Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/26/2012
11:15 PM
50%
50%

Smartcards: Still A Smart Choice?

Despite recent security compromises, smartcard technology still has high potential

[Excerpted from "Will Smartcards Live Up to Their Name?" -- a new report posted this week on Dark Reading's Authentication Tech Center.]

Imagine sailing through a checkout line, paying for your groceries simply by swiping your smartphone across a terminal. Or walking into a store and being served reward coupons on your mobile device after a near-field communication (NFC) receiver detects your presence. Picture carrying a single device at work that holds your critical data and can grant access to all the digital and physical resources you need to do your job.

Thanks to recent advancements in smartcard technology and NFC, some of these seemingly futuristic options may soon become realities. However, there are some larger security issues that preclude the widespread adoption of smartcards in some environments.

While smartcards are in use today in a variety of applications, there has always been a great deal of trepidation about their widespread deployment. This is the result of several factors, some of which have been mitigated in recent years and some of which have not. These include:

• Privacy concerns: Any technology that can be used to collect or share personal information will always draw the ire of privacy advocacy groups, whose voices can be quite loud and politically active. For every customer that would appreciate a customized purchasing experience that would be created as a result of smartcard technology, there is another who does not want personal spending habits collected, sold, and fed back upon walking in a retailer’s door.

• Lack of standards: The absence of industry standards crippled early innovation in the smartcard market, and successful deployments of any smartcard-like technology were proprietary and application-specific. Today, a handful of standards have shaken out, and these standards are setting the stage for the broader adoption of smartcard-enabled applications.

• Security issues: There are varying levels of concern when it comes to smartcard security. From an enterprise perspective, there is always the threat that an employee’s smartcard could be lost or stolen and then misused. Could it happen? Absolutely. However, well-communicated policy about not sharing PINs, along with the requirement that any lost card be immediately reported, will significantly reduce the security threats associated with a lost or stolen smartcard.

Many enterprises have historically shied away from smartcards because of costs of implementation and administration. However, as data breach after data breach is reported, and millions upon millions of customer records are compromised, it becomes increasingly difficult for companies to hold their current security line. These growing risk factors, along with improvements in smartcard technology, are combining to increase the allure of smartcards on the mobile, commerce, and internal enterprise authentication fronts.

To find out more about the strengths and weaknesses of smartcard technology -- and to see a comparison of smartcards against their chief alternatives -- download the full report on smartcard security.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/28/2012 | 1:21:37 PM
re: Smartcards: Still A Smart Choice?
PCI needs an Attitude Adjustment.- Have the merchant give your smart card an invoice but do not have your smart card hand out your bank account or credit card number: you are looking to get ripped off.
macker490
50%
50%
macker490,
User Rank: Ninja
1/28/2012 | 1:19:54 PM
re: Smartcards: Still A Smart Choice?
get with it DarkReading: Get DISQUS
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5613
PUBLISHED: 2020-02-18
In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.
CVE-2020-7450
PUBLISHED: 2020-02-18
In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer over...
CVE-2019-10792
PUBLISHED: 2020-02-18
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
CVE-2019-10793
PUBLISHED: 2020-02-18
dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
CVE-2019-10794
PUBLISHED: 2020-02-18
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.