“Recent Trends in Banking System with Special Reference to Smart Card"

[With special reference to Udaipur city]

A Dissertation submitted to faculty of Law MLSU in lieu of Paper – IV of Business Law Branch in

LL.M., Part-II Examination

2011-12

Guided By: Submitted By:DR. SHILPA SETH SMITH SHARMA

Astt. Professor LL.M. Part – II

UNIVERSITY COLLEGE OF LAWMohan Lal Sukhadia University, Udaipur

1

Mohan lal Sukhadia University Udaipur,

CERTIFICATE

This is to certify that Ms. Smith Sharma, student of L.L.M. Part II

(Business Law) has accomplished this project work entitled "Recent

trends in Banking System with special reference to SMART CARD"

(with special reference to Udaipur city) for the purpose of fulfillment

of paper IV for award of degree of master of law, 2012. She has worked

hard and diligently and has researched in depth into the above mention

subject.

This work has been done under my guidance. I wish her all

success.

Date: DR. SHILPA SETHPlace : Udaipur (Assistant Professor)

2

CONTENT

Sr. No. Topic Page. No.

1. Acknowledgement 1

Part A-Doctrinal2. Introduction

3. RECENT TRENDS AND BANKING SYSTEM

Credit Card Debit Card ATM E-Banking and Internet

4. Smart Card Introduction

5. History of Smart Card

6. What is Smart Card

7. Types of Smart Card

8. Construction of Smart Card

9. Smart Card Security

10. Smart Card Application Area

11. Benefits of Smart Card

12. Advantages of Smart Card

13. Smart Card....... the future

Part B-Non Doctrinal14. Research and Methodology

15. Questionnaire

16. Conclusion and Suggestion

17. Bibliography & Reference

3

ACKNOWLEDGEMENT

Behind every faithful endeavor like advice, guidance and

inspiration from all possible sources lay efforts of all those worthy people

who lend their help directly and indirectly.

Talent and capabilities are of course necessary but opportunities

and right guidance is too very important back- up without which any

person cannot climb the ladder to success.

For the successful completion of project work I would like to

express my sincere gratitude and thanks to all those who helped me and

gave their best wishes end support.

Words are not in lexicon to express my sincere sense of gratitude

for my mentor elite guide and path Dr. Shilpa Seth Faculty of University

College of law Uadaipur.who whose valuable guidance instigating

encouragement, creative thoughts and constructive criticism had help me

to accomplish this research work successfully. She has been a great help

as she has devoted to her full attention and a lot of time to this work.

My warm regard goes to my respected teacher Dr.Farida shah Dean

and head of College of law for this valuable and useful suggestion to

complete this dissertation.

I am thankful to my all respected teachers Mr. Sunil Asopa, Mr.

Anand Paliwal, Mrs. Rajshree Potaliya, Mr.Kshetrapal Singh Chauhan

and Mr. Bhavik Paneri.

4

I am also thankful to all the official and staff of the Law College

Library, Central Library Udaipur for assistance in providing me all books,

Journal and valuable material which I required for this work.

I cannot beet express a deep sense of gratitude to my parents Mr.

Jagdish Chandra Sharma, Mrs Bhagwanti Sharma n Special Thanks to my

Mother in law Mrs Shakuntala Vyas for inspiring and blessings for the

work.

I am special thankful to my husband Mr.Vikas Vyas to give me the

help and motivational support for the completion of this work.

I am grateful to my friend special taruna joshi and

college.Clasmates Miss Jyoti Jodan, Miss Neha Nandwana, for their ever

willing co-operation and encouragement helped me to a complies this

task.

Above all I thank Almighty for blessing me with the strength to

complete this dissertation.

Udaipur, Rajasthan. Smith

Sharma

Date : LL.M. Part - II

5

Introduction

Today, we are having a fairly well developed banking system with

different classes of banks – public sector banks, foreign banks, private

sector banks – both old and new generation, regional rural banks and co-

operative banks with the Reserve Bank of India as the fountain Head of

the system.

In the banking field, there has been an unprecedented growth and

diversification of banking industry has been so stupendous that it has no

parallel in the annals of banking anywhere in the world.

During the last 41 years since 1969, tremendous changes have taken place

in the banking industry. The banks have shed their traditional functions

and have been innovating, improving and coming out with new types of

the services to cater to the emerging needs of their customers.

Historically banks have used information system technology to check

{item processing} drive ATM machine {transaction processing}.

In the past customer rarely notice the computer system or new technology

that made the information system operate .Today E- banking, smart card;

credit Card. ATM is very important in banking sector. Today website

electronic mails and electronic bill presentment and payment system are

in important way the banks to reach their customers.

New trends in banking sector is changing the industry and is having

major effects on banking relationship. Recent trends in banking sector

fulfill with new technology who makes life very simple to customers.

6

Credit card, ATM card n Smart card are very useful in money transaction.

They trends saves the time of customer also banks.

Today "Key to the global village", that is how the Smart Card has been

described. Smart Cards will bring big changes to the way people provide

and receive information and the way they spend money. They will have a

profound impact on retailing and service delivery.

A Smart Card is like an "electronic wallet". It is a standard credit card-

sized plastic intelligent token within which a microchip has been

embedded within its body and which makes it 'smart'. It provides not only

memory capacity, but computational capability as well and thus the chip

is capable of processing data. It has gold contacts that allow other devices

to communicate with it. This chip holds a variety of information, from

stored (monetary) value used for retail and vending machines to secure

information and applications for higher-end operations such as

medical/healthcare records. New information and applications can be

added depending on the chip capabilities. Smart Cards can store several

hundred times more data than a conventional card with a magnetic stripe

and can be programmed to reveal only the relevant information. For

example, it could tell a device in a store that there is sufficient balance in

an account to pay for a transaction without revealing the balance amount.

The marriage between a convenient plastic card and a microprocessor

allows information to be stored, accessed and processed either online or

offline. Therefore, unlike the read-only plastic card, the processing power

of Smart Cards gives them the versatility needed to make payments, to

configure your cell phones, TVs and video players and to connect to your

computers via telephone, satellite or the Internet anytime, anywhere in the

world.

7

Now first we start with new & recent trends in banking.

Recent trends of banking system……..

1. Credit Cards:-

Everyone carries a credit card these days. A credit card is basically a

plastic card with a magnetic strip invented with the intention to simplify

the complicated banking process for an individual in case he/she is short

of cash, be it something casual like shopping or something severe like an

emergency situation.

Various banks and private financial organizations have now started

providing credit card facility to their clients to offer them better and

simpler financial solutions to their problems.

A credit card generally works by giving its holder an immediate authority

to purchase services and goods such as travel and hotel reservations as

well as shopping for merchandise in and outside your own country.

All the credit card comes with a credit limit, a predetermined amount of

money which its lender is offering as credit to a credit card holder to

spend wherever he wants to before issuing a credit card to an individual,

the bank or the financial institution has a look at his/her credit rating

along side verifying his/her credit history.

8

After receiving the needful information about the applicant, the lender

company issues the credit card to him. Now if the credit card holder goes

shopping with his credit card, he pays the vendor through the card which

is actually reimbursed to the vendor through the bank or the lender

company.

And finally, the cardholder then repays the bank for the entire credit

amount that he has used, by paying it back through regular monthly

payments.

In case the cardholder fails to payback the entire balance, the bank can

lawfully charge him/her with an interest fee on the unpaid amount.

This exactly why a thorough credit rating check is done by the lender

company for the potential cardholder. Such a measure guarantees them as

a lender that an individual with a good credit rating is likely to return

back the credited amount.

That is why it is always better to have a good credit rating because the

better your credit history, the easier it is for any individual to apply for

and receive a credit card.

Many credit card programs these days also include insurance coverage to

secure the card holder in cases like theft or fraud. There are very high

chances of a credit card being stolen to be later used illegally by the thief,

but in case the card is insured and the matter immediately reported to the

lender company, the actual credit card holder would not be held

accountable for the illicit charges.

However, a credit card holder can him/herself authorize any other person

to use his card for purchase of any goods or services willingly. In such

9

cases, it is the primary cardholder who is accountable for paying back all

the transactions made through his or her account, eventually.

Every banking and other financial institution has its own company

policies and conditions regarding the credit limit as well as the time

allowed to pay it back.

While some might give more weight age to an applicant’s credit rating,

others might not be so stringent in those matters.

Both secured and unsecured types of credit cards are issued by the

various lender companies and it is your choice on which one you want to

opt for. Sometimes, it also depends on your credit rating. A very poor

credit history might force you to opt for a secured credit card.

Whatever be the case, what needs to be remembered always is that credit

card is not our money till the time we do not repay it back. It is a loan that

we take from the bank or the lender company. This facility provides us to

buy first and pay later, but paying it back later is a must or you may never

come to know when you get trapped in the vicious circle of credit card

debts.

10

2. Debit Card:-

A debit card, sometimes called a check card (because it is similar to a

check in that it allows you to access the money in your checking

account), is very similar to a credit card. In fact, many have a 16-digit

number and a Visa or MasterCard logo and can be used like a credit card

for purchases, with the major difference that the money still comes out of

your account right away - you don't have the option of paying off your

purchases later. A debit card is what you use to make purchases at stores

when you want the convenience of plastic (as opposed to cash or checks)

but want to pay immediately instead of accruing a balance on a credit

card. (For more insight, see Credit, Debit and Charge: Sizing Up The

Cards In Your Wallet and Are credit cards and debit cards considered

debt instruments?)

Debit cards are also how you withdraw cash from your checking account

through an automated teller machine (ATM). To access your money this

way, you'll need to use a personal identification number (PIN) that you

can establish when you open your account or that the bank will assign to

you. PINs provide an added layer of protection if your card is lost or

stolen, so you should choose a PIN that would be difficult for someone

11

else to guess. Memorize this number (definitely don't write it on your

card), and never tell it to anyone. If you have to write it down

somewhere, keep this information at home, not in your wallet or purse.

In addition to using your PIN to make ATM withdrawals, if you select the

debit option when using your debit card to make a purchase at a store,

you'll need to enter your PIN then as well. If your debit card has a credit

card logo, you may be better off selecting the credit option to minimize

the possibility of a stranger watching you enter your PIN. Some banks

have a preference for whether you select debit or credit at the register

when using your debit card to make a purchase; they may reward you for

selecting their preferred option and/or penalize you for doing the

opposite, so make sure to read the terms, conditions and fee schedule of

your checking account agreement.

Some cards, however, do not have 16-digit credit-card-like numbers and

do not have a credit card logo. These cards can only be used to withdraw

cash from an ATM and cannot be used to make purchases. These are

known as ATM cards, rather than debit cards.

