Date post: | 17-Jan-2017 |
Category: |
Law |
Upload: | smith-vyas |
View: | 32 times |
Download: | 1 times |
“Recent Trends in Banking System with Special Reference to Smart Card"
[With special reference to Udaipur city]
A Dissertation submitted to faculty of Law MLSU in lieu of Paper – IV of Business Law Branch in
LL.M., Part-II Examination
2011-12
Guided By: Submitted By:DR. SHILPA SETH SMITH SHARMA
Astt. Professor LL.M. Part – II
UNIVERSITY COLLEGE OF LAWMohan Lal Sukhadia University, Udaipur
1
Mohan lal Sukhadia University Udaipur,
CERTIFICATE
This is to certify that Ms. Smith Sharma, student of L.L.M. Part II
(Business Law) has accomplished this project work entitled "Recent
trends in Banking System with special reference to SMART CARD"
(with special reference to Udaipur city) for the purpose of fulfillment
of paper IV for award of degree of master of law, 2012. She has worked
hard and diligently and has researched in depth into the above mention
subject.
This work has been done under my guidance. I wish her all
success.
Date: DR. SHILPA SETHPlace : Udaipur (Assistant Professor)
2
CONTENT
Sr. No. Topic Page. No.
1. Acknowledgement 1
Part A-Doctrinal2. Introduction
3. RECENT TRENDS AND BANKING SYSTEM
Credit Card Debit Card ATM E-Banking and Internet
4. Smart Card Introduction
5. History of Smart Card
6. What is Smart Card
7. Types of Smart Card
8. Construction of Smart Card
9. Smart Card Security
10. Smart Card Application Area
11. Benefits of Smart Card
12. Advantages of Smart Card
13. Smart Card....... the future
Part B-Non Doctrinal14. Research and Methodology
15. Questionnaire
16. Conclusion and Suggestion
17. Bibliography & Reference
3
ACKNOWLEDGEMENT
Behind every faithful endeavor like advice, guidance and
inspiration from all possible sources lay efforts of all those worthy people
who lend their help directly and indirectly.
Talent and capabilities are of course necessary but opportunities
and right guidance is too very important back- up without which any
person cannot climb the ladder to success.
For the successful completion of project work I would like to
express my sincere gratitude and thanks to all those who helped me and
gave their best wishes end support.
Words are not in lexicon to express my sincere sense of gratitude
for my mentor elite guide and path Dr. Shilpa Seth Faculty of University
College of law Uadaipur.who whose valuable guidance instigating
encouragement, creative thoughts and constructive criticism had help me
to accomplish this research work successfully. She has been a great help
as she has devoted to her full attention and a lot of time to this work.
My warm regard goes to my respected teacher Dr.Farida shah Dean
and head of College of law for this valuable and useful suggestion to
complete this dissertation.
I am thankful to my all respected teachers Mr. Sunil Asopa, Mr.
Anand Paliwal, Mrs. Rajshree Potaliya, Mr.Kshetrapal Singh Chauhan
and Mr. Bhavik Paneri.
4
I am also thankful to all the official and staff of the Law College
Library, Central Library Udaipur for assistance in providing me all books,
Journal and valuable material which I required for this work.
I cannot beet express a deep sense of gratitude to my parents Mr.
Jagdish Chandra Sharma, Mrs Bhagwanti Sharma n Special Thanks to my
Mother in law Mrs Shakuntala Vyas for inspiring and blessings for the
work.
I am special thankful to my husband Mr.Vikas Vyas to give me the
help and motivational support for the completion of this work.
I am grateful to my friend special taruna joshi and
college.Clasmates Miss Jyoti Jodan, Miss Neha Nandwana, for their ever
willing co-operation and encouragement helped me to a complies this
task.
Above all I thank Almighty for blessing me with the strength to
complete this dissertation.
Udaipur, Rajasthan. Smith
Sharma
Date : LL.M. Part - II
5
Introduction
Today, we are having a fairly well developed banking system with
different classes of banks – public sector banks, foreign banks, private
sector banks – both old and new generation, regional rural banks and co-
operative banks with the Reserve Bank of India as the fountain Head of
the system.
In the banking field, there has been an unprecedented growth and
diversification of banking industry has been so stupendous that it has no
parallel in the annals of banking anywhere in the world.
During the last 41 years since 1969, tremendous changes have taken place
in the banking industry. The banks have shed their traditional functions
and have been innovating, improving and coming out with new types of
the services to cater to the emerging needs of their customers.
Historically banks have used information system technology to check
{item processing} drive ATM machine {transaction processing}.
In the past customer rarely notice the computer system or new technology
that made the information system operate .Today E- banking, smart card;
credit Card. ATM is very important in banking sector. Today website
electronic mails and electronic bill presentment and payment system are
in important way the banks to reach their customers.
New trends in banking sector is changing the industry and is having
major effects on banking relationship. Recent trends in banking sector
fulfill with new technology who makes life very simple to customers.
6
Credit card, ATM card n Smart card are very useful in money transaction.
They trends saves the time of customer also banks.
Today "Key to the global village", that is how the Smart Card has been
described. Smart Cards will bring big changes to the way people provide
and receive information and the way they spend money. They will have a
profound impact on retailing and service delivery.
A Smart Card is like an "electronic wallet". It is a standard credit card-
sized plastic intelligent token within which a microchip has been
embedded within its body and which makes it 'smart'. It provides not only
memory capacity, but computational capability as well and thus the chip
is capable of processing data. It has gold contacts that allow other devices
to communicate with it. This chip holds a variety of information, from
stored (monetary) value used for retail and vending machines to secure
information and applications for higher-end operations such as
medical/healthcare records. New information and applications can be
added depending on the chip capabilities. Smart Cards can store several
hundred times more data than a conventional card with a magnetic stripe
and can be programmed to reveal only the relevant information. For
example, it could tell a device in a store that there is sufficient balance in
an account to pay for a transaction without revealing the balance amount.
The marriage between a convenient plastic card and a microprocessor
allows information to be stored, accessed and processed either online or
offline. Therefore, unlike the read-only plastic card, the processing power
of Smart Cards gives them the versatility needed to make payments, to
configure your cell phones, TVs and video players and to connect to your
computers via telephone, satellite or the Internet anytime, anywhere in the
world.
7
Now first we start with new & recent trends in banking.
Recent trends of banking system……..
1. Credit Cards:-
Everyone carries a credit card these days. A credit card is basically a
plastic card with a magnetic strip invented with the intention to simplify
the complicated banking process for an individual in case he/she is short
of cash, be it something casual like shopping or something severe like an
emergency situation.
