The development of the integrated circuit card (ICC) specifications for payment systems has enabled the payment systems industry to begin building the global infrastructure required to support smart card-based credit and debit schemes.
Developed jointly by Europay, MasterCard and Visa (EMV), these specifications are the first step that will allow cardholders to use smart cards (also referred to as chip cards or ICCs) throughout the world with the same level of confidence that they use magnetic stripe cards today. EMV may also inadvertently offer the bridge needed to move non-financial-based programmes from magnetic stripe to smart card.
Recognising the diverse needs of its member banks around the world, Europay, MasterCard and Visa have worked with the vendor community to make EMV-compliant applications available on a number of vendor-proprietary smart card operating systems. On such single-application EMV-compliant cards currently being issued, behaviour is being defined by the operating system and the pre-coded application contained on the chip in read-only memory (ROM) form. This architecture allowed the industry to maximise the functionality of a card even when faced with limited memory and central processing unit (CPU) resources - a few kilobytes of ROM and often only two kilobytes of EEPROM. However, when you consider that smart cards are used as peripheral devices, with no graphical user interface (GUI) or overly complex input/output (I/O), the limitations are not that serious.
Cost reductions vs limitations
However, these limitations have had an unfortunate result. While they keep costs low, the card`s features are locked into the design, making it difficult or even impossible to change or add functionality to the card once it has been produced. Furthermore, applications are chip-specific and not portable.
Time-to-market is another concern. A new smart card application can easily take up to a year or more to introduce, allowing for the development, masking and validation (type approval) time. One can`t make too many mistakes and hope to have the application introduced on a card in any reasonable length of time. Even if the code is perfect, there is still a chance that the features of the application might need to be changed after the cards have been introduced. This means another pass through the process and several months lost because new cards will need to be manufactured and distributed.
However, when you consider that smart cards are used as peripheral devices, the limitations are not that serious.
Pierre Kotze, financial services executive, Integrated Card Technology
The long-term potential of smart cards lies in the cards that carry a wide range of applications from different industries - banks will probably use smart cards to offer products and services with key partners. While it`s unlikely that people will want everything on one card, multiple applications are nonetheless a natural evolution.
Java Card combined with global platform and multi-application operating system (MULTOS) initiatives are leading the way in the development of an open platform for the delivery of multiple services. To run many applications across different silicon platforms is the vision that underpins an open platform. These initiatives are also based on the paradigm that there is one single card issuer who will have an ever-changing array of business partners who may want to share application space on the card issuer`s cards. Multi-application operating systems will also allow dynamic downloading, deletion and upgrading of applications via the Internet, or at a site such as a bank or retailer.
Combating fraud
A major benefit of chips for the payment systems industry is that it makes counterfeit fraud more difficult. However, EMV-compliant products based on vendor smart card proprietary operating systems typically only support offline static data authentication (SDA). SDA is less expensive to implement, but it provides less protection. In contrast, offline dynamic data authentication (DDA) provides greater security because the process produces a unique digital signature for each authentication attempt, thereby eliminating the possibility of replay. However, this option requires a more expensive chip to provide the extra protection - such functionality is typically provided by most multi-application platforms.
Smart card trials worldwide have proven that when two or more applications are placed on a single smart card, the benefits to all parties far exceed those of single application cards. The cost advantage of a multi-application smart card is that although the fixed costs represent a high proportion of the cost of the card, the variable cost is low. Combining four similarly sized applications on a card is therefore more cost-effective than just having one and the card cost can be shared between multiple organisations.
Share