Automated teller machines allow you to make deposits and withdrawals

without visiting a bank teller. Lines are usually shorter (or nonexistent),

you can access your cash even when the bank itself is closed, and there's

no human interaction involved. ATMs can be found at banks, in grocery

stores, in airports, in hotels, in clubs, in restaurants, in gas stations, and at

a few other places. If you use an ATM at any branch of your bank, it will

be free.

Use another bank's or a store's ATM, however, and it could cost you.

Generally, the company that owns the ATM will charge you a fee, and

your own bank will also charge you a fee. These fees will usually only be

12

a couple of dollars each, but they can add up over the course of a month

or year and are an unnecessary expense. Some banks will waive a couple

of these fees per month, and if you have an online checking account, you

may be able to use almost any ATM without incurring any fees.

If you plan to use an ATM frequently, it might save you money to open

your account with a major bank that has ATMs everywhere or open an

online checking account that allows liberal, fee-free use of other banks'

ATMs. If you're good at anticipating your cash needs ahead of time, or if

you frequent stores that allow you to get "cash back" when you make a

purchase with your debit card, ATM ubiquity need not be a factor in your

choice of bank.

One drawback of relying on ATMs is their daily cash withdrawal limits.

While you shouldn't have any problems withdrawing a large amount of

cash from your account if you visit a teller, you usually won't be able to

withdraw more than a few hundred dollars a day from an ATM. (Using an

ATM also poses some risks. Learn more in 5 ATM Scams That Can

Break the Bank.)

Pros and Cons of Using Debit Cards Debit cards are generally seen as an

alternative to cash, checks, or credit cards. Like these other spending

options, debit cards have their advantages and disadvantages.

Unlike credit cards, debit cards can help you stay out of financial trouble

by limiting you’re spending to the amount of money that's actually in

your account. However, if you're not aware of how much money is in

your account and how many checks and purchase transactions you have

outstanding; it's possible to incur hefty fees for overdrawing your

account.

13

Debit cards generally do not offer as much protection against theft as

credit cards. While you will usually not be liable for any unauthorized

purchases made with your credit card, it is possible to be liable for $50,

$500, or more in unauthorized purchases and withdrawals made with

your debit card depending on when you report the theft. You must act

quickly to report a lost or stolen card if you want to cut your losses, and

sometimes by the time you realize there's a problem, you've already lost a

significant amount of money that you wouldn't be on the hook for with a

credit card. (For more insight, read Credit Card Perks You Never Knew

You Had.)

Debit cards can be safer than carrying around cash, however. If you were

to get mugged and you reported the theft of your debit card right away,

your liability would be capped at $50. If you were carrying around $500

in cash, it would all be gone, and you'd have no way to recover the

money.

Unlike credit cards, the regular use of a debit card does not help you

establish credit or improve your credit score. Also, debit cards generally

do not come with the perks offered by credit cards, such as rental car

insurance and product satisfaction guarantees.

Transaction Limits Your bank may limit the number of transactions or the

total dollar amount of transactions you can complete in one day using

your debit card. If you're planning to go to lots of stores or make a large

purchase using your debit card, you'll need to be aware of these

transaction limits ahead of time. Consult your account agreement for

details.

14

Holds on Funds When you make certain types of purchases with your

debit card, the company you make a purchase from may place a hold on

more of your available funds than what you've actually spent. The most

common businesses that employ this practice are hotels, rental car

companies and gas stations. Rental car companies and hotels hold the

extra money to protect themselves if you damage the car or the room.

Many such companies will not even accept debit cards, since a high

spending limit on a credit card can make it easier to recoup losses from

customers in the event of significant damage. Gas stations place a hold

because of the way they process debit card transactions. The hold amount

is commonly $50 or $75 on top of your purchase amount and may not

disappear for three to five business days.

It's essential to be aware of businesses' funds-blocking policies, because

you won't be able to withdraw that money as cash or draw checks from it

until the hold is released. Similarly, since the funds are not available, you

can bounce checks you've already written if you're not aware that a hold

has been placed on your account. To avoid headaches like these, pay in

cash or use a credit card when dealing with vendors that place holds on

debit card purchases.

3. ATM:-

An automated teller machine or automatic teller machine (ATM), also

known as a Cash point (which is a trademark of Lloyds TSB), cash

machine or sometimes a hole in the wall in British English, is a

computerized telecommunications device that provides the clients of a

financial institution with access to financial transactions in a public space

without the need for a cashier, human clerk or bank teller. ATMs are

15

known by various other names including ATM machine, automated

banking machine, and various regional variants derived from trademarks

on ATM systems held by particular banks.

Invented by John Shepherd-Barron, the first ATM was introduced in June

1967 at Barclays Bank in Enfield, UK.[citation needed][dubious –

discuss] On most modern ATMs, the customer is identified by inserting a

plastic ATM card with a magnetic stripe or a plastic smart card with a

chip, that contains a unique card number and some security information

such as an expiration date or CVVC (CVV). Authentication is provided

by the customer entering a personal identification number (PIN).

Using an ATM, customers can access their bank accounts in order to

make cash withdrawals, credit card cash advances, and check their

account balances as well as purchase prepaid cell phone credit. If the

currency being withdrawn from the ATM is different from that which the

bank account is denominated in (e.g.: Withdrawing Japanese Yen from a

bank account containing US Dollars), the money will be converted at a

wholesale exchange rate. Thus, ATMs often provide the best possible

exchange rate for foreign travelers and are heavily used for this purpose

as well.[1]

16

Location:-

ATMs are placed not only near or inside the premises of banks, but also

in locations such as shopping centers/malls, airports, grocery stores,

petrol/gas stations, restaurants, or anywhere frequented by large numbers

of people. There are two types of ATM installations: on- and off-premise.

On-premise ATMs are typically more advanced, multi-function machines

that complement a bank branch's capabilities, and are thus more

expensive

ATMs are placed not only near or inside the premises of banks, but also

in locations such as shopping centers/malls, airports, grocery stores,

petrol/gas stations, restaurants, or anywhere frequented by large numbers

of people. There are two types of ATM installations: on- and off-premise.

On-premise ATMs are typically more advanced, multi-function machines

17

that complement a bank branch's capabilities, and are thus more

expensive

ATMs rely on authorization of a financial transaction by the card issuer

or other authorizing institution via the communications network. This is

often performed through an ISO 8583 messaging system.

Many banks charge ATM usage fees. In some cases, these fees are

charged solely to users who are not customers of the bank where the

ATM is installed; in other cases, they apply to all users.

Hardware

An ATM is typically made up of the following devices:

CPU Magnetic and/or Chip card reader (to identify the customer)PIN Pad

(similar in layout to a Touch tone or Calculator keypad), often

manufactured as part of a secure enclosure. Secure, generally within a

secure enclosure. Display Function key buttons (usually close to the

display) or a Touch screen (used to select the various aspects of the

transaction) Record Printer (to provide the customer with a record of their

transaction)Vault (to store the parts of the machinery requiring restricted

access)Housing (for aesthetics and to attach signage to)

Software

With the migration to commodity PC hardware, standard commercial

"off-the-shelf" operating systems and programming environments can be

used inside of ATMs. Typical platforms previously used in ATM

development include RMX or OS/2. Today the vast majority of ATMs

worldwide use a Microsoft OS, primarily Windows XP Professional or

18

Windows XP Embedded. A Wincor Nixdorf ATM running Windows

2000.

Linux is also finding some reception in the ATM marketplace. An

example of this is Banrisul, the largest bank in the south of Brazil, which

has replaced the MS-DOS operating systems in its ATMs with Linux.

Banco do Brasil is also migrating ATMs to Linux.

With the move to a more standardized software base, financial

institutions have been increasingly interested in the ability to pick and

choose the application programs that drive their equipment. WOSA/XFS,

now known as CEN XFS (or simply XFS), provides a common API for

accessing and manipulating the various devices of an ATM. J/XFS is a

Java implementation of the CEN XFS API.

With the onset of Windows operating systems and XFS on ATM's, the

software applications have the ability to become more intelligent. This

has created a new breed of ATM applications commonly referred to as

programmable applications. These types of applications allows for an

entirely new host of applications in which the ATM terminal can do more

than only communicate with the ATM switch. It is now empowered to

connected to other content servers and video banking systems.

Uses of ATM in banking sector

Cash Withdrawal and Balance Enquiry:-

In spite of a number of innovative services being made available at many

ATMs, cash withdrawal stills remains the most accessed service at

ATMs. However, the migration of routine bank transactions like cash

19

withdrawals and balance enquiries from teller counters to ATMs

significantly raises the potential for savings in employee costs and greater

employee focus on value-added revenue-enhancing activities such as

selling other financial products and advisory services to customers.

Cash /Cheque Deposit:-

Again, due to the strong cash culture in India, cash deposits are most

likely higher than in other markets, especially cash deposits made by

commercial customers such as retail shopkeepers and those whose work

involves substantial travelling. A high cash withdrawal rate results in

higher ATM servicing costs due to frequent cash replenishment

requirements. Recent developments in ATM technology have made it

possible to recycle cash in ATMs. Currency notes received as cash

deposits are counted; soiled notes separated and deposited cash dispensed

to fulfil withdrawal transactions. However, regulatory concerns relating

to identification of counterfeit notes and its depositors need to be

addressed first.

ATM with Cheque deposit facility is not picking up in India, like other

countries. One of the reasons is the delay in collection of the cheque

deposited in ATMs. Cheque deposited in ATMs is to be collected and

deposited in the designated branch for collection. Another reason is the

introduction of cheque deposit Kiosks by various Banks especially

Private sector ones. These are kept at each some important

locations/branches where customers can deposit there cheques which are

collected at intervals which may be difficult in ATMs.

20

Bill Payments:-

Most utilities have inadequate infrastructure for receiving bill payments

resulting in long queues at collection centers. Hence, bill payment at

ATMs has achieved noticeable acceptance by bank customers. Most

banks provide this service through bi-lateral arrangements with bill-

payment service providers. ATM users register their water, electricity and

telephone utility accounts with banks, check their dues at ATMs, approve

bill payments that are debited to their bank accounts and receive printed

receipts for the transactions. This service has the effect of improving

customer satisfaction for both the bank as well as the bill-payment service

providers. Some Banks’ ATMs even accept charitable contributions to

Temples.

Sale of Paper Based Products:-

ATMs are ideally suited to sell paper-based products and services such as

tickets, wireless phone recharge cards, financial products, etc. The screen

interface allows browsing and customization, access to bank accounts

facilitate payments and printing capabilities produce the actual

product/service. A number of banks including ICICI Bank, SBI and PNB

have ATMs at Mumbai’s local railway stations to dispense season tickets

to commuters. Own-bank customers pay no extra charge while other bank

customers pay a fee of Rs. 50 for this extremely useful service of anytime

ticket purchase. Railway season tickets represent a high-volume mass-

appeal product. As technical standards get established and

product/service sellers become aware of the ATM sales channel, niche-

appeal high-margin products like entertainment tickets will join the fray.