Various banks and private financial organizations have now started
providing credit card facility to their clients to offer them better and
simpler financial solutions to their problems.
A credit card generally works by giving its holder an immediate authority
to purchase services and goods such as travel and hotel reservations as
well as shopping for merchandise in and outside your own country.
All the credit card comes with a credit limit, a predetermined amount of
money which its lender is offering as credit to a credit card holder to
spend wherever he wants to before issuing a credit card to an individual,
the bank or the financial institution has a look at his/her credit rating
along side verifying his/her credit history.
8
After receiving the needful information about the applicant, the lender
company issues the credit card to him. Now if the credit card holder goes
shopping with his credit card, he pays the vendor through the card which
is actually reimbursed to the vendor through the bank or the lender
company.
And finally, the cardholder then repays the bank for the entire credit
amount that he has used, by paying it back through regular monthly
payments.
In case the cardholder fails to payback the entire balance, the bank can
lawfully charge him/her with an interest fee on the unpaid amount.
This exactly why a thorough credit rating check is done by the lender
company for the potential cardholder. Such a measure guarantees them as
a lender that an individual with a good credit rating is likely to return
back the credited amount.
That is why it is always better to have a good credit rating because the
better your credit history, the easier it is for any individual to apply for
and receive a credit card.
Many credit card programs these days also include insurance coverage to
secure the card holder in cases like theft or fraud. There are very high
chances of a credit card being stolen to be later used illegally by the thief,
but in case the card is insured and the matter immediately reported to the
lender company, the actual credit card holder would not be held
accountable for the illicit charges.
However, a credit card holder can him/herself authorize any other person
to use his card for purchase of any goods or services willingly. In such
9
cases, it is the primary cardholder who is accountable for paying back all
the transactions made through his or her account, eventually.
Every banking and other financial institution has its own company
policies and conditions regarding the credit limit as well as the time
allowed to pay it back.
While some might give more weight age to an applicant’s credit rating,
others might not be so stringent in those matters.
Both secured and unsecured types of credit cards are issued by the
various lender companies and it is your choice on which one you want to
opt for. Sometimes, it also depends on your credit rating. A very poor
credit history might force you to opt for a secured credit card.
Whatever be the case, what needs to be remembered always is that credit
card is not our money till the time we do not repay it back. It is a loan that
we take from the bank or the lender company. This facility provides us to
buy first and pay later, but paying it back later is a must or you may never
come to know when you get trapped in the vicious circle of credit card
debts.
10
2. Debit Card:-
A debit card, sometimes called a check card (because it is similar to a
check in that it allows you to access the money in your checking
account), is very similar to a credit card. In fact, many have a 16-digit
number and a Visa or MasterCard logo and can be used like a credit card
for purchases, with the major difference that the money still comes out of
your account right away - you don't have the option of paying off your
purchases later. A debit card is what you use to make purchases at stores
when you want the convenience of plastic (as opposed to cash or checks)
but want to pay immediately instead of accruing a balance on a credit
card. (For more insight, see Credit, Debit and Charge: Sizing Up The
Cards In Your Wallet and Are credit cards and debit cards considered
debt instruments?)
Debit cards are also how you withdraw cash from your checking account
through an automated teller machine (ATM). To access your money this
way, you'll need to use a personal identification number (PIN) that you
can establish when you open your account or that the bank will assign to
you. PINs provide an added layer of protection if your card is lost or
stolen, so you should choose a PIN that would be difficult for someone
11
else to guess. Memorize this number (definitely don't write it on your
card), and never tell it to anyone. If you have to write it down
somewhere, keep this information at home, not in your wallet or purse.
In addition to using your PIN to make ATM withdrawals, if you select the
debit option when using your debit card to make a purchase at a store,
you'll need to enter your PIN then as well. If your debit card has a credit
card logo, you may be better off selecting the credit option to minimize
the possibility of a stranger watching you enter your PIN. Some banks
have a preference for whether you select debit or credit at the register
when using your debit card to make a purchase; they may reward you for
selecting their preferred option and/or penalize you for doing the
opposite, so make sure to read the terms, conditions and fee schedule of
your checking account agreement.
Some cards, however, do not have 16-digit credit-card-like numbers and
do not have a credit card logo. These cards can only be used to withdraw
cash from an ATM and cannot be used to make purchases. These are
known as ATM cards, rather than debit cards.
Automated teller machines allow you to make deposits and withdrawals
without visiting a bank teller. Lines are usually shorter (or nonexistent),
you can access your cash even when the bank itself is closed, and there's
no human interaction involved. ATMs can be found at banks, in grocery
stores, in airports, in hotels, in clubs, in restaurants, in gas stations, and at
a few other places. If you use an ATM at any branch of your bank, it will
be free.
Use another bank's or a store's ATM, however, and it could cost you.
Generally, the company that owns the ATM will charge you a fee, and
your own bank will also charge you a fee. These fees will usually only be
12
a couple of dollars each, but they can add up over the course of a month
or year and are an unnecessary expense. Some banks will waive a couple
of these fees per month, and if you have an online checking account, you
may be able to use almost any ATM without incurring any fees.
If you plan to use an ATM frequently, it might save you money to open
your account with a major bank that has ATMs everywhere or open an
online checking account that allows liberal, fee-free use of other banks'
ATMs. If you're good at anticipating your cash needs ahead of time, or if
you frequent stores that allow you to get "cash back" when you make a
purchase with your debit card, ATM ubiquity need not be a factor in your
choice of bank.
One drawback of relying on ATMs is their daily cash withdrawal limits.
While you shouldn't have any problems withdrawing a large amount of
cash from your account if you visit a teller, you usually won't be able to
withdraw more than a few hundred dollars a day from an ATM. (Using an
ATM also poses some risks. Learn more in 5 ATM Scams That Can
Break the Bank.)
Pros and Cons of Using Debit Cards Debit cards are generally seen as an
alternative to cash, checks, or credit cards. Like these other spending
options, debit cards have their advantages and disadvantages.
Unlike credit cards, debit cards can help you stay out of financial trouble
by limiting you’re spending to the amount of money that's actually in
your account. However, if you're not aware of how much money is in
your account and how many checks and purchase transactions you have
outstanding; it's possible to incur hefty fees for overdrawing your
account.
