Protecting Identities and Privacy with Smart Cards
News from the Mid-Winter Conference of the Smart Card Alliance
Princeton Junction, NJ, February 24, 2003–Speakers and attendees at the recently concluded Smart Card Alliance Mid-Winter Conference were all in agreement that applying technology to protect identities and the privacy of individuals presents an excellent market opportunity.
“The smart card industry is positioned ideally to address macro-trends in the growing smart card market,” said Paul Beverly, chairman of the Alliance and vice president of smart cards and terminals, Schlumberger. “While not everyone has settled on a direction, all agree the future is bright for smart cards–major industries like health care, transportation, financial/retail and information systems are now looking in earnest for solutions to the problems of privacy, identity verification and transaction integrity. That bodes well for our industry, because trusted identity credentials and trusted computing require exactly what smart cards deliver–secure, portable hardware.”
At the conference, speakers from enterprise IT, financial and retail, health care and government explored the mounting pressures to update the ways in which identities are created, recognized, delivered and protected. They also discussed a range of technology options under consideration for solving these problems.
Privacy and Security
One of the important themes reinforced by several speakers was the link between privacy and security. “Privacy is much more than data confidentiality. Security is a key component of privacy,” said keynote speaker John Sabo, manager of security, privacy and trust initiatives for Computer Associates.
That link was also a central theme for the panel of speakers that presented the newest white paper from the Smart Card Alliance, “Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology.” One of the points stressed in the paper is that using smart cards to securely limit access to information stored on information systems is an excellent way to protect the privacy of personal information stored there. This reduces the risks of relying solely on passwords, and facilitates limiting information access to the minimum necessary.
“The fact is that smart cards can be an excellent tool for protecting privacy,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “A smart card can be a personal, portable database, giving individuals control over their personal information. The strong security provides a ‘personal firewall’ that protects cardholder privacy by strictly limiting information access based on the specific situation. With the growing problem of financial identity protection and the need for increased privacy in healthcare, the advantages of smart cards as a tool for privacy become compelling.”
Financial and Retail
Presenters also discussed retail perspectives on identifying consumers and on new technologies that are expected to make inroads at physical stores. Jim Crawford, retail analyst for Forrester Research, Inc. took the position that consumers don’t care about privacy, they care about the abuse of privacy. As proof of his position, he pointed to how readily airline passengers will trade identity information for security, or online shoppers will trade identity for value in the form of coupons or “free” downloads. He further pointed out that 85% of primary grocery shoppers would like to use their loyalty card to get personalized promotions as they enter the grocery store.
Building on a holistic view of consumer attitudes, payment trends and retailing, Crawford predicts “a new concept of ‘financial identification’ will emerge in which payment devices will be used for identification when you enter the store as well as for payment when you leave.” He is particularly enthusiastic about RFID based payment solutions, calling it “a revolution in the making.”
Citing the early 2003 planned rollout of ExxonMobil’s Speedpass technology in the Stop & Shop grocery chain and the enthusiasm around the introduction of MasterCard’s PayPass, Crawford sees RFID as the “evolution of smart cards.” He also predicts that biometrics will be the evolution of PIN numbers, because tied to the card it enables payment providers to confirm that the card bearer is who they claim to be.
The increasing interest in contactless RF-based payment was also the focus of the panel of speakers presenting an upcoming white paper from the Smart Card Alliance, “Contactless Payment and the Retail Point of Sale.” This panel discussed successful implementations; retailer and issuer business benefits and costs, and described the different technologies that could be used to implement contactless payment. According to Michael Madden, vice president of e-Business development for MasterCard International, “Retailers see significant benefits with faster transaction times, increased revenue and better customer information” when using contactless payment. Ian Duthie, marketing manager of Atmel Smart Card ICs, described how smart cards offer an excellent choice, providing the “strongest security features versus all other contactless technologies.”
George Wallner, founder and chief strategist for Hypercom, also discussed the need for biometrics to combat fraud and identity theft. He described how a “zero knowledge” system could be implemented at the retail point-of-sale that would provide an approach to identity verification that is more acceptable to consumers. Comparing different options for applying fingerprint biometrics to payment cards, Wallner pointed to an important advantage of putting the biometric template on a smart card. “I believe storing biometrics on cards will be more acceptable to the public,” he said.
Two speakers from the healthcare industry described emerging needs that can be addressed by smart card technology. Dr. Archie Mays, founder of MedHealth, estimated that $40 to $70 billion of the $1.4 trillion health care cost for Americans is due to fraud. As the privacy and security laws surrounding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) go into effect on April 15th, 2003, Dr. John Butterworth, president of Security Sciences, Inc., predicts that medical industry companies will start asking for smart cards. “I think smart cards will become the chosen option,” he said.
Mary Dixon, director of the Department of Defense Access Card Office, presented an update on the CAC program. The DoD has now issued 1.8 million smart cards, and is issuing 9,000 to 12,000 per day from 1,300 issuance workstations in more than 15 countries. More than 150,000 workstations have now been equipped with readers and the software necessary to do logical access and log-on. Other applications are food service, manifesting and PKI-based electronic document signature and encryption.
Further demonstrating the momentum that smart card technology has developed in the United States government, Bill Holcombe of the GSA’s Office of Governmentwide Policy presented a list of more than 20 government smart card projects in various stages of implementation. He identified as the main driver a new urgency for better credentialing solutions as part of the post 9/11 need for greater security.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. For more information please visit http://www.securetechalliance.org.