21

Bank and Information technology:-In the five decades since independence, banking in India has evolved

through four distinct phases. During Fourth phase, also called as Reform

Phase, Recommendations of the Narasimham Committee (1991) paved

the way for the reform phase in the banking. Important initiatives with

regard to the reform of the banking system were taken in this phase.

Important among these have been introduction of new accounting and

prudential norms relating to income recognition, provisioning and capital

adequacy, deregulation of interest rates & easing of norms for entry in the

field of banking.

Entry of new banks resulted in a paradigm shift in the ways of banking in

India. The growing competition, growing expectations led to increased

awareness amongst banks on the role and importance of technology in

banking. The arrival of foreign and private banks with their superior

state-of-the-art technology-based services pushed Indian Banks also to

follow suit by going in for the latest technologies so as to meet the threat

of competition and retain their customer base.

Indian banking industry, today is in the midst of an IT revolution. A

combination of regulatory and competitive reasons has led to increasing

importance of total banking automation in the Indian Banking Industry.

22

Information Technology has basically been used under two different

avenues in Banking. One is Communication and Connectivity and other

is Business Process Reengineering. Information technology enables

sophisticated product development, better market infrastructure,

implementation of reliable techniques for control of risks and helps the

financial intermediaries to reach geographically distant and diversified

markets.

In view of this, technology has changed the contours of three major

functions performed by banks, i.e., access to liquidity, transformation of

assets and monitoring of risks. Further, Information technology and the

communication networking systems have a crucial bearing on the

efficiency of money, capital and foreign exchange market.

The Software Packages for Banking Applications in India had their

beginnings in the middle of 80s, when the Banks started computerizing

the branches in a limited manner. The early 90s saw the plummeting

hardware prices and advent of cheap and inexpensive but high-powered

PCs and servers and banks went in for what was called Total Branch

Automation (TBA) Packages. The middle and late 90s witnessed the

tornado of financial reforms, deregulation, globalization etc coupled with

rapid revolution in communication technologies and evolution of novel

23

concept of 'convergence' of computer and communication technologies,

like Internet, mobile phone etc.

M ilestones

In India, banks as well as other financial entities entered the world of

information technology and with Indian Financial Net (INFINET).

INFINET, a wide area satellite based network (WAN) using VSAT (Very

Small Aperture Terminals) technology, was jointly set up by the Reserve

Bank and Institute for Development and Research in Banking technology

(IDRBT) in June 1999.

The Indian Financial Network (INFINET) which initially comprised only

the public sector banks was opened up for participation by other

categories of members.

The first set of applications that could benefit greatly from the use of

technological advances in the computer and communications area relate

to the Payment systems which form the lifeline of any banking activity.

The process of reforms in payment and settlement systems has gained

momentum with the implementation of projects such as NDS

((Negotiated Dealing System), CFMS ( Centralized Funds Management

System) for better funds management by banks and SFMS (Structured

Financial Messaging Solution) for secure message transfer. This would

result in funds transfers and funds-related message transfer to be routed

24

electronically across banks using the medium of the INFINET.

Negotiated dealing system (NDS), which has become operational since

February 2002 and RTGS (Real Time Gross Settlement system)

scheduled towards the end of 2003 are other major developments in the

area.

Internet has significantly influenced delivery channels of the banks.

Internet has emerged as an important medium for delivery of banking

products & services. Detailed guidelines of RBI for Internet Banking has

prepared the necessary ground for growth of internet banking in India.

E- Banking & internet:-

Transaction and delivery costs. This paper discusses some of the

problems developing countries, which have a low penetration of

information and telecommunication technology, face in realizing the

advantages of e-banking initiatives. Major concerns such as the ‘digital

divide’ between the rich and poor, the different operational environments

for public and private sector banks, problems of security and

authentication, management and regulation; and inadequate financing of

small and medium scale enterprises (SMEs) are highlighted there are not

many inventions that have changed the business of banking as quickly as

the e-banking revolution. World over banks are reorienting their business

25

strategies towards new opportunities offered by e-banking. E-banking has

enabled banks to scale borders, change strategic behavior and thus bring

about new possibilities.

E-banking has moved real banking behavior closer to neoclassical

economic theories of market functioning. Due to the absolute

transparency of the market, clients (both business as well as retail) can

compare the services of various banks more easily. For instance, on the

internet, competitors are only one click away. If clients are not happy

with the products, prices or services offered by a particular bank, they are

able to change their banking partner much more easily than in the

physical or real bank-client relationship. From the banks’ point of view,

use of the internet has significantly reduced the physical costs of banking

operations. As discussed by Turner (2001), progress in information

technology has slashed the costs of processing information, while the

internet has facilitated its transmission, thus facilitating change in the

very essence of the banking business. Around the world, electronic

banking services, whether delivered online or through other mechanisms,

have spread quickly in recent years. It must be noted that the impact of e-

banking is not limited to industrial and advanced emerging economies.

Even in countries with underdeveloped banking systems, E-banking has

offered many new business opportunities.

In simple words, e-banking implies provision of banking products and

services through electronic delivery channels. Electronic banking has

been around for quite some time in the form of automatic teller machines

(ATMs) and telephone transactions. In more recent times, it has been

transformed by the internet a new delivery channel that has facilitated

banking transactions for both customers and banks. For customers, the

26

internet offers faster access, is more convenient and available around the

clock irrespective of the customer’s location. For banks, it is a much more

efficient and cost- saving channel).

27

Introduction

In recent months, industry pundits have begun to suggest that smart cards

will one day be as important as computers are today. This statement is

somewhat misleading, however, because it implies that smart cards are

not computers, which in fact, they are.

This first article in a two-part series describes the history of smart cards,

compares some different types, and discusses their low-level properties.

To complete the picture, the second article in this series will discuss the

standards that affect the adoption of smart cards in mainstream society,

and how smart cards relate to today’s computer security systems.

Because smart cards are indeed tiny computers, it is difficult to predict

the variety of applications that smart cards will make possible in the

future. In fact, it is quite possible that smart cards will experience rapid

increases in processing power, following "Moore’s Law"1 and doubling

in performance while halving in cost every 18 months as computers have

for the past 2 decades.

Since their inception, smart cards have proven to be quite useful as a

transaction, authorization, and identification medium in European

countries. As their capabilities increase, they could become the ultimate

"thin client," eventually replacing all of the things we carry around in our

wallets, including credit cards, licenses, cash, and even family

photographs. (The photographs could be viewed and/or exchanged using

capable terminals or personal computers.) By containing various

identification certificates, smart cards could be used to voluntarily

28

identify attributes of ourselves, no matter where we are or to which

computer network we are attached.

This article does not try to predict the future of smart card application

possibilities, nor their impact on society. Instead, it focuses on the state-

of-the-art for smart cards and their use in computer and network security

systems. Similarly, this article is not scientifically comprehensive with

regard to every detail of integrated circuit cards. Instead, it tries to strike a

balance between accuracy and comprehensibility. The standards and

references that are mentioned throughout the article can be used to find

more specific information.

1. History of the smart card

The technology has its historical origin in the seventies when inventors in

Germany, Japan, and France filed the original patents. While inventors in

the U.S., Japan and Austria, were issued patents, it was the French who

put up big money to push the technology. They did this in the 1970's,

during a period of major national investment in modernizing the nation's

technology infrastructure. Due to several factors most work on Smart

Cards was at the research and development level until the mid eighties.

Since then, the industry has been growing at tremendous rate is shipping

more than one billion (1,000,000,000) cards per year (since 1998). The

current world population of Smart Cards of some 1.7 billion is set to

increase to 4 billion or more cards within the next 3-4 years..

The roots of the current day smart card can be traced back to the United

States, in the early 1950s, when Diner’s Club produced the first all plastic

card to be used for payment applications. The use of the synthetic

material PVC allowed for longer lasting cards than the previous

29

conventional paper-based cards. In this system, the mere fact that you

were issued a Diner’s Club card allowed you to pay with your "good

name" rather than cash. In effect, the card identified you as a member of a

select group, and was accepted by certain restaurants and hotels that

recognized this group.

VISA and MasterCard then entered the market, but eventually the cost

pressures of fraud, tampering, merchant handling, and bank charges

necessitated a machine-readable card. The subsequent introduction of the

magnetic stripe allowed additional digitized data to be stored on the cards

in a machine-readable format. This type of embossed card with a

magnetic stripe is still the most commonly used method of payment.

Magnetic stripe technology suffers from a critical weakness, however, in

that anyone with access to the appropriate device can read, re-write, or

delete the data. Thus a magnetic stripe card is unsuitable for storing

sensitive data and, as such, requires an extensive online, centralized,

back-end infrastructure for verification and processing.

As it turns out, this type of back-end infrastructure soon became prevalent

in the United States, but was not as readily available in the European

countries. As in any client/server architecture, one solution to a lack of

back-end processing power is to beef up the back-end server side, but

another solution is to make the client side more powerful, thus relieving

some of the duties of the back-end. European countries seem to have

preferred the client side approach, and made a huge improvement over

magnetic stripe technology by introducing the integrated circuit card

(ICC).

30

In 1968, German inventors Jürgen Dethloff and Helmut Grötrupp applied

for the first ICC-related patents. Similar applications followed in Japan in

1970 and in France in 1974. In 1984, the French Postal and

Telecommunications services (PTT) successfully carried out a field trial

with telephone cards. By 1986, many millions of French telephone smart

cards were in circulation. Their number reached nearly 60 million in

1990, and 150 million were projected for 1996.

As cryptography made great progress in the 1960s and security

mechanisms could be proved mathematically, smart cards proved to be an

ideal medium for safely storing cryptographic keys and algorithms.

French banks were the first to field this type of card by introducing a

chip-incorporating bank card in 1984. German banks began introducing

them around 1997. Another application fielded in Germany included over

70 million smart cards that carried health insurance information.

What is smart card?

Today's society is often characterized as an information society.

Technological developments, particularly in the areas of computers and

telecommunications have fundamentally changed the character of the

modern organization. The smart card is one of the latest additions to the

world of information technology.

31

The term Smart Card is loosely used to describe any card with a

capability to relate information to a particular application such as

magnetic stripe, optical, memory, and microprocessor cards. It is more

precise, however to refer to memory and microprocessor cards as smart

cards.

A Smart Card is a card incorporating a “CHIP” or (microprocessor)

which is a type of tiny computer embedded in the plastic. The metal circle

visible on the outside of the card is not the microprocessor itself, but

rather a unit containing its outside connections. The chip provides the

card with these advantages:-

A memory for greater storage than can be provided on magnetic

stripes.

Intelligence for exploiting this increased data. The smart card

participates directly in controlling transactions; i.e. it is active not

passive like the magnetic card.

It cannot be reproduced, nor can its code be broken. After three wrong

codes have been tried, the chip blocks any further usage of the card,

which is therefore more secure than a magnetic card.