13
Debit cards generally do not offer as much protection against theft as
credit cards. While you will usually not be liable for any unauthorized
purchases made with your credit card, it is possible to be liable for $50,
$500, or more in unauthorized purchases and withdrawals made with
your debit card depending on when you report the theft. You must act
quickly to report a lost or stolen card if you want to cut your losses, and
sometimes by the time you realize there's a problem, you've already lost a
significant amount of money that you wouldn't be on the hook for with a
credit card. (For more insight, read Credit Card Perks You Never Knew
You Had.)
Debit cards can be safer than carrying around cash, however. If you were
to get mugged and you reported the theft of your debit card right away,
your liability would be capped at $50. If you were carrying around $500
in cash, it would all be gone, and you'd have no way to recover the
money.
Unlike credit cards, the regular use of a debit card does not help you
establish credit or improve your credit score. Also, debit cards generally
do not come with the perks offered by credit cards, such as rental car
insurance and product satisfaction guarantees.
Transaction Limits Your bank may limit the number of transactions or the
total dollar amount of transactions you can complete in one day using
your debit card. If you're planning to go to lots of stores or make a large
purchase using your debit card, you'll need to be aware of these
transaction limits ahead of time. Consult your account agreement for
details.
14
Holds on Funds When you make certain types of purchases with your
debit card, the company you make a purchase from may place a hold on
more of your available funds than what you've actually spent. The most
common businesses that employ this practice are hotels, rental car
companies and gas stations. Rental car companies and hotels hold the
extra money to protect themselves if you damage the car or the room.
Many such companies will not even accept debit cards, since a high
spending limit on a credit card can make it easier to recoup losses from
customers in the event of significant damage. Gas stations place a hold
because of the way they process debit card transactions. The hold amount
is commonly $50 or $75 on top of your purchase amount and may not
disappear for three to five business days.
It's essential to be aware of businesses' funds-blocking policies, because
you won't be able to withdraw that money as cash or draw checks from it
until the hold is released. Similarly, since the funds are not available, you
can bounce checks you've already written if you're not aware that a hold
has been placed on your account. To avoid headaches like these, pay in
cash or use a credit card when dealing with vendors that place holds on
debit card purchases.
3. ATM:-
An automated teller machine or automatic teller machine (ATM), also
known as a Cash point (which is a trademark of Lloyds TSB), cash
machine or sometimes a hole in the wall in British English, is a
computerized telecommunications device that provides the clients of a
financial institution with access to financial transactions in a public space
without the need for a cashier, human clerk or bank teller. ATMs are
15
known by various other names including ATM machine, automated
banking machine, and various regional variants derived from trademarks
on ATM systems held by particular banks.
Invented by John Shepherd-Barron, the first ATM was introduced in June
1967 at Barclays Bank in Enfield, UK.[citation needed][dubious –
discuss] On most modern ATMs, the customer is identified by inserting a
plastic ATM card with a magnetic stripe or a plastic smart card with a
chip, that contains a unique card number and some security information
such as an expiration date or CVVC (CVV). Authentication is provided
by the customer entering a personal identification number (PIN).
Using an ATM, customers can access their bank accounts in order to
make cash withdrawals, credit card cash advances, and check their
account balances as well as purchase prepaid cell phone credit. If the
currency being withdrawn from the ATM is different from that which the
bank account is denominated in (e.g.: Withdrawing Japanese Yen from a
bank account containing US Dollars), the money will be converted at a
wholesale exchange rate. Thus, ATMs often provide the best possible
exchange rate for foreign travelers and are heavily used for this purpose
as well.[1]
16
Location:-
ATMs are placed not only near or inside the premises of banks, but also
in locations such as shopping centers/malls, airports, grocery stores,
petrol/gas stations, restaurants, or anywhere frequented by large numbers
of people. There are two types of ATM installations: on- and off-premise.
On-premise ATMs are typically more advanced, multi-function machines
that complement a bank branch's capabilities, and are thus more
expensive
ATMs are placed not only near or inside the premises of banks, but also
in locations such as shopping centers/malls, airports, grocery stores,
petrol/gas stations, restaurants, or anywhere frequented by large numbers
of people. There are two types of ATM installations: on- and off-premise.
On-premise ATMs are typically more advanced, multi-function machines
17
that complement a bank branch's capabilities, and are thus more
expensive
ATMs rely on authorization of a financial transaction by the card issuer
or other authorizing institution via the communications network. This is
often performed through an ISO 8583 messaging system.
Many banks charge ATM usage fees. In some cases, these fees are
charged solely to users who are not customers of the bank where the
ATM is installed; in other cases, they apply to all users.
Hardware
An ATM is typically made up of the following devices:
CPU Magnetic and/or Chip card reader (to identify the customer)PIN Pad
(similar in layout to a Touch tone or Calculator keypad), often
manufactured as part of a secure enclosure. Secure, generally within a
secure enclosure. Display Function key buttons (usually close to the
display) or a Touch screen (used to select the various aspects of the
transaction) Record Printer (to provide the customer with a record of their
transaction)Vault (to store the parts of the machinery requiring restricted
access)Housing (for aesthetics and to attach signage to)
Software
With the migration to commodity PC hardware, standard commercial
"off-the-shelf" operating systems and programming environments can be
used inside of ATMs. Typical platforms previously used in ATM
development include RMX or OS/2. Today the vast majority of ATMs
worldwide use a Microsoft OS, primarily Windows XP Professional or
18
Windows XP Embedded. A Wincor Nixdorf ATM running Windows
2000.
Linux is also finding some reception in the ATM marketplace. An
example of this is Banrisul, the largest bank in the south of Brazil, which
has replaced the MS-DOS operating systems in its ATMs with Linux.
Banco do Brasil is also migrating ATMs to Linux.
With the move to a more standardized software base, financial
institutions have been increasingly interested in the ability to pick and
choose the application programs that drive their equipment. WOSA/XFS,
now known as CEN XFS (or simply XFS), provides a common API for
accessing and manipulating the various devices of an ATM. J/XFS is a
Java implementation of the CEN XFS API.
With the onset of Windows operating systems and XFS on ATM's, the
software applications have the ability to become more intelligent. This
has created a new breed of ATM applications commonly referred to as
programmable applications. These types of applications allows for an
entirely new host of applications in which the ATM terminal can do more
than only communicate with the ATM switch. It is now empowered to
connected to other content servers and video banking systems.
Uses of ATM in banking sector
Cash Withdrawal and Balance Enquiry:-
In spite of a number of innovative services being made available at many
ATMs, cash withdrawal stills remains the most accessed service at
ATMs. However, the migration of routine bank transactions like cash
19
withdrawals and balance enquiries from teller counters to ATMs
significantly raises the potential for savings in employee costs and greater
employee focus on value-added revenue-enhancing activities such as
selling other financial products and advisory services to customers.
