Smart Card Logic Catches On
Princeton Junction, NJ, October 14, 2002–Attendees were upbeat and justifiably optimistic about the future at the recently concluded Smart Card Alliance Annual Conference, where the Alliance announced that smart card module shipments to the U.S. and Canada had doubled in the first half of 2002 to 31.2 million, and total more than 120 million units since 1999.
“It is obvious there is a significant uptake of smart cards in the U.S.,” said Paul Beverly, chairman of the Alliance and vice president of smart cards and e-transactions, SchlumbergerSema. “With most U.S. wireless operators now using smart cards in their mobile phones, there is an insatiable demand for value added applications running on smart cards. What is really exciting, however, is the large number of other sectors that are now implementing smart card-based solutions,” said Beverly.
At the conference, speakers from government, enterprise IT, financial services, retail, entertainment and transit reported on their rapidly growing use of smart card technology to add convenience and solve common problems of identification, authentication and security.
In a keynote address, Lee Holcomb director of Infostructure from the Office of Homeland Security cited more than a dozen active smart card initiatives in transportation, defense, justice and other federal agencies. Holcomb said the U.S. government would broadly utilize smart cards to enhance the security of the nation’s governmental operations and infrastructure. “For example, smart cards can play a key role in making sure trusted travelers, workers and cargo can move efficiently into, out of and around this country,” said Holcomb. He also outlined his own strategy to use smart cards, adding, “One of our smart card priorities is providing physical and cybersecurity for Federal Homeland Security employees. After the Department of Defense Common Access Card (CAC), this may become the largest federal smart card program.”
An impressive series of speakers from several government agencies joined Holcomb in presenting how they are converging on the smart card as a single card solution for both physical access control and cybersecurity. Cybersecurity, also referred to as logical access control, is a catchall phrase that encompasses network sign-on, identification, encryption and digital signature. Smart cards are ideal for cybersecurity because they are a central component of a public key infrastructure (PKI), which in turn is rapidly becoming the cornerstone of IT security implementations. Smart cards can also securely store biometrics, another security technology that has the attention of both government and private sector policy makers.
Mary Dixon, director of the Department of Defense Access Card Office, presented the most advanced project. “We have issued over one million smart cards to date and are issuing 7,000 cards a day. We have 200,000 smart card readers installed and will have three million issued by next year. This is the largest PKI implementation that we know of.”
Other government organizations are actively pursuing similar plans. “The Department of Interior is increasing the security of our facilities and systems through the implementation of a smart authentication card,” said Robert Donelson, senior property manager of the Bureau of Land Management at the Department of Interior (DOI). The third largest law enforcement agency in the country, the DOI is beginning a program to issue smart cards and public key certificates to its 70,000 employees for use in physical access and IT security. As to the business case, Donelson said, “We did not have to sell our management on the cost benefits. They understand that failure to provide high levels of IT security presents unacceptably high levels of risk. Believe me we know that from experience.”
Similar government initiatives have been implemented in Canada as well. Gary Miller, vice president marketing and strategy for Qunara, a systems integrator in Canada, reported that the Canadian Department of National Defense (DND) had issued more than 80,000 smart cards and 56,000 readers in 250 locations worldwide as part of an end-to-end network solution. “The DND wanted to take advantage of public networks while maintaining security. The solution we implemented included smart cards and public key certificates,” said Miller, emphasizing the DND does not use public networks for any classified information.
As in government, more and more organizations in the private sector are turning to smart cards for security. At the conference, SchlumbergerSema presented lessons learned from their program to issue a hybrid contact and contactless ID card for both secure physical and logical access to its 80,000 global employees. Since the company is a leader in oil exploration and reservoir management services, “the security of information is of paramount importance to our clients and our company,” said Neville Pattinson, director of business development and technology for SchlumbergerSema. The company has put in place a solution that includes smart cards built on the same Open Platform standards as the DOD CAC card program combined with a contactless chip for physical access control. Applications include secure network logon and Web access, electronic signatures and encryption of email and documents. A complete system including card issuance, card management and PKI are in place, and more than 35,000 smart cards and 21,000 certificates are in use. So far 30 PKI-enabled Web applications have been deployed, and they expect to have 80 by year-end.
Financial Services and Retail
One of the largest sectors contributing to the rapid growth of smart cards in the U.S. is payment cards. Ted Iacobuzio, financial analyst for TowerGroup, estimated that 6% of all active credit cards in the U.S. are now chip cards. Although it may take up to ten years, Iacobuzio predicted that eventually the smart card is going to replace magnetic stripe cards for financial services.
Evolution, not revolution, was also the consensus view of other representatives of the financial services and retail sectors at the Alliance conference. Steve Van Fleet, senior vice president of product and business development for First Data Merchant Services, said, “The migration to chip is part of the natural infrastructure change. Progress is continually taking place. How many years this will take no one knows, but at some time we’ll see that we have critical mass and we’ll say ‘go.’”
Eric Dumois, vice president card association relations for Hypercom, agreed and reported that large retailers are preparing for the acceptance of smart payment cards by purchasing smart card ready terminals. “Fully 50% of all Hypercom payment terminals shipped in the U.S. are EMV certified and ready to download Hypercom’s EMV certified smart card applications,” said Dumois. EMV, an acronym for Europay, MasterCard and Visa, is the global standard for smart payment cards established jointly by the three organizations.
One major player that is taking the lead is Target Corporation who has already issued over seven million smart card cards and plans to accept the cards in their stores and on their Web site with a new loyalty application that includes electronic couponing. “I think the Target program is brilliant,” said TowerGroup’s Iacobuzio. “It is capitalizing on the early days of chip to get traffic. It is capitalizing on bricks and clicks. And they are addressing an issue that faces every major private card issuer–How do you get your high transactors out of a private card and into a MasterCard or Visa and keep them loyal? For Target the answer is smart cards,” he concluded.
Taking a completely different tack, Arthur Swanberg CEO of Stat Card said, “Our basic rule is if it’s not fun, punt! If there is one thing I would like to get you to start thinking about, it’s using entertainment as the catalyst for smart card expansion in the U.S.” His company launched Skateboarding Smart Trading Cards™ in January 2002 at the Toys ‘R Us in Times Square, now available in all 702 Toys ‘R Us stores. Later this year Stat Card will launch Mattel Hot Wheels™ smart cards. The shrink-wrapped products in stores let children use the cards with their PCs when they play games online and store points, trophies, moves and other information on the cards that they can carry around and show their friends with mini-readers. “We wanted to do something fun, and we found out that smart cards are the perfect solution. There is a pent-up demand for smart cards–people want to have fun with them,” added Swanberg.
Another sector moving towards smart cards is public transportation. Agapito Diaz, chair of the revenue management committee of the American Public Transit Association and vice president transit services for ACS, reported, “Most major cities have programs to replace their automated fare collection systems for the simple reason that they are old. In the next two or three years you will see new AFC systems that will use contactless smart cards in most major metropolitan areas.” Diaz said today there are 270,000 active smart cards in the Washington DC transit system, and programs are underway in San Francisco, Chicago and New York. New AFC systems that use smart cards are also planned in Atlanta, Seattle, Minneapolis and Los Angeles among other cities.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology. Smart card-based systems verify, authenticate and protect a cardholder’s identity and personal information. Major financial institutions, retailers, government agencies, healthcare organizations and enterprises use smart cards worldwide for secure identification, payment, transit and mobile telecommunications applications.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. For more information please visit http://www.securetechalliance.org.