It stores formula within its permanent (read-only) memory which

enables it to verify the authenticity of the secret code typed in by the

customer.

It registers and memorizes the number and frequency of all

transactions effected.

A magnetic stripe card has a strip of magnetic tape material attached to its

surface. This is the standard technology used for bank cards:-

32

Optical cards are bank card-size, plastic cards that use some form of laser

to write and read the card.

Memory cards can store a variety of data, including financial, personal,

and specialized information; but cannot process information.

Smart cards with a microprocessor look like standard plastic cards, but

are equipped with an embedded Integrated Circuit (IC) chip.

Microprocessor cards can store information, carry out local processing on

the data stored, and perform complex calculations. These cards take the

form of either "contact" cards which require a card reader or "contactless"

cards which use radio frequency signals to operate.

Over a billion smart cards are already in use. Currently, Europe is the

region where they are most used. A study forecasts a $26.5 billion market

for recharging smart cards by2005. Compaq and Hewlett-Packard are

reportedly working on keyboards that include smart card slots that can be

read like bank credit cards. The hardware for making the cards and the

devices than can read them are currently made principally by Bull,

Gemplus, and Schlumberger.

3. Types of Smart CardSmart cards are defined according to…

1). How the card data is read and written?

2). The type of chip implanted within the card and its capabilities.

There is a wide range of options to choose from when designing your

system.

33

Card Construction

Mostly all chip cards are built from layers of differing materials, or

substrates, that when brought together properly gives the card a specific

life and functionality. The typical card today is made from PVC,

Polyester or Polycarbonate. The card layers are printed first and then

laminated in a large press. The next step in construction is the blanking or

die cutting. This is followed by embedding a chip and then adding data to

the card. In all, there may be up to 30 steps in constructing a card. The

total components, including software and plastics, may be as many as 12

separate items; all this in a unified package that appears to the user as a

simple device.

34

Contact Cards

These are the most common type of smart card. Electrical contacts

located on the outside of the card connect to a card reader when the card

is inserted. This connector is bonded to the encapsulated chip in the card.

35

Increased levels of processing power, flexibility and memory will add

cost. Single function cards are usually the most cost-effective solution.

Choose the right type of smart card for your application by determining

your required level of security and evaluating cost versus functionality in

relation to the cost of the other hardware elements found in a typical

workflow. All of these variables should be weighted against the expected

lifecycle of the card. On average the cards typically comprise only 10 to

15 percent of the total system cost with the infrastructure, issuance,

software, readers, training and advertising making up the other 85

percent. The following chart demonstrates some general rules of thumb:

36

Card Function Trade-Offs

Memory Cards

Memory cards cannot manage files and have no processing power for

data management. All memory cards communicate to readers through

synchronous protocols. In all memory cards you read and write to a fixed

address on the card. There are three primary types of memory cards:

Straight, Protected, and Stored Value. Before designing in these cards

into a proposed system the issuer should check to see if the readers and/or

terminals support the communication protocols of the chip. Most

37

contactless cards are variants on the protected memory/segmented

memory card idiom.

Straight Memory Cards

These cards just store data and have no data processing capabilities. Often

made with I2C or serial flash semiconductors, these cards were

traditionally the lowest cost per bit for user memory. This has now

changed with the larger quantities of processors being built for the GSM

market. This has dramatically cut into the advantage of these types of

devices. They should be regarded as floppy disks of varying sizes without

the lock mechanism. These cards cannot identify themselves to the

reader, so your host system has to know what type of card is being

inserted into a reader. These cards are easily duplicated and cannot be

tracked by on-card identifiers.

Protected / Segmented Memory Cards

These cards have built-in logic to control the access to the memory of the

card. Sometimes referred to as Intelligent Memory cards, these devices

can be set to write- protect some or the entire memory array. Some of

these cards can be configured to restrict access to both reading and

writing. This is usually done through a password or system key.

Segmented memory cards can be divided into logical sections for planned

multi-functionality. These cards are not easily duplicated but can possibly

be impersonated by hackers. They typically can be tracked by an on-card

identifier.

38

Stored Value Memory Cards

These cards are designed for the specific purpose of storing value or

tokens. The cards are either disposable or rechargeable. Most cards of this

type incorporate permanent security measures at the point of

manufacture. These measures can include password keys and logic that

are hard-coded into the chip by the manufacturer. The memory arrays on

these devices are set-up as decrements or counters. There is little or no

memory left for any other function. For simple applications such as a

telephone card, the chip has 60 or 12 memory cells, one for each

telephone unit. A memory cell is cleared each time a telephone unit is

used. Once all the memory units are used, the card becomes useless and is

thrown away. This process can be reversed in the case of rechargeable

cards.

39

CPU/MPU Microprocessor Multifunction Cards

These cards have on-card dynamic data processing capabilities.

Multifunction smart cards allocate card memory into independent

sections or files assigned to a specific function or application. Within the

card is a microprocessor or microcontroller chip that manages this

memory allocation and file access. This type of chip is similar to those

found inside all personal computers and when implanted in a smart card,

manages data in organized file structures, via a card operating system

(COS). Unlike other operating systems, this software controls access to

the on-card user memory. This capability permits different and multiple

functions and/or different applications to reside on the card, allowing

businesses to issue and maintain a diversity of ‘products’ through the

card. One example of this is a debit card that also enables building access

on a college campus. Multifunction cards benefit issuers by enabling

them to market their products and services via state-of-the-art transaction

and encryption technology. Specifically, the technology enables secure

identification of users and permits information updates without

replacement of the installed base of cards, simplifying program changes

and reducing costs. For the card user, multifunction means greater

convenience and security, and ultimately, consolidation of multiple cards

down to a select few that serve many purposes.

There are many configurations of chips in this category, including chips

that support cryptographic Public Key Infrastructure (PKI) functions with

on-board math co-processors or JavaCard® with virtual machine

hardware blocks. As a rule of thumb - the more functions, the higher the

cost.

40

Contactless Cards

These are smart cards that employ a radio frequency (RFID) between

card and reader without physical insertion of the card. Instead, the card is

passed along the exterior of the reader and read. Types include proximity

cards which are implemented as a read-only technology for building

access. These cards function with a very limited memory and

communicate at 125 MHz. Another type of limited card is the Gen 2 UHF

Card that operates at 860 MHz to 960 MHz.

True read and write contactless cards were first used in transportation

applications for quick decrementing and reloading of fare values where

their lower security was not an issue. They communicate at 13.56 MHz

and conform to the ISO 14443 standard. These cards are often protected

memory types. They are also gaining popularity in retail stored value

since they can speed up transactions without lowering transaction

processing revenues (i.e. Visa and MasterCard), unlike traditional smart

cards.

Variations of the ISO14443 specification include A, B, and C, which

specify chips from either specific or various manufacturers. A=NXP-

(Philips) B=everybody else and C=Sony only chips. Contactless card

drawbacks include the limits of cryptographic functions and user

memory, versus microprocessor cards and the limited distance between

card and reader required for operation.

Multi-mode Communication Cards

These cards have multiple methods of communications, including

ISO7816, ISO14443 and UHF gen 2. How the card is made determines if

41

it is a Hybrid or dual interface card. The term can also include cards that

have a magnetic-stripe and or bar-code as well.

Hybrid Cards

Hybrid cards have multiple chips in the same card. These are typically

attached to each interface separately, such as a MIFARE chip and antenna

with a contact 7816 chip in the same card.

Dual Interface Cards

These cards have one chip controlling the communication interfaces. The

chip may be attached to the embedded antenna through a hard connection,

inductive method or with a flexible bump mechanism.

Multi-component Cards

These types of cards are for a specific market solution. For example, there

are cards where the fingerprint sensor is built on the card. Or one

company has built a card that generates a one-time password and displays

the data for use with an online banking application. Vault cards have

rewriteable magnetic stripes. Each of these technologies is specific to a

particular vendor and is typically patented.

Smart Card Form Factors

The expected shape for cards is often referred to as CR80. Banking and

ID cards are governed by the ISO 7810 specification. But this shape is not

the only form factor that cards are deployed in. Specialty shaped cutouts

of cards with modules and/or antennas are being used around the world.

The most common shapes are SIM. SD and MicroSD cards can now be

42

deployed with the strength of smart card chips. USB flash drive tokens

are also available that leverage the same technology of a card in a

different form factor.

Integrated Circuits and Card Operating Systems

The two primary types of smart card operating systems are (1) fixed file

structure and (2) dynamic application system. As with all smartcard

types, the selection of a card operating system depends on the application

that the card is intended for. The other defining difference lies in the

encryption capabilities of the operating system and the chip. The types of

encryption are Symmetric Key and Asymmetric Key (Public Key).

The chip selection for these functions is vast and supported by many

semiconductor manufacturers. What separates a smart card chip from

other microcontrollers is often referred to as trusted silicon. The device

itself is designed to securely store data withstanding outside electrical

tampering or hacking. These additional security features include a long

list of mechanisms such as no test points, special protection metal masks

and irregular layouts of the silicon gate structures. The trusted silicon

semiconductor vendor list below is current for 2010:

Atmel

EM Systems

Infineon

Microchip

NXP

Rennes’s Electronics

43

Samsung

Sharp

Sony

ST Microelectronics

Many of the features that users have come to expect, such as specific

encryption algorithms, have been incorporated into the hardware and

software libraries of the chip architectures. This can often result in a card

manufacturer not future-proofing their design by having their card

operating systems only ported to a specific device. Care should be taken

in choosing the card vendor that can support your project over time as

card operating system-only vendors come in and out of the market. The

tools and middleware that support card operating systems are as

important as the chip itself. The tools to implement your project should

be easy to use and give you the power to deploy your project rapidly.

Please see the security section on this website for more information

regarding PKI.

Fixed File Structure Card Operating System

This type treats the card as a secure computing and storage device. Files

and permissions are set in advance by the issuer. These specific

parameters are ideal and economical for a fixed type of card structure and

functions that will not change in the near future. Many secure stored

value and healthcare applications are utilizing this type of card. An

example of this kind of card is a low-cost employee multi-function badge

or credential. Contrary to some biased articles, these style cards can be

44

used very effectively with a stored biometric component and reader.

Globally, these types of microprocessor cards are the most common.

Dynamic Application Card Operating System

This type of operating system, which includes the Java Card and

proprietary MULTOS card varieties, enables developers to build, test, and

deploy different on card applications securely. Because the card operating

systems and applications are more separate, updates can be made. An

example card is a SIM card for mobile GSM where updates and security

are downloaded to the phone and dynamically changed. This type of card

deployment assumes that the applications in the field will change in a

very short time frame, thus necessitating the need for dynamic expansion

of the card as a computing platform. The costs to change applications in

the field are high, due to the ecosystem requirements of security for key

exchange with each credential. This is a variable that should be

scrutinized carefully in the card system design phase.