Cash /Cheque Deposit:-
Again, due to the strong cash culture in India, cash deposits are most
likely higher than in other markets, especially cash deposits made by
commercial customers such as retail shopkeepers and those whose work
involves substantial travelling. A high cash withdrawal rate results in
higher ATM servicing costs due to frequent cash replenishment
requirements. Recent developments in ATM technology have made it
possible to recycle cash in ATMs. Currency notes received as cash
deposits are counted; soiled notes separated and deposited cash dispensed
to fulfil withdrawal transactions. However, regulatory concerns relating
to identification of counterfeit notes and its depositors need to be
addressed first.
ATM with Cheque deposit facility is not picking up in India, like other
countries. One of the reasons is the delay in collection of the cheque
deposited in ATMs. Cheque deposited in ATMs is to be collected and
deposited in the designated branch for collection. Another reason is the
introduction of cheque deposit Kiosks by various Banks especially
Private sector ones. These are kept at each some important
locations/branches where customers can deposit there cheques which are
collected at intervals which may be difficult in ATMs.
20
Bill Payments:-
Most utilities have inadequate infrastructure for receiving bill payments
resulting in long queues at collection centers. Hence, bill payment at
ATMs has achieved noticeable acceptance by bank customers. Most
banks provide this service through bi-lateral arrangements with bill-
payment service providers. ATM users register their water, electricity and
telephone utility accounts with banks, check their dues at ATMs, approve
bill payments that are debited to their bank accounts and receive printed
receipts for the transactions. This service has the effect of improving
customer satisfaction for both the bank as well as the bill-payment service
providers. Some Banks’ ATMs even accept charitable contributions to
Temples.
Sale of Paper Based Products:-
ATMs are ideally suited to sell paper-based products and services such as
tickets, wireless phone recharge cards, financial products, etc. The screen
interface allows browsing and customization, access to bank accounts
facilitate payments and printing capabilities produce the actual
product/service. A number of banks including ICICI Bank, SBI and PNB
have ATMs at Mumbai’s local railway stations to dispense season tickets
to commuters. Own-bank customers pay no extra charge while other bank
customers pay a fee of Rs. 50 for this extremely useful service of anytime
ticket purchase. Railway season tickets represent a high-volume mass-
appeal product. As technical standards get established and
product/service sellers become aware of the ATM sales channel, niche-
appeal high-margin products like entertainment tickets will join the fray.
21
Bank and Information technology:-In the five decades since independence, banking in India has evolved
through four distinct phases. During Fourth phase, also called as Reform
Phase, Recommendations of the Narasimham Committee (1991) paved
the way for the reform phase in the banking. Important initiatives with
regard to the reform of the banking system were taken in this phase.
Important among these have been introduction of new accounting and
prudential norms relating to income recognition, provisioning and capital
adequacy, deregulation of interest rates & easing of norms for entry in the
field of banking.
Entry of new banks resulted in a paradigm shift in the ways of banking in
India. The growing competition, growing expectations led to increased
awareness amongst banks on the role and importance of technology in
banking. The arrival of foreign and private banks with their superior
state-of-the-art technology-based services pushed Indian Banks also to
follow suit by going in for the latest technologies so as to meet the threat
of competition and retain their customer base.
Indian banking industry, today is in the midst of an IT revolution. A
combination of regulatory and competitive reasons has led to increasing
importance of total banking automation in the Indian Banking Industry.
22
Information Technology has basically been used under two different
avenues in Banking. One is Communication and Connectivity and other
is Business Process Reengineering. Information technology enables
sophisticated product development, better market infrastructure,
implementation of reliable techniques for control of risks and helps the
financial intermediaries to reach geographically distant and diversified
markets.
In view of this, technology has changed the contours of three major
functions performed by banks, i.e., access to liquidity, transformation of
assets and monitoring of risks. Further, Information technology and the
communication networking systems have a crucial bearing on the
efficiency of money, capital and foreign exchange market.
The Software Packages for Banking Applications in India had their
beginnings in the middle of 80s, when the Banks started computerizing
the branches in a limited manner. The early 90s saw the plummeting
hardware prices and advent of cheap and inexpensive but high-powered
PCs and servers and banks went in for what was called Total Branch
Automation (TBA) Packages. The middle and late 90s witnessed the
tornado of financial reforms, deregulation, globalization etc coupled with
rapid revolution in communication technologies and evolution of novel
23
concept of 'convergence' of computer and communication technologies,
like Internet, mobile phone etc.
M ilestones
In India, banks as well as other financial entities entered the world of
information technology and with Indian Financial Net (INFINET).
INFINET, a wide area satellite based network (WAN) using VSAT (Very
Small Aperture Terminals) technology, was jointly set up by the Reserve
Bank and Institute for Development and Research in Banking technology
(IDRBT) in June 1999.
The Indian Financial Network (INFINET) which initially comprised only
the public sector banks was opened up for participation by other
categories of members.
The first set of applications that could benefit greatly from the use of
technological advances in the computer and communications area relate
to the Payment systems which form the lifeline of any banking activity.
The process of reforms in payment and settlement systems has gained
momentum with the implementation of projects such as NDS
((Negotiated Dealing System), CFMS ( Centralized Funds Management
System) for better funds management by banks and SFMS (Structured
Financial Messaging Solution) for secure message transfer. This would
result in funds transfers and funds-related message transfer to be routed
24
electronically across banks using the medium of the INFINET.
Negotiated dealing system (NDS), which has become operational since
February 2002 and RTGS (Real Time Gross Settlement system)
scheduled towards the end of 2003 are other major developments in the
area.
Internet has significantly influenced delivery channels of the banks.
Internet has emerged as an important medium for delivery of banking
products & services. Detailed guidelines of RBI for Internet Banking has
prepared the necessary ground for growth of internet banking in India.
E- Banking & internet:-
Transaction and delivery costs. This paper discusses some of the
problems developing countries, which have a low penetration of
information and telecommunication technology, face in realizing the
advantages of e-banking initiatives. Major concerns such as the ‘digital
divide’ between the rich and poor, the different operational environments
for public and private sector banks, problems of security and
authentication, management and regulation; and inadequate financing of
small and medium scale enterprises (SMEs) are highlighted there are not
many inventions that have changed the business of banking as quickly as
the e-banking revolution. World over banks are reorienting their business
25
strategies towards new opportunities offered by e-banking. E-banking has
enabled banks to scale borders, change strategic behavior and thus bring
about new possibilities.
