Sticky Security: Smart Cards Versus Magnetic Stripe Credit Cards

In this video, MSNBC does a great job detaining some of the problems with Smart Cards.
(VIDEO COMING SOON)
It’s likely that you have seen a smart card, either using a smart card yourself or via watching someone else use one.


Basically the idea is that your information is held on a card which is more convenient to use (because you can simply wave it in front of a card reader), and harder to duplicate (because it has some very involved circuitry inside of it), as compared with magnetic stripe cards which are very easy to create duplicates from.
Watch the video though to see the risks associated with smart card technology.
Wikipedia defines smart cards the following way:

A smart card, chip card, or integrated circuit(s) card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed – by way of the ICC applications – and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting.

The jury is still out on this one for me.
Is it more secure to have a card that is harder to duplicate but is easier to get the information from, or is it better to have a traditional magnetic stripe card which is very easy to duplicate, but doesn’t contain any way of wirelessly transmitting your information?
Any thoughts welcomed.

 

Tags: , , , , ,

2 Responses to “Sticky Security: Smart Cards Versus Magnetic Stripe Credit Cards”

  1. Frank Avignone Says:

    A couple of notes; First of all the definition of smart cards needs to be clarified. There are Contact and Contactless smart cards. Some definitions of smart cards even leave contactless out of the “Smart Card” definition completely. Any responsible card integrator will apply appropriate encryption and access to card data to prevent any type of violation of private information. As an industry we also need to clarify the use or application of smart cards as well. In the banking industry smart cards will be utilized to secure transactions, in healthcare “Contact” cards may be used very effectively to transfer and provide role based secure access to vital information required to save a life. Many have argued that a mag stripe can be used the same way by simply having identifying numbers encoded to retrieve information from the back end computer systems. This works well until you are away from the back end system in an ER that cannot utilize the mag stripe. With contact smart cards access requires at least two factors of authentication unless there is an emergency then there is a privacy compliant emergency code for first responders. If there is no card reader then the Cell Phone you carry will more than likely contain a smart card in it, (GSM) and that phone may be utilized as the device that authenticates and displays emergency information about you that will save your life.
    As smart cards become more and more a part of our lives in the US we as individuals need to become more educated and not base our responses to the technology on a news report that was created to pull viewers in. If you want to become informed may I suggest you pay attention to the Smart Card Alliance, a non profit organization dedicated to supporting this technology and educating the public on there uses.
    Frank Avignone
    Chairman
    International Smart Card Alliance
    Healthcare Council

  2. Jonathan Says:

    Frank,
    Thanks very much for taking the time to post your thoughts on Smart Cards. Obviously, as the chairman of the council, you feel that smart cards are an important addition to our society. I agree that they will provide some great benefits (such as the one above I didn’t even think about – “If there is no card reader then the Cell Phone you carry will more than likely contain a smart card in it, (GSM) and that phone may be utilized as the device that authenticates and displays emergency information about you that will save your life.” – healthcare applications).
    Even though I know that all of our information is available and easily accessible for anyone who wants it, I still wonder about how carrying so much information with us will affect us… We can already see how devastating it is when someone loses a wallet with a driver’s license, or worse what happens when someone loses a passport. Making the information available via a radio frequency, Bluetooth signal, or other wireless/touchless means, no matter what the security standards are, still gives me some cause for thought of potential threats most people won’t think about, or even know about, until it’s too late to do anything to protect themselves.
    As you mention in your comment, education is the key. Individuals should take some time to visit the Smart Card Alliance to learn more about what they’re carrying in their wallets. My visit there was rather educational. http://www.smartcardalliance.org/
    Thanks again for your comments.
    Anyone else have thoughts on the question: Whether it is more secure to have a card that is harder to duplicate but is easier to get the information from, or is it better to have a traditional magnetic stripe card which is very easy to duplicate, but doesn’t contain any way of wirelessly transmitting your information?