4. Construction of smart card

Construction:-

The main storage area in such cards is normally EEPROM (Electrically

Erasable Programmable Read-Only Memory), which can have its content

updated, and which retains current contents when external power is

removed. Newer Smart Card chips, sometimes, also have math co-

processors integrated into the microprocessor chip, which is able to

perform quite complex encryption routines relatively quickly. The chip

connection is either via direct physical contact or remotely via a contact

less electromagnetic interface.

45

Its chip therefore characterizes a Smart Card uniquely; with its ability to

store much more data (currently up to about 32,000 bytes) than is held on

a magnetic stripe, all within an extremely secure environment. Data

residing in the chip can be protected against external inspection or

alteration, so effectively that the vital secret keys of the cryptographic

systems used to protect the integrity and privacy of card-related

communications can be held safely against all but the most sophisticated

forms of attack.

The functional architecture of a GSM system can be broadly divided into

the Mobile Station, the Base Station Subsystem, and the Network

Subsystem. Each subsystem is comprised of functional entities that

communicate through the various interfaces using specified protocols.

The subscriber carries the mobile station; the base station subsystem

controls the radio link with the Mobile Station. The network subsystem,

the main part of which is the Mobile services Switching Center, performs

the switching of calls between the mobile and other fixed or mobile

network users, as well as management of mobile services, such as

authentication.

Fig 1: Smart Card Construction.

46

Today, there are basically three categories of Smart Cards –

A microprocessor chip can add, delete and otherwise manipulate

information in its memory. It can be viewed as a miniature computer with

an input/output port, operating system and hard disk. Microprocessor

chips are available 8, 16, and 32 bit architectures. Their data storage

capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected

with semiconductor technology advances.

Integrated Circuit (IC) Microprocessor Cards

Fig 3: An Integrated Circuit used in Smart Cards.

Microprocessor cards (generally referred to as "chip cards") offer greater

memory storage and security of data than a traditional magnetic stripe

card. Their chips may also be called as microprocessors with internal

memory which, in addition to memory, embody a processor controlled by

a card operating system, with the ability to process data onboard, as well

as carrying small programs capable of local execution. The

microprocessor card can add, delete, and otherwise manipulate

information on the card, while a memory-chip card (for example, pre-paid

phone cards) can only undertake a pre-defined operation. The current

generation of chip cards has an eight-bit processor, 32KB read-only

memory, and 512 bytes of random-access memory. This gives them the

47

equivalent processing power of the original IBM-XT computer, albeit

with slightly less memory capacity.

Uses:

These cards are used for a variety of applications, especially those that

have cryptography built in, which requires manipulation of large

numbers. Very often the data processing power is used to encrypt/decrypt

data, which makes this type of card very unique person identification

token. Data processing permits also the dynamic storage management,

which enables realization of flexible multifunctional card. Thus, chip

cards have been the main platform for cards that hold a secure digital

identity. Hence they are capable of offering advanced security

mechanism, local data processing, complex calculation and other

interactive processes. Most stored-value cards integrated with

identification, security and information purposes are processor cards.

Some examples of these cards are –

Cards that hold money ("stored value cards")

Card that hold money equivalents (for example, "affinity cards”)

Cards that provide secure access to a network

Cards that secure cellular phones from fraud

Cards that allow set-top boxes on televisions to remain secure from

piracy

Integrated Circuit (IC) Memory Cards – Memory cards can just store

data and have no data processing capabilities. These have a memory chip

with non-programmable logic, with storage space for data, and with a

48

reasonable level of built-in security. IC memory cards can hold up to 1 –

4 KB of data, but have no processor on the card with which to manipulate

that data. They are less expensive than microprocessor cards but with a

corresponding decrease in data management security. They depend on the

security of the card reader for processing and are ideal when security

requirements permit use of cards with low to medium security and for

uses where the card performs a fixed operation.

There is also a special type memory cards called the Wired Logic (or

Intelligent Memory) cards, which contain also some built-in logic,

usually used to control the access to the memory of the card.

Uses:

Memory cards represent the bulk of the Smart Cards sold primarily for

pre-paid, disposable-card applications like pre-paid phone cards. These

are popular as high-security alternatives to magnetic stripe cards.

Optical Memory Cards – Optical memory cards look like a card with a

piece of a CD glued on top - which is basically what they are. Optical

memory cards can store up to 4 MB of data. But once written, the data

cannot be changed or removed.

Uses:

Thus, this type of card is ideal for record keeping - for example medical

files, driving records, or travel histories.

Fundamentals of Card Operation:

Today's Smart Cards need electrical power from outside, plus a way for

data to be read from, and sometimes to be transmitted to, the chip. They

49

interact with an "accepting device", usually known as a card reader,

which exchanges data with the card and usually involves the electronic

transfer of money or personal information. The information or application

stored in the IC chip is transferred through an electronic module that

interconnects with a terminal or a card reader.

There are two general categories of Smart Cards: Contact and Contactless Smart Cards.

Fig 2: Contact Smart Card.

The contact Smart Card has a set of gold- plated electrical contacts

embedded in the surface of the plastic on one side. It is operated by

inserting the card (in the correct orientation) into a slot in a card reader,

which has electrical contacts that connect to the contacts on the card face

thus establishing a direct connection to a conductive micro module on the

surface of the card. This card has a contact plate on the face, which is a

small gold chip about 1/2” in diameter on the front, instead of a magnetic

stripe on the back like a “credit card”. When the card is inserted into a

Smart Card reader, it makes contact with an electrical connector for reads

and writes to and from the chip it is via these physical contact points, that

transmission of commands, data, and card status takes place.

Such a card is traditionally used at the retail point of sale or in the

banking environment or as the GSM SIM card in the mobile 'phone.

50

Fig 3: Contactless Smart Card

(This diagram shows the top and bottom card layers which sandwich the

antenna/chip module.)

 A contactless Smart Card looks just like a plastic “credit card” with a

computer chip and an antenna coil embedded within the card. This

antenna allows it to communicate with an external antenna at the

transaction point to transfer information. The antenna is typically 3 - 5

turns of very thin wire (or conductive ink), connected to the contactless

chip. This aerial coil of the antenna is laminated into the card and allows

communication even whilst the card is retained within a wallet or

handbag. The same activation method applies to watches, pendants,

baggage tags and buttons. Thus no electrical contacts are needed and it is

therefore called as "contactless".

Such Smart Cards are used when transactions must be processed quickly,

as in mass-transit toll collection or wherever the cardholder is in motion

at the moment of the transaction. Close proximity, typically two to three

inches for non-battery powered cards (i.e. an air-gap of up to 10cms) is

required for such transactions, which can decrease transaction time while

increasing convenience as both the reader and the card have antenna and

51

it is via this contactless link that the two communicate. Most contactless

cards also derive the internal chip power source from this electromagnetic

signal. Radio frequency technology is used to transmit power from the

reader to the card.

Two new categories, derived from the contact and contactless cards

are combi cards and hybrid cards.

A hybrid Smart Card has two chips, each with its respective contact and

contactless interface. The two chips are not connected, but for many

applications, this Hybrid serves the needs of consumers and card issuers.

Fig 4: CombiCard

(This shows both the contact and contactless elements of the card.)

The combi card (also known as the dual-interface card) is a card with

both contact and contactless interfaces. With such a card, it becomes

possible to access the same chip via a contact or contactless interface,

with a very high level of security. It may incorporate two non-

communicating chips - one for each interface - but preferably has a

single, dual-interface chip providing the many advantages of a single e-

purse, single operating architecture, etc. The mass transportation and

52

banking industries are expected to be the first to take advantage of this

technology.

Proven to be more reliable than the magnetic stripe card.

Can store up to thousands of times of the information than the

magnetic stripe card.

Reduces tampering and counterfeiting through high security

mechanisms such as advanced encryption and biometrics.

Can be disposable or reusable.

Performs multiple functions.

Has wide range of applications (e.g., banking, transportation,

healthcare...)

Compatible with portable electronics (e.g., PCs, telephones...)

Evolves rapidly applying semi-conductor technology.

Smart Cards can hold a large amount of personal information, from

medical/health history to personal banking and personal preferences.

They can carry all necessary functions and information on the card.

Therefore, they do not require access to remote databases at the time of

the transaction unlike magnetic stripe cards..The capacity provided by the

on-board microprocessor and data capacity for highly secure, off-line

processing Adherence to international standards, ensuring multiple

vendor sources and competitive prices. Established track record in real

world applications. Durability and long expected life span (guaranteed by

vendor for up to 10,000 read/writes before failure) Chip Operating

53

Systems that support multiple applications. Secure independent data

storage on one single card

54

Smart card securities

Smart Card Security (Section 1)

Smart cards provide computing and business systems the enormous

benefit of portable and secure storage of data and value. At the same

time, the integration of smart cards into your system introduces its own

security management issues, as people access card data far and wide in a

variety of applications.

The following is a basic discussion of system security and smart cards,

designed to familiarize you with the terminology and concepts you need

in order to start your security planning.

What Is Security?

Smart cards provide computing and business systems the enormous

benefit of portable and secure storage of data and value. At the same

time, the integration of smart cards into your system introduces its own

security management issues, as people access card data far and wide in a

variety of applications.

The following is a basic discussion of system security and smart cards,

designed to familiarize you with the terminology and concepts you need

in order to start your security planning.

Security is basically the protection of something valuable to ensure that it

is not stolen, lost, or altered. The term "data security" governs an

extremely wide range of applications and touches everyone's daily life.

Concerns over data security are at an all-time high, due to the rapid

55

advancement of technology into virtually every transaction, from parking

meters to national defense.

Data is created, updated, exchanged and stored via networks. A network is any

computing system where users are highly interactive and interdependent and by

definition, not all in the same physical place. In any network, diversity abounds,

certainly in terms of types of data, but also types of users. For that reason, a system of

security is essential to maintain computing and network functions, keep sensitive data

secret, or simply maintain worker safety. Any one company might provide an

example of these multiple security concerns: Take, for instance, a pharmaceutical

manufacturer:

Type of Data Security Concern Type of AccessDrug Formula Basis of business income.

Competitor spying.Highly selective list of executives

Accounting, Regulatory

Required by law Relevant executives and departments

Personnel Files Employee privacy Relevant executives and departmentsEmployee ID Non-employee access. Inaccurate

payroll, benefits assignmentRelevant executives and departments

Facilities Access authorization Individuals per function and clearance such as customers, visitors, or vendors

Building safety, emergency response

All employees Outside emergency response

What Is Information Security?

Information security is the application of measures to ensure the safety

and privacy of data by managing its storage and distribution. Information

security has both technical and social implications. The first simply deals

with the 'how' and 'how much' question of applying secure measures at a

reasonable cost. The second grapples with issues of individual freedom,

public concerns, legal standards and how the need for privacy intersects

them. This discussion covers a range of options open to business

56

managers, system planners and programmers that will contribute to your

ultimate security strategy. The eventual choice rests with the system

designer and issuer.

