Welcome Guest. | Log In | Register | Membership Benefits
  • |   Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share

Smartcards: Still A Smart Choice?

Despite recent security compromises, smartcard technology still has high potential

Jan 26, 2012 | 11:15 PM | 

By Randy George, Contributing Writer

[Excerpted from "Will Smartcards Live Up to Their Name?" -- a new report posted this week on Dark Reading's Authentication Tech Center.]

Imagine sailing through a checkout line, paying for your groceries simply by swiping your smartphone across a terminal. Or walking into a store and being served reward coupons on your mobile device after a near-field communication (NFC) receiver detects your presence. Picture carrying a single device at work that holds your critical data and can grant access to all the digital and physical resources you need to do your job.

Thanks to recent advancements in smartcard technology and NFC, some of these seemingly futuristic options may soon become realities. However, there are some larger security issues that preclude the widespread adoption of smartcards in some environments.

While smartcards are in use today in a variety of applications, there has always been a great deal of trepidation about their widespread deployment. This is the result of several factors, some of which have been mitigated in recent years and some of which have not. These include:

• Privacy concerns: Any technology that can be used to collect or share personal information will always draw the ire of privacy advocacy groups, whose voices can be quite loud and politically active. For every customer that would appreciate a customized purchasing experience that would be created as a result of smartcard technology, there is another who does not want personal spending habits collected, sold, and fed back upon walking in a retailer’s door.

• Lack of standards: The absence of industry standards crippled early innovation in the smartcard market, and successful deployments of any smartcard-like technology were proprietary and application-specific. Today, a handful of standards have shaken out, and these standards are setting the stage for the broader adoption of smartcard-enabled applications.

• Security issues: There are varying levels of concern when it comes to smartcard security. From an enterprise perspective, there is always the threat that an employee’s smartcard could be lost or stolen and then misused. Could it happen? Absolutely. However, well-communicated policy about not sharing PINs, along with the requirement that any lost card be immediately reported, will significantly reduce the security threats associated with a lost or stolen smartcard.

Many enterprises have historically shied away from smartcards because of costs of implementation and administration. However, as data breach after data breach is reported, and millions upon millions of customer records are compromised, it becomes increasingly difficult for companies to hold their current security line. These growing risk factors, along with improvements in smartcard technology, are combining to increase the allure of smartcards on the mobile, commerce, and internal enterprise authentication fronts.

To find out more about the strengths and weaknesses of smartcard technology -- and to see a comparison of smartcards against their chief alternatives -- download the full report on smartcard security.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Authentication Reports

report Will Smartcards Live Up to Their Name?
Recent compromises of smartcard data have exacerbated concerns about the technology?s privacy, security and standards (or lack thereof). Yet the promise of smartcards is too compelling to ignore. New technologies and applications prompt us to take a fresh look.

report Get The Best Of Biometrics
As data volume and sensitivity grow, companies cannot rely on password- and token-based authentication. Biometrics can be used to provide strong access control, but you must weigh added complexity and costs against assurance that users are who they say they are.

report Proof of Identity: How to Choose Multifactor Authentication
User names and passwords are no longer sufficient authentication. In a time when so much business depends on the Internet, security requirements and regulatory mandates are putting pressure on business to adopt strong, multifactor authentication methods. In this Tech Center report, we explain how to weigh cost vs. risk to select the Web authentication method for your high-risk applications.

Other reports from the Authentication Tech Center:

Related Content

Effective and Painless Multi-factor Authentication
When the information age was young, authentication was simple-assign the user a password. Today, user populations have expanded and users access numerous distinct systems with each system requiring credentials. That said, it is no surprise that users have reverted to tactics that invalidate the security strength of passwords. Yet, the use of passwords as the only means to certify a user's identity still remains prevalent among SMBs. There is a new, multi-factor authentication approach that strengthens identity authentication and does not introduce extra cost, user inconvenience, and administrative. This white paper describes why multi-factor authentication is rising in importance and reviews the pros and cons of different multi-factor authentication approaches.

Man-in-the-Browser Attacks Explained
Cybercriminals are using more advanced methods to target online users. One of the fastest growing threats today is the man-in-the-browser (MITB) Trojan attack - an attack designed to intercept data as it passes over a secure communication between a user and an online application. Propagation of man-in-the-browser attacks is being helped by spear phishing attacks, the popularity of social networking sites, and the increase in drive-by downloads. In the last year, there has been an exponential increase in the number of these attacks against financial institutions. This white paper introduces the MITB attack, explains the infection rate, features and functionality of the attack and provides advice on how financial institutions can mitigate the threat.

How to: Select the Best Authentication Solution for Your Business
With the number of new and emerging security products being denoted by analysts as the "silver bullet" solution, it is critical to recognize that there are many authentication choices available on the market. The Authentication Decision Tree is a comprehensive tool that helps organizations understand, evaluate and select the most appropriate authentication solution to meet the needs of their users and their business. This white paper provides an overview of the Authentication Decision Tree, examines the five factors critical to selecting an authentication solution, and offers a clear guide to selecting the right solution that effectively balances risk, cost and end user convenience.

Strong Authentication for SMBs
Small and mid-sized businesses authenticate their end-users primarily with passwords, in spite of the fact that passwords are less secure, inconvenient and more expensive then stronger forms of authentication. This white paper reveals recent research conducted by Aberdeen on the drivers, inhibitors and technology adoption trends among SMBs. Find out what authentication solutions are well-designed to address the needs of SMBs.

How to Make the Case for Strong Authentication
With today's threat landscape and the increased value placed on the information created and stored, systems that rely on static passwords for security are left vulnerable and at high risk of being breached. This paper examines the need for strong authentication and explores the return on investment in order to help organizations make an informed decision when contemplating their strategic move toward more effective security.