E-banking has moved real banking behavior closer to neoclassical
economic theories of market functioning. Due to the absolute
transparency of the market, clients (both business as well as retail) can
compare the services of various banks more easily. For instance, on the
internet, competitors are only one click away. If clients are not happy
with the products, prices or services offered by a particular bank, they are
able to change their banking partner much more easily than in the
physical or real bank-client relationship. From the banks’ point of view,
use of the internet has significantly reduced the physical costs of banking
operations. As discussed by Turner (2001), progress in information
technology has slashed the costs of processing information, while the
internet has facilitated its transmission, thus facilitating change in the
very essence of the banking business. Around the world, electronic
banking services, whether delivered online or through other mechanisms,
have spread quickly in recent years. It must be noted that the impact of e-
banking is not limited to industrial and advanced emerging economies.
Even in countries with underdeveloped banking systems, E-banking has
offered many new business opportunities.
In simple words, e-banking implies provision of banking products and
services through electronic delivery channels. Electronic banking has
been around for quite some time in the form of automatic teller machines
(ATMs) and telephone transactions. In more recent times, it has been
transformed by the internet a new delivery channel that has facilitated
banking transactions for both customers and banks. For customers, the
26
internet offers faster access, is more convenient and available around the
clock irrespective of the customer’s location. For banks, it is a much more
efficient and cost- saving channel).
27
Introduction
In recent months, industry pundits have begun to suggest that smart cards
will one day be as important as computers are today. This statement is
somewhat misleading, however, because it implies that smart cards are
not computers, which in fact, they are.
This first article in a two-part series describes the history of smart cards,
compares some different types, and discusses their low-level properties.
To complete the picture, the second article in this series will discuss the
standards that affect the adoption of smart cards in mainstream society,
and how smart cards relate to today’s computer security systems.
Because smart cards are indeed tiny computers, it is difficult to predict
the variety of applications that smart cards will make possible in the
future. In fact, it is quite possible that smart cards will experience rapid
increases in processing power, following "Moore’s Law"1 and doubling
in performance while halving in cost every 18 months as computers have
for the past 2 decades.
Since their inception, smart cards have proven to be quite useful as a
transaction, authorization, and identification medium in European
countries. As their capabilities increase, they could become the ultimate
"thin client," eventually replacing all of the things we carry around in our
wallets, including credit cards, licenses, cash, and even family
photographs. (The photographs could be viewed and/or exchanged using
capable terminals or personal computers.) By containing various
identification certificates, smart cards could be used to voluntarily
28
identify attributes of ourselves, no matter where we are or to which
computer network we are attached.
This article does not try to predict the future of smart card application
possibilities, nor their impact on society. Instead, it focuses on the state-
of-the-art for smart cards and their use in computer and network security
systems. Similarly, this article is not scientifically comprehensive with
regard to every detail of integrated circuit cards. Instead, it tries to strike a
balance between accuracy and comprehensibility. The standards and
references that are mentioned throughout the article can be used to find
more specific information.
1. History of the smart card
The technology has its historical origin in the seventies when inventors in
Germany, Japan, and France filed the original patents. While inventors in
the U.S., Japan and Austria, were issued patents, it was the French who
put up big money to push the technology. They did this in the 1970's,
during a period of major national investment in modernizing the nation's
technology infrastructure. Due to several factors most work on Smart
Cards was at the research and development level until the mid eighties.
Since then, the industry has been growing at tremendous rate is shipping
more than one billion (1,000,000,000) cards per year (since 1998). The
current world population of Smart Cards of some 1.7 billion is set to
increase to 4 billion or more cards within the next 3-4 years..
The roots of the current day smart card can be traced back to the United
States, in the early 1950s, when Diner’s Club produced the first all plastic
card to be used for payment applications. The use of the synthetic
material PVC allowed for longer lasting cards than the previous
29
conventional paper-based cards. In this system, the mere fact that you
were issued a Diner’s Club card allowed you to pay with your "good
name" rather than cash. In effect, the card identified you as a member of a
select group, and was accepted by certain restaurants and hotels that
recognized this group.
VISA and MasterCard then entered the market, but eventually the cost
pressures of fraud, tampering, merchant handling, and bank charges
necessitated a machine-readable card. The subsequent introduction of the
magnetic stripe allowed additional digitized data to be stored on the cards
in a machine-readable format. This type of embossed card with a
magnetic stripe is still the most commonly used method of payment.
Magnetic stripe technology suffers from a critical weakness, however, in
that anyone with access to the appropriate device can read, re-write, or
delete the data. Thus a magnetic stripe card is unsuitable for storing
sensitive data and, as such, requires an extensive online, centralized,
back-end infrastructure for verification and processing.
As it turns out, this type of back-end infrastructure soon became prevalent
in the United States, but was not as readily available in the European
countries. As in any client/server architecture, one solution to a lack of
back-end processing power is to beef up the back-end server side, but
another solution is to make the client side more powerful, thus relieving
some of the duties of the back-end. European countries seem to have
preferred the client side approach, and made a huge improvement over
magnetic stripe technology by introducing the integrated circuit card
(ICC).
30
In 1968, German inventors Jürgen Dethloff and Helmut Grötrupp applied
for the first ICC-related patents. Similar applications followed in Japan in
1970 and in France in 1974. In 1984, the French Postal and
Telecommunications services (PTT) successfully carried out a field trial
with telephone cards. By 1986, many millions of French telephone smart
cards were in circulation. Their number reached nearly 60 million in
1990, and 150 million were projected for 1996.
As cryptography made great progress in the 1960s and security
mechanisms could be proved mathematically, smart cards proved to be an
ideal medium for safely storing cryptographic keys and algorithms.
French banks were the first to field this type of card by introducing a
chip-incorporating bank card in 1984. German banks began introducing
them around 1997. Another application fielded in Germany included over
70 million smart cards that carried health insurance information.
What is smart card?
Today's society is often characterized as an information society.
Technological developments, particularly in the areas of computers and
telecommunications have fundamentally changed the character of the
modern organization. The smart card is one of the latest additions to the
world of information technology.
31
The term Smart Card is loosely used to describe any card with a
capability to relate information to a particular application such as
magnetic stripe, optical, memory, and microprocessor cards. It is more
precise, however to refer to memory and microprocessor cards as smart
cards.
A Smart Card is a card incorporating a “CHIP” or (microprocessor)
which is a type of tiny computer embedded in the plastic. The metal circle
visible on the outside of the card is not the microprocessor itself, but
rather a unit containing its outside connections. The chip provides the
card with these advantages:-
A memory for greater storage than can be provided on magnetic
stripes.