The Elements of Data Security

In implementing a security system, all data networks deal with the

following main elements:

Hardware

Including servers, redundant mass storage devices, communication

channels and lines, hardware tokens (smart cards) and remotely located

devices (e.g., thin clients or Internet appliances) serving as interfaces

between users and computers

Software

Including operating systems, database management systems,

communication and security application programs

Data

Including databases containing customer - related information.

Personnel

To act as originators and/or users of the data; professional personnel,

clerical staff, administrative personnel, and computer staff .

Smart Card Security (Section 2)

Data Integrity

57

This is the function that verifies the characteristics of a document and a

transaction. Characteristics of both are inspected and confirmed for

content and correct authorization. Data Integrity is achieved with

electronic cryptography that assigns a unique identity to data like a

fingerprint. Any attempt to change this identity signals the change and

flags any tampering.

Authentication

This inspects, then confirms, the proper identity of people involved in a

transaction of data or value. In authentication systems, authentication is

measured by assessing the mechanisms strength and how many factors

are used to confirm the identity. In a PKI system a Digital Signature

verifies data at its origination by producing an identity that can be

mutually verified by all parties involved in the transaction. A

cryptographic hash algorithm produces a Digital Signature.

Non-Repudiation

This eliminates the possibility of a transaction being repudiated, or

invalidated by incorporating a Digital Signature that a third party can

verify as correct. Similar in concept to registered mail, the recipient of

data re-hashes it, verifies the Digital Signature, and compares the two to

see that they match.

Authorization and Delegation

58

Authorization is the processes of allowing access to specific data within a

system. Delegation is the utilization of a third party to manage and certify

each of the users of your system. (Certificate Authorities).

Authorization and Trust Model

59

Auditing and Logging

This is the independent examination and recording of records and

activities to ensure compliance with established controls, policy, and

operational procedures, and to recommend any indicated changes in

controls, policy, or procedures.

Management

Is the oversight and design of the elements and mechanisms discussed

above and below? Card management also requires the management of

card issuance, replacement and retirement as well as polices that govern a

system.

Cryptography / Confidentiality

Confidentiality is the use of encryption to protect information from

unauthorized disclosure. Plain text is turned into cipher text via an

algorithm, then decrypted back into plain text using the same method.

Cryptography is the method of converting data from a human readable

form to a modified form, and then back to its original readable form, to

make unauthorized access difficult. Cryptography is used in the following

ways:

Ensure data privacy, by encrypting data

Ensures data integrity, by recognizing if data has been manipulated in

unauthorized way Ensures data uniqueness by checking that data is

"original", and not a "copy" of the "original". The sender attaches a

60

unique identifier to the "original" data. This unique identifier is then

checked by the receiver of the data.

The original data may be in a human-readable form, such as a text file, or

it may be in a computer-readable form, such as a database, spreadsheet or

graphics file. The original data is called unencrypted data or plain text.

The modified data is called encrypted data or cipher text. The process of

converting the unencrypted data is called encryption. The process of

converting encrypted data to unencrypted data is called decryption.

Data Security Mechanisms and their Respective Algorithms

In order to convert the data, you need to have an encryption algorithm

and a key. If the same key is used for both encryption and decryption that

key is called a secret key and the algorithm is called a symmetric

algorithm. The most well-known symmetric algorithm is DES (Data

Encryption Standard).

61

The Data Encryption Standard (DES) was invented by the IBM

Corporation in the 1970's. During the process of becoming a standard

algorithm, it was modified according to recommendations from the

National Security Agency (NSA). The algorithm has been studied by

cryptographers for nearly 20 years. During this time, no methods have

been published that describe a way to break the algorithm, except for

brute-force techniques. DES has a 56-bit key, which offers 256 or 7 x

1016 possible variations. There are a very small numbers of weak keys,

but it is easy to test for these keys and they are easy to avoid.

Triple-DES is a method of using DES to provide additional security.

Triple-DES can be done with two or with three keys. Since the algorithm

performs an encrypt-decrypt-encrypt sequence, this is sometimes called

the EDE mode. This diagram shows Triple-DES three-key mode used for

encryption:

62

If different keys are used for encryption and decryption, the algorithm is

called an asymmetric algorithm. The most well-known asymmetric

algorithm is RSA, named after its three inventors (Rivest, Shamir, and

Adleman). This algorithm uses two keys, called the private key. These

keys are mathematically linked. Here is a diagram that illustrates an

asymmetric algorithm:

Asymmetric algorithms involve extremely complex mathematics

typically involving the factoring of large prime numbers. Asymmetric

algorithms are typically stronger than a short key length symmetric

algorithm. But because of their complexity they are used in signing a

message or a certificate. They not ordinarily used for data transmission

encryption.

63

Smart Card Security (Section 3)

As the card issuer, you must define all of the parameters for card and data

security. There are two methods of using cards for data system security,

host-based and card-based. The safest systems employ both

methodologies.

64

Host-Based System Security

A host-based system treats a card as a simple data carrier. Because of

this, straight memory cards can be used very cost-effectively for many

systems. All protection of the data is done from the host computer. The

card data may be encrypted but the transmission to the host can be

vulnerable to attack. A common method of increasing the security is to

write in the clear (not encrypted) a key that usually contains a date and/or

time along with a secret reference to a set of keys on the host. Each time

the card is re-written the host can write a reference to the keys. This way

each transmission is different. But parts of the keys are in the clear for

hackers to analyze. This security can be increased by the use of smart

memory cards that employ a password mechanism to prevent

unauthorized reading of the data. Unfortunately the passwords can be

sniffed in the clear. Access is then possible to the main memory. These

methodologies are often used when a network can batch up the data

regularly and compare values and card usage and generate a problem card

list.

Card-Based System Security

These systems are typically microprocessor card-based. A card, or token-

based system treats a card as an active computing device. The Interaction

65

between the host and the card can be a series of steps to determine if the

card is authorized to be used in the system. The process also checks if the

user can be identified, authenticated and if the card will present the

appropriate credentials to conduct a transaction. The card itself can also

demand the same from the host before proceeding with a transaction. The

access to specific information in the card is controlled by (1) the card's

internal Operating System and (2) the preset permissions set by the card

issuer regarding the files conditions. The card can be in a standard CR80

form factor or be in a USB dongle or it could be a GSM SIM Card.

Threats to Cards and Data Security

Effective security system planning takes into account the need for

authorized users to access data reasonably easily, while considering the

many threats that this access presents to the integrity and safety of the

information. There are basic steps to follow to secure all smart card

systems, regardless of type or size.

Analysis: Types of data to secure; users, points of contact, transmission.

Relative risk/impact of data loss

Deployment of your proposed system

Road Test: Attempt to hack your system; learn about weak spots, etc.

Synthesis: Incorporate road test data, re-deploy

Auditing: Periodic security monitoring, checks of system, fine-tuning

When analyzing the threats to your data an organization should look

closely at two specific areas: Internal attacks and external attacks. The

first and most common compromise of data comes from disgruntled

66

employees. Knowing this, a good system manager separates all back-up

data and back-up systems into a separately partitioned and secured space.

The introduction of viruses and the attempted formatting of network

drives is a typical internal attack behavior. By deploying employee cards

that log an employee into the system and record the time, date and

machine that the employee is on, a company automatically discourages

these type of attacks.

External attacks are typically aimed at the weakest link in a company's

security armor. The first place an external hacker looks at is where they

can intercept the transmission of your data. In a smart card-enhanced

67

system this starts with the card.

The following sets of questions are relevant to your analysis. Is the data

on the card transmitted in the clear or is it encrypted? If the transmission

is sniffed, is each session secured with a different key? Does the data

move from the card reader to the PC in the clear? Does the PC or client

transmit the data in the clear? If the packet is sniffed, is each session

secured with a different key? Does the operating system have a back

door? Is there a mechanism to upload and down load functioning code?

How secure is this system? Does the OS provider have a good security

track record? Does the card manufacturer have precautions in place to

secure your data? Do they understand the liabilities? Can they provide

other security measures that can be implemented on the card and or

module? When the card is subjected to Differential Power attacks and

Differential Thermal attacks does the OS reveal any secrets? Will the

semiconductor utilized meet this scrutiny? Do your suppliers understand

these questions?

Other types of problems that can be a threat to your assets include:

Improperly secured passwords (writing them down, sharing)

68

Assigned PINs and the replacement mechanisms

Delegated Authentication Services

Poor data segmentation

Physical Security (the physical removal or destruction of your

computing hardware)

Security Architectures

When designing a system a planner should look at the total cost of

ownership this includes:

Analysis

Installation and Deployment

Delegated Services

Training

Management

Audits and Upgrades

Infrastructure Costs (Software and Hardware)

Over 99% of all U.S. - based financial networks are secured with a

Private Key Infrastructure. This is changing over time, based on the sheer

volume of transactions managed daily and the hassles that come with

private key management. Private Key-based systems make good sense if

your expected user base is less than 500,000 participants.

Public Key Systems are typically cost effective only in large volumes or

where the value of data is so high that it’s worth the higher costs

associated with this type of deployment. What most people don’t realizes

is that Public Key systems still rely heavily on Private Key encryption for

69

all transmission of data. The Public Key encryption algorithms are only

used for non-repudiation and to secure data integrity. Public Key

infrastructures as a rule employ every mechanism of data security in a

nested and coordinated fashion to insure the highest level of security

available today.

PKI Public Key Infrastructure

As the card issuer, you must define all of the parameters for card and data

security. There are two methods of using

Cards for data system security, host-based and card-based. The safest

systems employ both methodologies.

Public Key Keep (Asymmetric Card)

How it works?

Typical System (example)

70

Multi-Application Card Systems

It is highly recommended that you graphically diagram the flow of

information as shown. Large distributed multifunction systems require

lots of advance planning to make them effective. Smart cards often act as

the glue between disparate software applications and use cases. Below is

an example of a multifunction card that is issued by a large enterprise or

government. Everywhere you see a CD is a separate and distinct software

application that interacts with the data and service from the card.

