Imagine sailing through a checkout line, paying for your groceries simply by swiping your smartphone across a terminal. Or walking into a store and being served reward coupons on your mobile device after a near-field communication (NFC) receiver detects your presence. Picture carrying a single device at work that holds your critical data and can grant access to all the digital and physical resources you need to do your job.
Thanks to recent advancements in smartcard technology and NFC, some of these seemingly futuristic options may soon become realities. However, there are some larger security issues that preclude the widespread adoption of smartcards in some environments.
While smartcards are in use today in a variety of applications, there has always been a great deal of trepidation about their widespread deployment. This is the result of several factors, some of which have been mitigated in recent years and some of which have not. These include:
• Privacy concerns: Any technology that can be used to collect or share personal information will always draw the ire of privacy advocacy groups, whose voices can be quite loud and politically active. For every customer that would appreciate a customized purchasing experience that would be created as a result of smartcard technology, there is another who does not want personal spending habits collected, sold, and fed back upon walking in a retailer’s door.
• Lack of standards: The absence of industry standards crippled early innovation in the smartcard market, and successful deployments of any smartcard-like technology were proprietary and application-specific. Today, a handful of standards have shaken out, and these standards are setting the stage for the broader adoption of smartcard-enabled applications.
• Security issues: There are varying levels of concern when it comes to smartcard security. From an enterprise perspective, there is always the threat that an employee’s smartcard could be lost or stolen and then misused. Could it happen? Absolutely. However, well-communicated policy about not sharing PINs, along with the requirement that any lost card be immediately reported, will significantly reduce the security threats associated with a lost or stolen smartcard.
Many enterprises have historically shied away from smartcards because of costs of implementation and administration. However, as data breach after data breach is reported, and millions upon millions of customer records are compromised, it becomes increasingly difficult for companies to hold their current security line. These growing risk factors, along with improvements in smartcard technology, are combining to increase the allure of smartcards on the mobile, commerce, and internal enterprise authentication fronts.
To find out more about the strengths and weaknesses of smartcard technology -- and to see a comparison of smartcards against their chief alternatives -- download the full report on smartcard security.
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.