Intelligence for exploiting this increased data. The smart card
participates directly in controlling transactions; i.e. it is active not
passive like the magnetic card.
It cannot be reproduced, nor can its code be broken. After three wrong
codes have been tried, the chip blocks any further usage of the card,
which is therefore more secure than a magnetic card.
It stores formula within its permanent (read-only) memory which
enables it to verify the authenticity of the secret code typed in by the
customer.
It registers and memorizes the number and frequency of all
transactions effected.
A magnetic stripe card has a strip of magnetic tape material attached to its
surface. This is the standard technology used for bank cards:-
32
Optical cards are bank card-size, plastic cards that use some form of laser
to write and read the card.
Memory cards can store a variety of data, including financial, personal,
and specialized information; but cannot process information.
Smart cards with a microprocessor look like standard plastic cards, but
are equipped with an embedded Integrated Circuit (IC) chip.
Microprocessor cards can store information, carry out local processing on
the data stored, and perform complex calculations. These cards take the
form of either "contact" cards which require a card reader or "contactless"
cards which use radio frequency signals to operate.
Over a billion smart cards are already in use. Currently, Europe is the
region where they are most used. A study forecasts a $26.5 billion market
for recharging smart cards by2005. Compaq and Hewlett-Packard are
reportedly working on keyboards that include smart card slots that can be
read like bank credit cards. The hardware for making the cards and the
devices than can read them are currently made principally by Bull,
Gemplus, and Schlumberger.
3. Types of Smart CardSmart cards are defined according to…
1). How the card data is read and written?
2). The type of chip implanted within the card and its capabilities.
There is a wide range of options to choose from when designing your
system.
33
Card Construction
Mostly all chip cards are built from layers of differing materials, or
substrates, that when brought together properly gives the card a specific
life and functionality. The typical card today is made from PVC,
Polyester or Polycarbonate. The card layers are printed first and then
laminated in a large press. The next step in construction is the blanking or
die cutting. This is followed by embedding a chip and then adding data to
the card. In all, there may be up to 30 steps in constructing a card. The
total components, including software and plastics, may be as many as 12
separate items; all this in a unified package that appears to the user as a
simple device.
34
Contact Cards
These are the most common type of smart card. Electrical contacts
located on the outside of the card connect to a card reader when the card
is inserted. This connector is bonded to the encapsulated chip in the card.
35
Increased levels of processing power, flexibility and memory will add
cost. Single function cards are usually the most cost-effective solution.
Choose the right type of smart card for your application by determining
your required level of security and evaluating cost versus functionality in
relation to the cost of the other hardware elements found in a typical
workflow. All of these variables should be weighted against the expected
lifecycle of the card. On average the cards typically comprise only 10 to
15 percent of the total system cost with the infrastructure, issuance,
software, readers, training and advertising making up the other 85
percent. The following chart demonstrates some general rules of thumb:
36
Card Function Trade-Offs
Memory Cards
Memory cards cannot manage files and have no processing power for
data management. All memory cards communicate to readers through
synchronous protocols. In all memory cards you read and write to a fixed
address on the card. There are three primary types of memory cards:
Straight, Protected, and Stored Value. Before designing in these cards
into a proposed system the issuer should check to see if the readers and/or
terminals support the communication protocols of the chip. Most
37
contactless cards are variants on the protected memory/segmented
memory card idiom.
Straight Memory Cards
These cards just store data and have no data processing capabilities. Often
made with I2C or serial flash semiconductors, these cards were
traditionally the lowest cost per bit for user memory. This has now
changed with the larger quantities of processors being built for the GSM
market. This has dramatically cut into the advantage of these types of
devices. They should be regarded as floppy disks of varying sizes without
the lock mechanism. These cards cannot identify themselves to the
reader, so your host system has to know what type of card is being
inserted into a reader. These cards are easily duplicated and cannot be
tracked by on-card identifiers.
Protected / Segmented Memory Cards
These cards have built-in logic to control the access to the memory of the
card. Sometimes referred to as Intelligent Memory cards, these devices
can be set to write- protect some or the entire memory array. Some of
these cards can be configured to restrict access to both reading and
writing. This is usually done through a password or system key.
Segmented memory cards can be divided into logical sections for planned
multi-functionality. These cards are not easily duplicated but can possibly
be impersonated by hackers. They typically can be tracked by an on-card
identifier.
38
Stored Value Memory Cards
These cards are designed for the specific purpose of storing value or
tokens. The cards are either disposable or rechargeable. Most cards of this
type incorporate permanent security measures at the point of
manufacture. These measures can include password keys and logic that
are hard-coded into the chip by the manufacturer. The memory arrays on
these devices are set-up as decrements or counters. There is little or no
memory left for any other function. For simple applications such as a
telephone card, the chip has 60 or 12 memory cells, one for each
telephone unit. A memory cell is cleared each time a telephone unit is
used. Once all the memory units are used, the card becomes useless and is
thrown away. This process can be reversed in the case of rechargeable
cards.
39
CPU/MPU Microprocessor Multifunction Cards
These cards have on-card dynamic data processing capabilities.
Multifunction smart cards allocate card memory into independent
sections or files assigned to a specific function or application. Within the
card is a microprocessor or microcontroller chip that manages this
memory allocation and file access. This type of chip is similar to those
found inside all personal computers and when implanted in a smart card,
manages data in organized file structures, via a card operating system
(COS). Unlike other operating systems, this software controls access to
the on-card user memory. This capability permits different and multiple
functions and/or different applications to reside on the card, allowing
businesses to issue and maintain a diversity of ‘products’ through the
card. One example of this is a debit card that also enables building access
on a college campus. Multifunction cards benefit issuers by enabling
them to market their products and services via state-of-the-art transaction
and encryption technology. Specifically, the technology enables secure
identification of users and permits information updates without
replacement of the installed base of cards, simplifying program changes
and reducing costs. For the card user, multifunction means greater
convenience and security, and ultimately, consolidation of multiple cards
down to a select few that serve many purposes.
There are many configurations of chips in this category, including chips
that support cryptographic Public Key Infrastructure (PKI) functions with
on-board math co-processors or JavaCard® with virtual machine
hardware blocks. As a rule of thumb - the more functions, the higher the
cost.
40
Contactless Cards
These are smart cards that employ a radio frequency (RFID) between
card and reader without physical insertion of the card. Instead, the card is
passed along the exterior of the reader and read. Types include proximity
cards which are implemented as a read-only technology for building
access. These cards function with a very limited memory and
communicate at 125 MHz. Another type of limited card is the Gen 2 UHF
Card that operates at 860 MHz to 960 MHz.