71

SMART CARD APPLICATION AREAS

APPLICATION AREAS

The first chip cards were simple prepaid telephone cards implemented in

Europe in the mid-1980s, using memory cards. Today, the major active

application areas for microprocessor-based smart cards include: financial,

communications, government programs, information security, physical

access security, transportation, retail and loyalty, health care, and

university identification. These are intersecting areas in that the smart

card may carry applications from more than one area (for example,

72

combining information and physical security access, or financial and

retail/loyalty). Here are some industries and their applications:

Industry Application

AccountantsBusiness cards, client id, promotions, calendar

cards

Airports Employee access cards, security ID badges

Associations

Memberships

Identification cards (ID cards), point of sale (POS)

Discounts, calendar cards

Automobile dealers VIN ID cards, dealer loyalty, discounts, warranty

cards

Bars, nightclubs VIP cards, preferred door entry, membership cards

Car Wash Frequency cards, pre-paid car wash cards

Clubs Membership cards

ComputersWarranty card, customer support, internet

access#'s, discounts

Dry Cleaners Discount cards, frequent customer cards

Golf Courses Membership cards, bag tags, prepaid greens, ball

dispensers

Hotels Discount, frequency cards, key cards, employee ID

badges

Investment Customer cards, calendar cards

Library ID cards, bar codes

Real Estate Business cards, telephone cards, calendar cards

Rental Services Identification, preferred entry

73

Restaurants Promotional, discount, membership, loyalty,

preferred customer cards

Retail Customer cards, cheque cashing, discount &

loyalty cards

Security Access control, name badges

Shopping Centers Customer, discount cards, loyalty programs

Travel Agents Telephone cards, customer cards

Financial Applications

Electronic Purse to replace coins for small purchases in vending machines

and over-the-counter transactions.

Credit and/or Debit Accounts, replicating what is currently on the

magnetic stripe bank card, but in a more secure environment.

Securing payment across the Internet as part of Electronic Commerce.

Communications Applications

The secure initiation of calls and identification of caller (for billing

purposes) on any Global System for Mobile Communications (GSM)

phone.

Subscriber activation of programming on Pay-TV.

Government Programs

Electronic Benefits Transfer using smart cards to carry Food Stamp and

WIC food benefits in lieu of paper coupons and vouchers.

74

Agricultural producer smart marketing card to track quotas.

Information Security

Employee access card with secured passwords and the potential to

employ biometrics to protect access to computer systems.

Physical Access

Employee access card with secured ID and the potential to employ

biometrics to protect physical access to facilities.

Transportation

Drivers Licenses.

Mass Transit Fare Collection Systems.

Electronic Toll Collection Systems.

Retail and Loyalty

Consumer reward/redemption tracking on a smart loyalty card, that is

marketed to specific consumer profiles and linked to one or more specific

retailers serving that profile set.

Health Card

Consumer health card containing insurance eligibility and emergency

medical data.

University Identification

All-purpose student ID card (a/k/a/ campus card) , containing a variety of

applications such as electronic purse (for vending and laundry machines),

library card, and meal card.

75

Comparison with Magnetic Stripe Cards

The increasing complex performance and application requirements of

today's card systems have spurred interest in smart cards as an alternative

to magnetic stripe cards, or as an enhancement to magnetic stripe cards in

the form of a hybrid card which can support more than one technology (a

smart card micro-module and a magnetic stripe).

Smart Card Applications in the U.S.

Because of the significant investment in an extensive magnetic stripe-

based infrastructure, and the availability of reliable and low cost, on-line

telecommunication services, the U.S. has thus far represented a limited

smart card market. Smart card projects implemented in the U.S. have

been primarily closed systems deployed on military bases, universities,

corporate campuses, and by the banking and credit card industries. The

exception to this has been the movement by the Federal Government to

use smart cards in Electronic Benefits Transfers for food stamps and

other social programs nationwide.

The Federal Government's ultimate goal is to adopt a limited number of

multi-application smart cards that will support a wide range of

Government-wide and agency-specific services. It is envisioned that

eventually every Federal employee will carry smart cards that can be used

for multiple purposes such as identification, building access, network

access, property accountability, travel, and other administrative and

financial functions.

The introduction of smart cards to personal computing is probably the

most exciting change in digital history. We believe that smart cards and

76

other systems with a security microcontroller will literally be the key to

the access and exchange of digital data over the Internet. It took forty

years from the initial idea of two German engineers in the 1960s to the

sophisticated systems available today. It is hard to imagine that the little

piece of silicon, embedded in a credit card size plastic already has the

calculating power of 1980-era computers.

Yearly billions of cards are deployed worldwide, mainly in Europe and

Asia. We think that this trend will continue and smart cards will take off

in the U.S. Currently millions of cards are deployed in the U.S., mainly

by the banking industry. It won't be long until there is a smart card in

nearly every wallet - for banking, healthcare, electronic ID, cell phone

identifier, or web access.

Why Consider Smart Cards?

If a portable record of one or more applications is necessary or desirable,

and records are likely to require updating over time.

Records will interface with more than one automated system.

Security and confidentiality of records is important

THEN, smart cards are a feasible solution for making data processing and

transfer more efficient and secure.

Barriers to Acceptance of Smart Cards

77

Relatively higher cost of smart cards as compared to magnetic stripe

cards. (The difference in initial costs between the two technologies,

however, decreases significantly when the differences in expected life

span and capabilities- particularly in terms of supporting multiple

applications and thus affording cost sharing among application providers-

are taken into account).

Present lack of infrastructure to support the smart card, particularly in the

U.S., necessitating retrofitting of equipment such as vending machines,

ATMs, and telephones.

Proprietary nature of the Chip Operating System. The consumer must be

technically knowledgeable to select the most appropriate card for the

target application.

Lack of standards to ensure interoperability among varying smart card

programs.

Unresolved legal and policy issues related to privacy and confidentiality

or consumer protection laws.

Benefits of Smart card

Whether you’re trying to control physical or network access to a system

or facility, you have three basic options for access control:

Something you know–a username and password or PIN

Something you have–a secure access card

Something you are–the field of biometrics, such as fingerprint scans,

retina scans, voiceprint analysis, etc.

78

If you only depend on the first basic method to defend your network,

you’re leaving it wide open to any password hack. It could be as simple

as sniffing your wire to capture a username and password transmitted via

clear text, or it could be as difficult as stealing the Security Accounts

Manager (SAM) file from your domain controller–or even stealing

passwords through social engineering.

One of the latest standards in secure access is secure ID cards, also

known as smart cards. Given enough time and computing power, hackers

can and will obtain your passwords. That’s why you should consider

implementing smart cards, which boost access security.

Secure access

By incorporating smart card logon access control to your network, you

eliminate a username/password compromise as a potential point of entry.

In addition, deploying smart card logon to your network offers the

following benefits:

Positive identification: You verify users by photo identification

when issuing their account.

Strong authentication: Most smart cards use a nonreversible

encryption algorithm to transmit user token requests and deliver the

user access token through similar security.

No repudiation: Because of the physical and logical requirements, a

person can’t deny participation in a network transaction.

Secure certificate mobility: By placing user certificates on the card,

they remain on the card after user logoff.

79

Active Card tops a very short list of vendors that support several

operating systems, including Red Hat Linux, Mac OS X, Solaris,

Windows 98, Me, NT, 2000, and XP. This includes authentication for the

applications that run on these platforms and Web-enabled applications.

Secure identity

Smart cards are an enhancement to Public Key Infrastructure (PKI)

certificates. From your certificate server, you can generate user

certificates to verify a client’s identity. However, the private key for these

certificates ends up on the hard drive of the system the client uses to

access the secure content.

By transferring that private key to a physically mobile device, such as a

smart card, you have a secure, mobile identity certificate that clients can

safely use for network access and document or e-mail signing, regardless

of where the access point originates.

In addition, the current generation of smart cards allows you to easily

create and manage access policies through roles for different users and

groups.

Limitations

If you want to deploy 100-percent mobile security throughout your

enterprise, be prepared for the up-front costs in labor and hardware. You

need to install smart card readers on all of your mobile platforms, such as

laptops and PDAs.

Don’t forget that you must develop a strategy for installation on your

users’ home PCs. If your network configuration doesn’t support a total

80

conversion to the change in secure access, you must still maintain the

existing username/password structure.

Furthermore, remember that most public systems at hotels, airports, and

internet kiosks won’t have a smart card reader attached to the terminal.

Final Thoughts

Smart card technology is becoming the authentication standard for

enterprise networks. Your organization can gain significant cost savings

if you remove its dependency on antiquated username/password logins.

We all know that users write down or forget complex passwords. Stop

relying on users to defend your organization’s network. Let technology

do the job for you.

Advantages of Smart Cards

The key advantages of smart card technology include:

The capacity provided by the on-board microprocessor and data

capacity for highly secure, off-line processing.

Adherence to international standards, ensuring multiple vendor

sources and competitive prices.

Established track record in real world applications.

Durability and long expected life span (guaranteed by vendor for

up to 10,000 read/writes before failure).

Chip Operating Systems that support multiple applications and

secure independent data storage on one single card.

More about of Smart Cards

81

Smart cards (a/k/a chip or integrated circuit cards or ICCs) are plastic

cards containing a microcontroller. The embedded microcontroller

transforms a credit card-sized piece of plastic into a portable, tamper-

resistant computer with a calculating power of the original IBM PC.

Although most smart cards still use 8-bit microcontrollers, 32-bit systems

already line up for next generation cards. The same happens with the

available on-card memory, which quickly becomes larger.

Smart cards are either contact or contactless. Most smart cards are

"contact" cards, distinguished by a visible set of golden electrical contact

pads. "Contactless" smart cards contain an antenna rather than the golden

contact pads of regular smart cards. Contact cards require a card reader;

contactless cards use radio frequency signals to operate. Both types can

be printed with the issuer's artwork and information. Smart cards can only

be as intelligent, imaginative, and attractive as their designers make them.

Smart cards have diffused worldwide in the form of prepaid and

reloadable payment, telephone, travel, and health care cards. It is the

latest advance in payment card technology, user authentication, and

access control to computer systems.

Billions of cards are deployed in the U.S., mainly by the healthcare,

banking, and credit card industries. Public transportation and other

services are also employing smart card technology. This trend will

continue and smart cards will become prevalent in the United States for a

variety of applications. It won't be long until most people have smart

cards in their wallets for banking, healthcare, electronic ID, loyalty, cell

phone identifier, or web access token.

82

A multitude of suppliers of smart cards and smart card readers is out

there. The differences between products are confusing and often obscured

by colorful sales brochures. To make matters worse, the fight over

industry standards is not yet over. This can make choosing the smart card

technology for your needs overwhelming. This site is intended to give

you a comprehensive overview and some starting points.

83

Smart card…….The Future

The important thing about Smart Cards is that they are everyday objects

that people can carry in their pockets, yet they have the capacity to retain

and protect critical information stored in electronic form. The

“smartness” of Smart Cards comes from the integrated circuit embedded

in the plastic card. Embedding similar circuits in other everyday objects,

such as key rings, watches, glasses, rings or earrings, could perform the

same electronic function. The development of contactless card

technology was the catalyst for what is known as tags. Tags function like

contactless Smart Cards but are in the form of a coin, a ring or even a

baggage label. They are generally attached to objects such as gas bottles,

cars or animals and can hold and protect information concerning that

object. This allows the object to be managed by an information system

without any manual data handling. The use of Biometrics will soon mean

that his/her hand, fingerprint and the retina of the eye or the sound of the

voice can reliably identify a person. Soon it will be possible to authorize

the use of electronic information in Smart Cards by using a spoken word

or the touch of a hand.

