Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/26/2012
11:15 PM
50%
50%

Smartcards: Still A Smart Choice?

Despite recent security compromises, smartcard technology still has high potential

[Excerpted from "Will Smartcards Live Up to Their Name?" -- a new report posted this week on Dark Reading's Authentication Tech Center.]

Imagine sailing through a checkout line, paying for your groceries simply by swiping your smartphone across a terminal. Or walking into a store and being served reward coupons on your mobile device after a near-field communication (NFC) receiver detects your presence. Picture carrying a single device at work that holds your critical data and can grant access to all the digital and physical resources you need to do your job.

Thanks to recent advancements in smartcard technology and NFC, some of these seemingly futuristic options may soon become realities. However, there are some larger security issues that preclude the widespread adoption of smartcards in some environments.

While smartcards are in use today in a variety of applications, there has always been a great deal of trepidation about their widespread deployment. This is the result of several factors, some of which have been mitigated in recent years and some of which have not. These include:

• Privacy concerns: Any technology that can be used to collect or share personal information will always draw the ire of privacy advocacy groups, whose voices can be quite loud and politically active. For every customer that would appreciate a customized purchasing experience that would be created as a result of smartcard technology, there is another who does not want personal spending habits collected, sold, and fed back upon walking in a retailer’s door.

• Lack of standards: The absence of industry standards crippled early innovation in the smartcard market, and successful deployments of any smartcard-like technology were proprietary and application-specific. Today, a handful of standards have shaken out, and these standards are setting the stage for the broader adoption of smartcard-enabled applications.

• Security issues: There are varying levels of concern when it comes to smartcard security. From an enterprise perspective, there is always the threat that an employee’s smartcard could be lost or stolen and then misused. Could it happen? Absolutely. However, well-communicated policy about not sharing PINs, along with the requirement that any lost card be immediately reported, will significantly reduce the security threats associated with a lost or stolen smartcard.

Many enterprises have historically shied away from smartcards because of costs of implementation and administration. However, as data breach after data breach is reported, and millions upon millions of customer records are compromised, it becomes increasingly difficult for companies to hold their current security line. These growing risk factors, along with improvements in smartcard technology, are combining to increase the allure of smartcards on the mobile, commerce, and internal enterprise authentication fronts.

To find out more about the strengths and weaknesses of smartcard technology -- and to see a comparison of smartcards against their chief alternatives -- download the full report on smartcard security.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/28/2012 | 1:21:37 PM
re: Smartcards: Still A Smart Choice?
PCI needs an Attitude Adjustment.- Have the merchant give your smart card an invoice but do not have your smart card hand out your bank account or credit card number: you are looking to get ripped off.
macker490
50%
50%
macker490,
User Rank: Ninja
1/28/2012 | 1:19:54 PM
re: Smartcards: Still A Smart Choice?
get with it DarkReading: Get DISQUS
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25514
PUBLISHED: 2020-09-22
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
CVE-2020-25515
PUBLISHED: 2020-09-22
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
CVE-2020-14022
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Star...
CVE-2020-14023
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
CVE-2020-14024
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuratio...