within South Africa for at least a decade.

EMV and ISO Standards

Once again, it is necessary to reiterate the importance of conformity when talking in global terms.  Whether you are shopping in Switzerland, the Maldives or even in Ghana, you would need for your new smart card to be read by the hardware installed in the merchant site.  For the ease of this process it has become necessary for standards to be enforced with manufacturers of these cards across the world.

Even though discussions started already in 1993 and the first EMV™ standards were set by 1994, the EMVCo was formed in 1999 by Europay International, MasterCard International and Visa International.  It was formed to manage, maintain and enhance the EMV™ Integrated Circuit Card Specifications for all payment systems around the world. The acronym, oddly enough, has been kept as EMV, despite the fact that Europay International is now absorbed by MasterCard International.  MasterCard International and Visa International each own 50% in EMVCo rather than the previous three-way split.

The purpose of this group was to create standards for the manufacture of smart cards in payments businesses around the world.  These standards are base specifically on ISO 7816, which is the world standard for contact smart cards.  This was to maintain full interoperability of payments smart cards from one country to the next. Another big requirement in setting standards was to reduce online authorization by using the on-board data.  It also has to allow for offline cardholder verification at the Point of Sale (POS) terminal.  This would then, in turn, significantly reduce fraud.  In order to set these standards, EMV had to focus on the cards, the terminals or readers and also the applications to utilize the cards and/or terminals.

Shakers and Movers

As mentioned previously, there are significant applications of the smart card already in existence across a multiple of industries.  The list given here serves only to explain the ability of various types of smart cards.  The list is given by industry with at least one example of its application.

• Medical Applications: Germany has deployed millions of smart cards for the use in public health services.  Due to its offline functionality, it is even being considered and developed locally for the administration of anti-retroviral drugs, mostly for rural areas.


• National Identification and Voting: The rese of the world could easily follow the European leader, Sweden, in this initiative.  Sweden uses smart card, or rather, Electronic Identification cards (EID) to ensure stronger user identification.  It uses encryption to keep communications confidential whilst still ensuring non-repudiation.


• Entertainment: If you are using a digital satellite service in your home or any similar such service, you are using smart card for your broadcasting needs.  The information could be changed to, for instance, allow you to view the live broadcast of your favorite musician.


• Telecommunications: Cellular phones use smart cards in the form of Subscriber Information Module (SIM) cards.  But besides this, South Africa also boasts a call card system that uses preloaded call amounts that allow users access to a number of public telephones without the fuss of finding correct change or, even worse, losing the physical money into the older coin operated models.


• Travel & Transport: The smart card is being used in an array of ways for the convenience of traveling with public transport in Europe.  It allows for the user’s travel trends to be followed, which will allow for new products or travel packages to be marketed.  It also allows, at certain airports, for an airline to track where a specific commuter is when he/she has failed to board a flight.


• Banking:  Entire countries in Europe have the system in place already.  The United States only have a few small trial installations.

Getting Smarter in the Future

Even when you realize that the smart card is a relatively mature solution in card production, one cannot deny that the card is still in its infancy when referring to the integration into Information Systems.

Now imagine all those components again, put together in a single little card with a pretty, gold-colored computer chip.  Only the following question remains: 

What should happen if I lose that very card, which is silently organizing my whole existence, as I go about my daily routine?

We may then begin to delve into the abyss of how we can ensure that our own private computer chip cannot get lost.  And that might be a headache of a completely different kind.