Also, Smart Card readers will be appearing on the PC and will enable the

user to pay for goods purchased over the Internet. This will be especially

useful for small value purchases, which are not really appropriate for

credit card transactions. If you have products that have relatively low

value - for example a few pages of information about your product that

customer may pay 50c for - they may well pay you in the future using a

Smart Card.

84

As a smart infrastructure for mobile computing, Smart Card technologies

will prove to be the killer application for the networked economy. The

Smart Card will be "charged up" with money and you will use it as you

do cash or a phone card. In the near future, the traditional magnetic strip

card will be replaced and integrated together into a single card by using

the multi-application Smart Card, which is known as an electronic purse

or wallet in the Smart Card industry. It will be used to carry a lot of

sensitive and critical data about the consumers ever more than before

when compared with the magnetic strip card.

Smart Cards are a relatively new technology that already affects the

everyday lives of millions of people.

This is just the beginning; soon it will influence the way we shop, see the

doctor, use the telephone and even enjoy leisure!!!

85

Research & Methodology

1. Title

Recent trends in banking system in Indian with special reference to mart

card are the title of my research project. Banking sector and the new

technology both are correlated and also banking sector and law also

corelatedand have wide impact on society. Being a law student I am to

study banking sector and new trends of technology.

2. Objective of Study

Objective one:

To determine the recent trends in banking sector.

To determine the relation banking and society, new technology &

society and smart card & society.

To know about the impact of new technology of banking system as

like smart card on society.

To know about the new technology and recent trend in banking

system.

To find out of problem of smart card user customer and banks.

Objective two:

To determine customer perceptions towards banks and their

expectations from banks.

To determine the feedback on smart card services provided by

banking companies.

86

To study the new trends in banking system and its products.

To determine the legal issues of the smart card user customer & banks.

3. Types of Research

Descriptive:

sample size and methods of selecting sample :-

For the satisfying the major objectives of the research, I have gone for

both primary and secondary data collection. Which are following?

Source of data collection:-

Research will be based on two sources.

A). Primary data

B). Secondary data.

A). PRIMARY DATA

Questionnaire:

Primary data was collected by preparing questionnaire for customers.

B). SECONADARY DATA

Secondary data will consist on different literature like books, which are

published, articles, Internet, Different banks manuals and website of

banks, different website of relevant to smart card.

In order to research relevant conclusion, research work needed to be

designed in a proper way.

87

This research methodology also included:

Familiarization with the concept of banking and its various services.

Through study of the information collected.

Conclusion based on finding.

Significance to the Industry

This is a limited study which takes into consideration the response of 40

people. This data can be exported to take in the trends across the banking

industry. The significance for the banking industry lies in studying these

trends and issues that emerge from the study. It’s a rapidly changing and

evolving sector. A study like this can attempt to guide the future of the

industry based on current trends as like smart cards, credit card and

information technology.

I have to met person and asked them from which area are they belong.28 person said they are

belong to urban area and 12 person said rural area.

Urban area Rural Area

28 12

My next question was that is any bank in your area all of them said yes,

and then I asked them whether they have any account in bank all of them

asserted it.

My next question was which type of account they have opened .32 people have saving accounts and 8 person have current account.

Saving Account Current Account

32 8

88

Afterword I have asked they are using ATM card and credit card. 38 person using ATM card

and 15 person using both cards.

ATM Card ATM card + Credit Card

38 15

Afterword I have asked they are using Credit card and smart card.15 peron using credit card

and only 10 person using both Credit card and mart card.

Credit Card Credit card + Smart Card

15 10

My next question was about the E- banking and smart card services. 26

people know about that but 10 people know about smart card service.

30 person bearing account in government bank ant they prefer to take

facilities.

15 person uses the smart card and like it facility.

Most of person don’t know about smart card even they are not aware

about the E- banking and smart card ,credit card and other new

technology.

Significance for the Researcher

A vast knowledge about banking sector , banking history , Smart card

trends, Smart card facility , E- Banking smart banking etc and

knowledge about different new trends in banking sector.

89

Sampling Unit:

The respondent who were asked to fill out questionnaire are they

sampling units. These comprise of servicemen, Retired person

businessmen professionals housewives and other etc.

Sample Size:

The Sample size was restricted to only 40, which comprised of mainly

people from different region of Udaipur city due to time constraints.

Sampling Area:

The area of the research was UDAIPUR CITY {RAJATHAN} INDIA.

4. Limitation of the Research

A.) The research is confined to a certain parts of Udaipur city and does

not necessarily shows a pattern applicable to all of country.

B.) Some respondent were reluctant to divulge personal information,

which can affect the validity of all responses.

C.) In a rapidly changing industry analysis on one day or in one segment

can change very quickly .The environmental changes are vital to be

considered in order to assimilate the finding.

90

CONCLUSION & SUGGESTION

In conclusion as has been rightly noted by working group that the

applicability of various existing laws and banking practice to new

technology is not least and is still evolving, in the field of banking system

,there is a need for constant review of different law relating to banking

and technology.

I would like to emphasize the role of institution and incentives in

ensuring globalization that benefit all. The global giants in banking all

over the world are named by Indians and education in India. The best of

technology for the most sophisticated banks in the word is provided by

Indian companies and by Indians in foreign companies. Yet banks in

India do not as yet appear to be world class. Now a day’s banking

industry is expanding in remark areas and people of those village areas

are also talking benefits of these facilities private plays are also attracting

in these areas because of RBI guide lines. Thus we can say that Indian

banking system well developed that is why it is mostly affected by

recession time. One reason is this is that the regulatory authorities and

various legislation. Competition are also playing main role in

technologies upgrading in banking industry.

Recent new trends are very important in banking system, E- banking,

Information technology, Credit card; Debit card and Smart card are very

useful service provided by banks. New technology saves the time of

customer n also banks. Most of people who lives in urban areas they

know aware about to smart card uses n new technology but in rural area

91

people don’t know more about smart card and, credit card and new

technology n new services about banks.

After studying the doctrinal part conducted a survey to find the result

related to recent trends in banking system. I prepared a questionnaire and

took a sample 40 respondents and conducting a survey and found out

same conclusion about the vise of people about banking services which

are being discussed below.

1. That mostly respondents are using banking service but some of them

relating to professions and business are using as a main of monetary

transaction in day to day routine.

2. The ratio of male or females is not similar; women participant in

banking services is less then males but I being increases day by day.

3. 60% Respondents says that they people ATM and Credit Card and

30% prefer Smart Card.

4. Mostly general people are not aware about rules and regulation and

legal provision but some highly educated people pay deep interest in

such provisions.

5. 60% people user of banking services know about e-banking, 27% says

somewhat and 10% says that don't know. In result be can says that

people are more aware and using latest facilities of banking services.

6. Credit card and Debit card is more useful facility than Smart Card so

banks should have to expand and make easy to service of smart card.

7. In overall result we can say that most of respondents are satisfied with

banking services including Smart Card. They are using but few

respondents which have even faced any problem that are not satisfied.

92

Bibliography

Rankl, W., W. Effing. Smart Card Handbook. John Wiley & Sons.

Guthery, Scott B., Timothy M. Jurgensen (1998). Macmillan

Technical Publishing.

Allen, Catherine A. (ed.). Smart Cards: Sizing Strategic Position

Opportunities. Irwin, 1996.

Business Wire. March 3, 1997. Motorola and MicroModule

Systems Team on MCM for breakthrough display technology

implemented in Gemplus Smart card Reader.

Business Wire. March 4, 1997. Entrust Technologies Launches

Partner Program.

Data Based Advisor. March 1997.

JavaCard API. Frequently Asked Questions Version 1.1 October

25, 1996.

M2 Presswire. February 17, 1997.

PR Newswire. February 4, 1997. Frost & Sullivan The Future Is In

the Cards.

The Scotsman. March 5, 1997. Credit Firms Cash in on Security.

Smart card by Prof. Dr. Andreas Steffen

Workshop of future banking organize by HMA & ISB 2004.

93

Institute for Development and Research in Banking Technology

www.cardshow.com

www.chipcard.ibm.com

www.compinfo.co.uk/tpsmrt.htm

www.gemplus.com/presse/java_1.html

www.javasoft.com/pr/1996/oct/pr961029-02.html

www.sl.com

www.slb.com/et/cyberflex_faq.html#q1

www.slb.com/et/cyberflex_faq2.html#q9

www.slb.com/et/universe_of_smart_cards.html

www.visa.com

www.wikipidia.com

www.smartcardbassic.com

www.CyberAdsstudio.com

www.smart-card.com/

www.india-reports.com

www.vikalpa.com/pdf/articles

94

QUESTIONNAIRE

Recent trends in Banking System with special reference to

Smart Card

[With special reference to Udaipur city]

1. Name _____________________________________

2. Gender Male Female

3. Age

Below 20 Year 20-30 Year

3Year More than 50 Year4. Occupation

Business Professional

Service Retired

Housewife

5. Where are you from?

(a) Urban Area

(b) Rural Area

6. Is there any Bank in your Area :

(a) Yes

(b) No

7. Do you have any Bank account?

(a) Yes

(b) No

8. Which type of accounts you are using?

(a) Saving Accounts

95

(b) Current Accounts

9. Are you using ATM Card?

(a) Yes

(b) No

10.Are you using Credit Card?

(a) Yes

(b) No

11.Do you know about Smart Card?

(a) Yes

(b) No

12. Are you using Smart Card?

(a) Yes

(b) No

13.Do you know about E-Banking?

(a) Yes

(b) No

14.Do you think that Smart Card is most important service of Banks?

(a) Yes

(b) No

15.Are you aware of different policies and scheme of the banks?

(a) Yes

(b) No

16.Which type of Card you have taken?

(a) Credit Card

(b) Smart Card

96

17. From Which medium did you get the information regarding the Smart

Card?

(a) Advertisement

(b) Bank Employee

(c) Other Customers

18.Do you have information about other facilities provided by Bank?

(a) Yes

(b) No

19.Generally what is your medium of transaction?

(a) Through Check

(b) Through Card

20.Is any member of you family has availed the facilities provided by

bank?

(a) Yes

(b) No

21.Do you think that the internet facilities provided by banks save the

time of customers?

(a) Yes

(b) No

22. Do you pay any transaction fee which transecting though cards?

(a) Yes

(b) No

23. Do you know the terms and conditions regarding internet banking

provided by your banks?

(a) Yes

(b) No

24.Are you satisfied with services provided by the banks?

97

(a) Yes

(b) No

25.According to you which card more suitable to general people?

(a) Credit Card

(b) Smart Card

98