True read and write contactless cards were first used in transportation
applications for quick decrementing and reloading of fare values where
their lower security was not an issue. They communicate at 13.56 MHz
and conform to the ISO 14443 standard. These cards are often protected
memory types. They are also gaining popularity in retail stored value
since they can speed up transactions without lowering transaction
processing revenues (i.e. Visa and MasterCard), unlike traditional smart
cards.
Variations of the ISO14443 specification include A, B, and C, which
specify chips from either specific or various manufacturers. A=NXP-
(Philips) B=everybody else and C=Sony only chips. Contactless card
drawbacks include the limits of cryptographic functions and user
memory, versus microprocessor cards and the limited distance between
card and reader required for operation.
Multi-mode Communication Cards
These cards have multiple methods of communications, including
ISO7816, ISO14443 and UHF gen 2. How the card is made determines if
41
it is a Hybrid or dual interface card. The term can also include cards that
have a magnetic-stripe and or bar-code as well.
Hybrid Cards
Hybrid cards have multiple chips in the same card. These are typically
attached to each interface separately, such as a MIFARE chip and antenna
with a contact 7816 chip in the same card.
Dual Interface Cards
These cards have one chip controlling the communication interfaces. The
chip may be attached to the embedded antenna through a hard connection,
inductive method or with a flexible bump mechanism.
Multi-component Cards
These types of cards are for a specific market solution. For example, there
are cards where the fingerprint sensor is built on the card. Or one
company has built a card that generates a one-time password and displays
the data for use with an online banking application. Vault cards have
rewriteable magnetic stripes. Each of these technologies is specific to a
particular vendor and is typically patented.
Smart Card Form Factors
The expected shape for cards is often referred to as CR80. Banking and
ID cards are governed by the ISO 7810 specification. But this shape is not
the only form factor that cards are deployed in. Specialty shaped cutouts
of cards with modules and/or antennas are being used around the world.
The most common shapes are SIM. SD and MicroSD cards can now be
42
deployed with the strength of smart card chips. USB flash drive tokens
are also available that leverage the same technology of a card in a
different form factor.
Integrated Circuits and Card Operating Systems
The two primary types of smart card operating systems are (1) fixed file
structure and (2) dynamic application system. As with all smartcard
types, the selection of a card operating system depends on the application
that the card is intended for. The other defining difference lies in the
encryption capabilities of the operating system and the chip. The types of
encryption are Symmetric Key and Asymmetric Key (Public Key).
The chip selection for these functions is vast and supported by many
semiconductor manufacturers. What separates a smart card chip from
other microcontrollers is often referred to as trusted silicon. The device
itself is designed to securely store data withstanding outside electrical
tampering or hacking. These additional security features include a long
list of mechanisms such as no test points, special protection metal masks
and irregular layouts of the silicon gate structures. The trusted silicon
semiconductor vendor list below is current for 2010:
Atmel
EM Systems
Infineon
Microchip
NXP
Rennes’s Electronics
43
Samsung
Sharp
Sony
ST Microelectronics
Many of the features that users have come to expect, such as specific
encryption algorithms, have been incorporated into the hardware and
software libraries of the chip architectures. This can often result in a card
manufacturer not future-proofing their design by having their card
operating systems only ported to a specific device. Care should be taken
in choosing the card vendor that can support your project over time as
card operating system-only vendors come in and out of the market. The
tools and middleware that support card operating systems are as
important as the chip itself. The tools to implement your project should
be easy to use and give you the power to deploy your project rapidly.
Please see the security section on this website for more information
regarding PKI.
Fixed File Structure Card Operating System
This type treats the card as a secure computing and storage device. Files
and permissions are set in advance by the issuer. These specific
parameters are ideal and economical for a fixed type of card structure and
functions that will not change in the near future. Many secure stored
value and healthcare applications are utilizing this type of card. An
example of this kind of card is a low-cost employee multi-function badge
or credential. Contrary to some biased articles, these style cards can be
44
used very effectively with a stored biometric component and reader.
Globally, these types of microprocessor cards are the most common.
Dynamic Application Card Operating System
This type of operating system, which includes the Java Card and
proprietary MULTOS card varieties, enables developers to build, test, and
deploy different on card applications securely. Because the card operating
systems and applications are more separate, updates can be made. An
example card is a SIM card for mobile GSM where updates and security
are downloaded to the phone and dynamically changed. This type of card
deployment assumes that the applications in the field will change in a
very short time frame, thus necessitating the need for dynamic expansion
of the card as a computing platform. The costs to change applications in
the field are high, due to the ecosystem requirements of security for key
exchange with each credential. This is a variable that should be
scrutinized carefully in the card system design phase.
4. Construction of smart card
Construction:-
The main storage area in such cards is normally EEPROM (Electrically
Erasable Programmable Read-Only Memory), which can have its content
updated, and which retains current contents when external power is
removed. Newer Smart Card chips, sometimes, also have math co-
processors integrated into the microprocessor chip, which is able to
perform quite complex encryption routines relatively quickly. The chip
connection is either via direct physical contact or remotely via a contact
less electromagnetic interface.
45
Its chip therefore characterizes a Smart Card uniquely; with its ability to
store much more data (currently up to about 32,000 bytes) than is held on
a magnetic stripe, all within an extremely secure environment. Data
residing in the chip can be protected against external inspection or
alteration, so effectively that the vital secret keys of the cryptographic
systems used to protect the integrity and privacy of card-related
communications can be held safely against all but the most sophisticated
forms of attack.
The functional architecture of a GSM system can be broadly divided into
the Mobile Station, the Base Station Subsystem, and the Network
Subsystem. Each subsystem is comprised of functional entities that
communicate through the various interfaces using specified protocols.
The subscriber carries the mobile station; the base station subsystem
controls the radio link with the Mobile Station. The network subsystem,
the main part of which is the Mobile services Switching Center, performs
the switching of calls between the mobile and other fixed or mobile
network users, as well as management of mobile services, such as
authentication.
Fig 1: Smart Card Construction.
46
Today, there are basically three categories of Smart Cards –
A microprocessor chip can add, delete and otherwise manipulate
information in its memory. It can be viewed as a miniature computer with
an input/output port, operating system and hard disk. Microprocessor
chips are available 8, 16, and 32 bit architectures. Their data storage
capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected
with semiconductor technology advances.
Integrated Circuit (IC) Microprocessor Cards
Fig 3: An Integrated Circuit used in Smart Cards.
