With all the talk about smart cards, multi-functionality, PKI and the convergence between IT and physical security, the smart card market is exploding. Right?
Smart cards have been around for many years and are divided into two basic types, contact and contactless. Each technology provides clear benefits over existing Mag stripe and 125K Prox cards. Smart cards provide higher security features, encryption, greater memory, faster data transfer and the ability to be updated in the field or even update readers in the field. Yet, with all of these features and benefits the North American market lags behind the rest of the world in multi-functionality smart card implementation.
Security professionals struggle to find the internal support, justification and budgets to make forward moves. Add to the discussion a multi-functional smart card and the project often gets put on the back burner for reasons ranging from how to best evaluate the technology, conflicting department or corporate objectives and internal politics, just to name a few.
Magnetic stripe and 125K proximity-based security systems are the standards within the access control industry and the market is still strong for these older technologies. In a recent straw poll, these two technologies represented over 75 percent of the access security systems while 15 percent of the market used no technology and only 13 percent used a “smart card.”
SMART CARD NEEDSJust to be clear, a 125K prox or magnetic stripe card is not considered a smart card even if it supports more than one application. A smart card supports independent files from different vendors and can be updated by the reader. The application file that is used to open the front door has nothing to do with the vending machine application stored on the card. They are two totally different applications with independent access security settings.
So, why carry two cards when one can support everything you need?
When security professionals were asked what they were interested in learning about the newer smart cards, they ranked applications, smart card security features and real-life user examples much higher than ROI or how to migrate from existing technology.
So, what applications are supported by smart cards?
Obviously access control remains the driver for contactless technology followed by time & attendance, parking, vending, cafeteria, IT (logical access) and data collection. Contact technology is still the prime choice for IT-related use due to its ability to support PKI and digital signatures. Biometrics identification is coming on strong and being used in applications from neighborhood swimming pools to highly secured military applications.
How to migrate from existing technology to smart cards is made especially easy by a vast number of multi-functional readers that can support existing and new card technology. Price points are dropping and applications do not necessarily need to be changed to use the new technology — and it can be as easy as simply adding a 13.56 MHz contactless sticker to an existing mag stripe ID and swapping out readers where needed.
Of course, securing an adequate budget is always an issue since an existing system is most likely paid for and it seems to work. And, enhancing security with no real or perceived threat can be a difficult internal sell. By demonstrating the ROI, the equation changes from security as a cost center to an opportunity to lower costs across the enterprise, while enhancing employee productivity and increasing overall security. Just ask BMW, Volkswagen or Pricewaterhouse Coopers about the cost savings they have experienced by having an all-in-one, multiple application smart card.
ALL-IN-ONE CARDSAnother concern that was voiced included issues involving internal coordination in order to execute an all-in-one-card corporate program. This can be a daunting effort at first glance; but the reality is that 80 percent of the existing customers chose the technology for a single application: access control. By the end of the second year 30 percent of these customers added a second application.
What drove the decision to add two, three or four applications on to an existing corporate credential was the flexibility and security smart cards provide. Today’s smart cards allow chief security officers to get their program up and running with minimal or no coordination with other departments with the exception of the ones CSOs typically work with, or should work with such as IT and human resources. Keep in mind that today’s smart cards are growth oriented platforms that will support an organization for at least the next 15 years, if not longer.
The trend is clear — the smart card market is growing, and driven by both wide spread adoption and the proliferation of applications that support both contact and contactless smart card technology.