Information Security

Defending the digital infrastructure


Top three benefits of smart cards

With a greater understanding of smart cards benefits, consumers are more likely to entertain the idea of using them and transition away from magnetic stripe cards.

Smart cards may look like any other plastic card with a magnetic stripe on the back, but they're a radically different technology. While consumer advertising has tried to downplay the differences between smart cards and normal credit cards -- other than to tout them as "safer" -- the differences are what make smart cards worth considering.

1. Persistent, protected storage. Persistent storage is an obvious piece of the smart card, and one that makes it similar to an ordinary mag-stripe card. Smart cards have memory; how much memory depends on the application, but 4K to 32K is typical. While this is dramatically more than what can be stored on a mag-stripe card, the key to the storage is protection: You can't just wipe the card against a reader and expect to pull everything off it. While experts have determined that a scanning electron microscope can circumvent the protection built into a smart card, this is not the kind of tool you can pick up at Radio Shack.

2. Processing power. Most smart cards have a small CPU, which means that they can do things other than parrot data stored in the card. The CPU can protect the information, for example, by requiring the user to enter a PIN code. Here's where smart cards have a huge advantage over mag-stripe cards: the CPU can count. Get the PIN code wrong seven times, and the CPU may refuse to let you try again for an hour or a day. Or, with some applications, the CPU may simply wipe the information if you get it wrong too many times, or force you to call a customer support number to retrieve a special unlock code.

In fact, the smart card may never have to actually give up the data at all. For example, when smart cards are used with X.509 digital certificates for applications such as VPN or Windows 2000 authentication, the private key part of the public/private key pair linked to the certificate never leaves the card. The private key is generated by a random number generator on the card, and when data needs to be signed with the private key, the card does the signing.

3. Packaging. While they're not as cheap as credit cards to manufacture, in moderate quantities of 100 or so, smart cards will cost less than $10 each, making them dramatically less expensive than other authentication technologies, such as digital tokens.

The smart card can come in different form factors to work with a wide range of devices. Smart cards were originally modeled on credit cards and were built the same size. American Express' Blue is an example of a combination smart/credit card. But smart cards are used around the world in GSM cellphones (ubiquitous in Europe and available in the U.S.). Those smart cards are cut down to a size little larger than the familiar multipad connector to fit the small handsets. Some wireless LAN adapters, such as Nokia's C110 (, have small smart card readers to carry configuration data or authentication information.

Inexpensive (less than $50) smart card readers are now available for PCMCIA, serial and USB connectors on personal computers. The packaging doesn't even have to be in the shape of a card. For example, Rainbow Technologies has combined a smart card with its own USB reader in its iKey product, a single token smaller than your thumb.

Article 2 of 13
This was last published in March 2002

Dig Deeper on Two-factor and multifactor authentication strategies

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Anything with this much added security is a wonderful advance. Yet the nay-sayer in me wonders if we really need/want yet another card to carry. No doubt this advanced technology will ultimately get incorporated into smart phones. One device, no extra cards to carry. Ultimately we should be able to chuck our entire wallet and carry everything in our phone..
The common use of smart cards in the US is way overdue - Europe has been widely using EMV for years. We entrust our money's security to technology from the late 60s.
In the nutshell, a card is just another "username/password" for accessing of an account, in this case, in a financial institution. The merchant uses its own hardware, software, and network connection to process a transaction. If we go mobile we don't even need that.

Get More Information Security

Access to all of our back issues View All