A smart card, also known as an ICC (integrated circuit card) or a chip card, is a card the size of a credit card that usually holds a computer chip containing a microprocessor embedded in it, able to receive and process data. While some smart cards are used for identification, others are used to hold important records or for transactions, and they have been put to uses including financial transactions, security systems, loyalty programs, and satellite TV. In all cases, smart card security is an important issue. A smart card is like a magnetic-stripe card on steroids. It has at least 80 times the memory of a magnetic-stripe card, and the microprocessor allows smart cards, unlike magnetic-stripe cards to be read and updated when they’re used.
The magnetic-stripe card has certain security issues. The data is stored in the stripe, and the strip can be easily accessed, and written, deleted, or edited. The verification and processing system for credit cards is built to protect the information on the vulnerable card. Smart card security takes a different approach. It relies on the microprocessor in the card guarding access to the data stored on the card.
The smart card does, however, have areas of vulnerability. While contactless cards are read by a low-powered laser, the contact cards are read by swiping them through a card reader. In 2009, researchers at Radboud University, in the Netherlands, discovered how to use the information that the MIFARE card reveals while establishing the user’s legitimacy to decrypt “secure” information. Nevertheless, experts say that that smart card technology has evolved since the MIFARE cards were first made in 1995, and the manufacturer of MIFARE Plus, the successor to the card that was tested, is working with researchers to improve their smart card security.
Efforts to improve smart card security are ongoing. In February, 2010, Giesecke & Devrient GmbH and Oberthur Technologies SA, two smart card manufacturers, teamed with Infineon Technologies AG and Inside Contactless SA, two chip suppliers, to call for a new smart card security solution.