Editor’s note: Ed Crockett writes on technology trends that are of interest to entrepreneurs and the tech community each Monday in Local Tech Wire.

The invasion of the smart cards is well underway, and the front runners … American Express, Master Card, and Visa … are already here. Europeans have unwittingly field-tested smart card technology for us with no major problems revealed. However, as
American business begins to look seriously at this technology, security considerations
should not be ignored.

What they are

The smart cards discussed here are the credit card-sized pocket cards, not the variety used in mobile phones, although the technology is the same. Smart card capabilities can go way beyond the functionality of the standard credit card. A smart card can simultaneously be an insurance card, a patient information card, an access card at a mass transit gateway, a credit card and much more. Some smart cards can be packed with personal information about the card owner, and they can contain real computing power, complete with wireless communications.

There are “contact” smart cards and “contactless” smart cards, and there are processor-based smart cards and memory-only smart cards. Defining a smart card then requires some specificity, but in any case, one or more of these likely figures into your future.

Contact smart cards require insertion into a special smart card reader because they communicate through magnetic interaction with reader. Contactless smart cards, on the other hand, communicate wirelessly and do not require insertion into a reader, although they do require close proximity to a special smart card reader or receiver. Contactless smart cards represent the leading edge of this new wave of devices.

A high-end smart card comes complete with processor, operating system, random-access memory (RAM), permanent storage in the form of erasable programmable read-only memory (EPROM), a radio transceiver and antenna. All of this is packaged within a pocket card and at a cost of around $4.

Smart cards are actually tiny elements of a much bigger entity: pervasive computing, which was the subject of a recent article appearing in this column. Smart cards fit nicely into a world in which the computer is omnipresent yet invisible … they are pervasive devices. As reported previously, pervasive devices are at once very functional and invisible, omnipresent and always on.

What they do

Basically, smart cards provide data portability. It is sometimes important that information
accompany the object of the information … the owner of the card. Smart cards are particularly adept in situations requiring fast, accurate processing, such as at a mass
transit gate. At some point, smart cards may play a role in airport security.

The more robust cards, the contactless ones, are always on and need only to be aroused by the energy from a compatible card reader nearby. These cards are layered such that circuitry … processor, transceiver and antenna … is sandwiched between the front and back layers.

American Express was the first U.S. company to offer smart cards on a large scale. Blue from American Express was offered in 1999. Another example of smart card usage can be found at the University of North Carolina at Greensboro, where students and faculty enjoy an all-in-one card that functions as ID, debit, library and meal card.

How secure?

We security-conscious Americans lean on the side of caution when it comes to trusting things … things we don’t understand and things we understand well enough that we view them with distrust. This cautionary approach has served us well and seems appropriate where smart cards are concerned.

Security concerns with smart cards are criminal type-dependent. The common street thief is not likely to get much use out of a smart card. Real pros, like corporate hackers and terrorists, can gain access with the right equipment and knowledge. Physically accessing the data within the EPROM is relatively easy, but breaking down the cryptic language within is quite another story. Still, as we have learned throughout the history of encryption, codes can be broken.

Probably the most secure smart card available in the United States is Sun Microsystems’
Java Card, which has been adopted for use by the Department of Defense, American Express and VISA.


If you know what data is stored in your smart card and you feel that exposing that data to criminal hands would be unfortunate and inconvenient but not devastating, then maybe the card is right for you. On the other hand, if absolute secrecy of your information is necessary or you need fail-safe assurance of integrity, you might want to hold off a bit longer. A final caveat: Know what information about you or your business is encoded within the card and know that information is not totally invulnerable.