Frequently Asked Questions
Identical in size and feel to credit cards, smart cards stored information on an integrated microprocessor chip located within the body of the card.
These chips hold a variety of information, from stored (monetary)-value used for retail and vending machines, to secure information and applications for higher-end operations such as medical/healthcare records. New information and/or applications can be added depending on the chip capabilities.
Different types of cards being used today are contact, contactless and combination cards.
Contact smart cards must be inserted into a smart card reader. These cards have a contact plate on the face which makes an electrical connector for reads and writes to and from the chip when inserted into the reader.
Contactless smart cards have an antenna coil, as well as a chip embedded within the card. The internal antenna allows for communication and power with a receiving antenna at the transaction point to transfer information. Close proximity is required for such transactions, which can decrease transaction time while increasing convenience.
A combination card functions as both a contact and contactless smart card.
What are the benefits of smart cards over magnetic stripe cards?
Smart cards allow thousands of times the information storable on magnetic stripe cards. In addition, smart cards are more reliable, perform multiple functions and are more secure because of high security mechanisms such as advanced encryption and biometrics.
Smart cards can and will hold a large amount of personal information, from medical/health history to personal banking and personal preferences. What steps need to be taken, and by whom, to guarantee the privacy of that information to the card holder?
Privacy is a technology-neutral issue. It doesn't matter whether information is recorded on paper in a doctor's office file or resides in a payroll application on a mainframe computer. It is important to consider the privacy of information form the time it is collected, through the life of its use and until the time it is no longer needed and securely destroyed. It is not enough to protect information on a smart card. You must be equally concerned about all forms of the information from the original format in which it was collected (often paper form) to any and all backups and centralized database copies.
The responsibility for the protection of the data belongs to the organization that requests it from the individual. Their staff must understand Fair Information practices and follow them. There are many considerations beyond the typical analysis of who may read, change, delete, or add information. The Information and Privacy Commissioner/Ontario and the Advanced Card Technology Association of Canada have jointly developed a procedure called "Smart, Optical and Other Advanced Cards: How to do a Privacy Assessment." The first of its kind in the world, this procedure is designed for card application developers and helps them to understand privacy principles, build privacy protection into their applications and document their steps. For more information, contact ACT Canada at (905) 683-1442.
*"Quarterly Question," Smart Link, "Volume 1, Number 3, 1997. Catherine A. Johnston, President and CEO, the Advanced Card Technology Association of Canada (ACT Canada).
Smart card Java platforms are capable of running multiple applications and are intrinsically secure. What, then, is causing delay in implementing Java as the standard for interoperable smart cards?
Java is all card manufacturers' undisputed interoperable language of choice for running multi-application smart card platforms. It is the most secure general purpose language that allows multiple applications to share smart card resources. Nearly all smart card application providers using another interpreted language have announced commitments to Java.
Nevertheless, because Java would not run with acceptable performance on a simple PC/AT, smart card components and operating systems needed to be retooled to offer correct response time at an acceptable price. This effort is now well underway, beyond the existing evaluation tools, and is available to 8-bit and 32-bit micro-controllers. Commercial products for large roll-outs should be soon available.
Java, however, is only a language, and even though an API has been defined by the Java Card Forum, applications are still defined "at the interface" between the smart card and the terminal, using conventional command exchanges. Most times, the terminal does not know Java is the language used by the card and may not be Java aware at all.
Using Java to develop applets in the card has simplified the development of applications for smart cards, but only preliminary work has been done on a main issue facing multi-application cards: secure distribution of applets through a very diversified network to cards not issued by the application issuer. We are slowly moving from a 'card issuing mentality" to an "application issuing concept," and adapting to this new paradigm will take more time and effort than using a given language in a card, as it impacts the terminals, the network and many well established marketing habits.
**"Quarterly Question," Smart Link, "Volume 2, Number 1, 1998. Gilles Lisimaque, Chief Technology Officer for Gemplus, and SCIA Security Committee Chairman.
How many smart cards have been issued worldwide, and what is the projected
growth for the year 2000?
In 1996, approximately 805 million smart cards were issued, with an estimated 2.8 billion to be distributed in 2000. The distribution is:**
Card Application |
1996* |
2000* |
Average Annual |
|||
Pay Phone |
605 |
1,500 |
29% |
|||
GSM |
20 |
45 |
25% |
|||
HealthCare |
70 |
120 |
14% |
|||
Banking |
40 |
250 |
105% |
|||
Identity/Access |
20 |
300 |
280% |
|||
Transportation |
15 |
20 |
247% |
|||
Pay TV |
15 |
75 |
80% |
|||
Gaming |
5 |
200 |
780% |
|||
| Metering/Vending |
10 |
80 |
140% |
|||
| Retail/Loyalty |
5 |
75 |
280% |
|||
|
|
||||||
What is the world wide distribution of smart cards and what applications are
prevalent geographically?
Smart cards are most prominent in Western Europe, which holds 70% of the market. Worldwide distribution is:**
| Region |
1996 |
2000 |
||||
| North America |
3% |
12% |
||||
| South America |
11% |
10% |
||||
| Western Europe |
70% |
40% |
||||
Asia |
10% |
30% |
||||
Restf World |
6% |
8% |
||||
| **Source: Phoenix Planning & Evaluation | ||||||
What is contained in the ISO 7816?
ISO 7816 Integrated Circuit Cards with Electrical Contact
The International Standards Organization (ISO) facilitates the creation of voluntary standards through a consensus-building process that is open to interested participants. ISO 7816 is the international standard for integrated-circuit cards (commonly known as smart cards) that use electrical contacts. Anyone interested in obtaining a technical understanding of smart cards needs to become familiar with what ISO 7816 does NOT cover as well as what it does.
ISO 7816 does not address smart card applications. Most current and planned applications require custom files and coding. However, there are efforts under way to create common application standards. The most prominent current example is the cooperative development of financial payments standards by Europay International, MasterCard International and Visa International (EMV).
ISO has six parts. Some have been complete; others are currently in draft stages.
What are the leading applications/projects to date?
Carte Bancaire in France, 22 millions of cards delivered. Chip is used to authenticate the card dynamically.
Telecarte in France, the first large-scale stored value chipcard application. Chip contains just the memory.
Health insurance card in Germany, memory card is issued to every German citizen.
The number of different Smart Card based payment system pilots is estimated to 40 (ESCAT'94)
A sensible description of application areas and valuable characteristics of Smart Cards in these areas is needed here. Anybody willing to write it?
The basic contact smart card standard is the ISO 7816 series, part 1- 10 while contactless cards will be governed by the ISO 14443 standard. These standards are derived from the identification card standards and detail the physical, electrical, mechanical, and application programming interface. Below is a list of the contact card standards.
Note: IS denotes standards which have been approved, while DIS refers to
drafts pending approval.
| designed by Baytel | Copyright © 2001 Smart-ISO-Products. All rights reserved |