A smart card is a physical card that has an inbuilt integrated chip that acts as a security token. Smart cards are mostly of the same size as a driving license or credit card. It can be made out of metal or plastic. It may connect to a reader either by direct physical contact (also called chip and dip) or through a short-range wireless connectivity standard such as radio-frequency identification (RFID) or near-field communication (NFC).
The chip on a smart card can be either a microcontroller or an embedded memory chip. Smart cards are designed to be tamper-resistant and use encryption to provide protection for in-memory information. Those cards with microcontroller chips can perform on-card processing functions and can manipulate information in the chip’s memory.
Smart cards are used for a variety of applications, though most commonly are used for credit cards and other payment cards. Smart cards capable of short-range wireless connectivity can also be used for contactless payment systems; they can also be used as tokens for multifactor authentication. International standards and specifications cover smart card technology, with some focused on industry-specific applications.
Smart cards are now ubiquitous and have largely replaced magnetic stripe (also known as “mag stripe”) card technology, which only has a capacity of 300 bytes of non-rewriteable memory and no processing capability.
Smart cards are generally used in applications that must deliver fast, secure transactions and protect personal information such as credit cards and other types of payment cards, corporate and government identification cards and transit fare payment cards. Smart cards are also sometimes used to function as documents such as electronic passports and visas.
Smart cards are often designed to be used with a PIN, for example, when they are used as debit or ATM cards. Organizations also use smart cards for security purposes; in addition to their use as multifactor authentication tokens, the cards can also be used for authenticating single sign-on users. Smart cards can be categorized on different criteria including by how the card reads and writes data, by the type of chip implanted in the card and by the capabilities of that chip. Some of the different of types of smart cards include:
Contact smart cards are the most common type of smart card. Contact smart cards are inserted into a smart card reader that has a direct connection to a conductive contact plate on the surface of the card. Commands, data and card status are transmitted over these physical contact points. Contactless smart cards require only close proximity to a card reader to be read; no direct contact is necessary for the card to function. The card and the reader are both equipped with antennae and communicate using radio frequencies over the contactless link. A contactless smart card functions by being put near the reader to be read. Dual-interface cards are equipped with both contactless and contact interfaces. This type of card enables secure access to the smart card’s chip with either the contactless or contact smart card interfaces.
Hybrid smart cards contain more than one smart card technology. For example, a hybrid smart card might have one embedded processor chip that is accessed through a contact reader as well as an RFID-enabled chip used for proximity connection. The two different chips may be used for different applications linked to a single smart card, as when the proximity chip is used for physical access to restricted areas while the contact smart card chip is used for single sign-on authentication.
Memory smart cards contain memory chips only and can only store, read and write data to the chip; the data on memory smart cards can be over-written or modified, but the card itself is not programmable so data can’t be processed or modified programmatically. Memory smart cards can be read-only and used to store data such as a PIN, password or public key; they can also be read-write and used to write or update user data. Memory smart cards can be configured to be rechargeable or disposable, in which case they contain data that can only be used once or for a limited time before being updated or discarded.
Microprocessor smart cards have a microprocessor embedded onto the chip in addition to memory blocks. A microprocessor card may also incorporate specific sections of files where each file is associated with a specific function. The data in the files and the memory allocation are managed with a smart card operating system. This type of card can be used for more than one function and is usually designed to enable adding, deleting and otherwise manipulating data in memory. Smart cards can also be categorized by their application, such as credit card, debit card, entitlement or other payment card, authentication token and so on.
Smart cards can provide a higher level of security than magnetic stripe cards as they can contain microprocessors capable of processing data directly without remote connections; even memory-only smart cards can be more secure because they can securely store more authentication and account data than traditional mag stripe cards. Another advantage of smart cards is that once information is stored on a smart card, it can’t easily be deleted, erased or altered. As such, smart cards are good for storing valuable data that can’t be — or shouldn’t be — easily reproduced.
Smart card technology is generally safe against electronic interference and magnetic fields, unlike magnetic stripe cards. In addition, applications and data on a card can be updated through secure channels so issuers do not necessarily have to issue new cards when an update is necessary. Multiservice smart card systems can enable users to access more than one different service with just one smart card.