Microprocessor cards (generally referred to as "chip cards") offer greater
memory storage and security of data than a traditional magnetic stripe
card. Their chips may also be called as microprocessors with internal
memory which, in addition to memory, embody a processor controlled by
a card operating system, with the ability to process data onboard, as well
as carrying small programs capable of local execution. The
microprocessor card can add, delete, and otherwise manipulate
information on the card, while a memory-chip card (for example, pre-paid
phone cards) can only undertake a pre-defined operation. The current
generation of chip cards has an eight-bit processor, 32KB read-only
memory, and 512 bytes of random-access memory. This gives them the
47
equivalent processing power of the original IBM-XT computer, albeit
with slightly less memory capacity.
Uses:
These cards are used for a variety of applications, especially those that
have cryptography built in, which requires manipulation of large
numbers. Very often the data processing power is used to encrypt/decrypt
data, which makes this type of card very unique person identification
token. Data processing permits also the dynamic storage management,
which enables realization of flexible multifunctional card. Thus, chip
cards have been the main platform for cards that hold a secure digital
identity. Hence they are capable of offering advanced security
mechanism, local data processing, complex calculation and other
interactive processes. Most stored-value cards integrated with
identification, security and information purposes are processor cards.
Some examples of these cards are –
Cards that hold money ("stored value cards")
Card that hold money equivalents (for example, "affinity cards”)
Cards that provide secure access to a network
Cards that secure cellular phones from fraud
Cards that allow set-top boxes on televisions to remain secure from
piracy
Integrated Circuit (IC) Memory Cards – Memory cards can just store
data and have no data processing capabilities. These have a memory chip
with non-programmable logic, with storage space for data, and with a
48
reasonable level of built-in security. IC memory cards can hold up to 1 –
4 KB of data, but have no processor on the card with which to manipulate
that data. They are less expensive than microprocessor cards but with a
corresponding decrease in data management security. They depend on the
security of the card reader for processing and are ideal when security
requirements permit use of cards with low to medium security and for
uses where the card performs a fixed operation.
There is also a special type memory cards called the Wired Logic (or
Intelligent Memory) cards, which contain also some built-in logic,
usually used to control the access to the memory of the card.
Uses:
Memory cards represent the bulk of the Smart Cards sold primarily for
pre-paid, disposable-card applications like pre-paid phone cards. These
are popular as high-security alternatives to magnetic stripe cards.
Optical Memory Cards – Optical memory cards look like a card with a
piece of a CD glued on top - which is basically what they are. Optical
memory cards can store up to 4 MB of data. But once written, the data
cannot be changed or removed.
Uses:
Thus, this type of card is ideal for record keeping - for example medical
files, driving records, or travel histories.
Fundamentals of Card Operation:
Today's Smart Cards need electrical power from outside, plus a way for
data to be read from, and sometimes to be transmitted to, the chip. They
49
interact with an "accepting device", usually known as a card reader,
which exchanges data with the card and usually involves the electronic
transfer of money or personal information. The information or application
stored in the IC chip is transferred through an electronic module that
interconnects with a terminal or a card reader.
There are two general categories of Smart Cards: Contact and Contactless Smart Cards.
Fig 2: Contact Smart Card.
The contact Smart Card has a set of gold- plated electrical contacts
embedded in the surface of the plastic on one side. It is operated by
inserting the card (in the correct orientation) into a slot in a card reader,
which has electrical contacts that connect to the contacts on the card face
thus establishing a direct connection to a conductive micro module on the
surface of the card. This card has a contact plate on the face, which is a
small gold chip about 1/2” in diameter on the front, instead of a magnetic
stripe on the back like a “credit card”. When the card is inserted into a
Smart Card reader, it makes contact with an electrical connector for reads
and writes to and from the chip it is via these physical contact points, that
transmission of commands, data, and card status takes place.
Such a card is traditionally used at the retail point of sale or in the
banking environment or as the GSM SIM card in the mobile 'phone.
50
Fig 3: Contactless Smart Card
(This diagram shows the top and bottom card layers which sandwich the
antenna/chip module.)
A contactless Smart Card looks just like a plastic “credit card” with a
computer chip and an antenna coil embedded within the card. This
antenna allows it to communicate with an external antenna at the
transaction point to transfer information. The antenna is typically 3 - 5
turns of very thin wire (or conductive ink), connected to the contactless
chip. This aerial coil of the antenna is laminated into the card and allows
communication even whilst the card is retained within a wallet or
handbag. The same activation method applies to watches, pendants,
baggage tags and buttons. Thus no electrical contacts are needed and it is
therefore called as "contactless".
Such Smart Cards are used when transactions must be processed quickly,
as in mass-transit toll collection or wherever the cardholder is in motion
at the moment of the transaction. Close proximity, typically two to three
inches for non-battery powered cards (i.e. an air-gap of up to 10cms) is
required for such transactions, which can decrease transaction time while
increasing convenience as both the reader and the card have antenna and
51
it is via this contactless link that the two communicate. Most contactless
cards also derive the internal chip power source from this electromagnetic
signal. Radio frequency technology is used to transmit power from the
reader to the card.
Two new categories, derived from the contact and contactless cards
are combi cards and hybrid cards.
A hybrid Smart Card has two chips, each with its respective contact and
contactless interface. The two chips are not connected, but for many
applications, this Hybrid serves the needs of consumers and card issuers.
Fig 4: CombiCard
(This shows both the contact and contactless elements of the card.)
The combi card (also known as the dual-interface card) is a card with
both contact and contactless interfaces. With such a card, it becomes
possible to access the same chip via a contact or contactless interface,
with a very high level of security. It may incorporate two non-
communicating chips - one for each interface - but preferably has a
single, dual-interface chip providing the many advantages of a single e-
purse, single operating architecture, etc. The mass transportation and
52
banking industries are expected to be the first to take advantage of this
technology.
Proven to be more reliable than the magnetic stripe card.
Can store up to thousands of times of the information than the
magnetic stripe card.
Reduces tampering and counterfeiting through high security
mechanisms such as advanced encryption and biometrics.
Can be disposable or reusable.
Performs multiple functions.
Has wide range of applications (e.g., banking, transportation,
healthcare...)
Compatible with portable electronics (e.g., PCs, telephones...)
Evolves rapidly applying semi-conductor technology.
Smart Cards can hold a large amount of personal information, from
medical/health history to personal banking and personal preferences.
They can carry all necessary functions and information on the card.
Therefore, they do not require access to remote databases at the time of
the transaction unlike magnetic stripe cards..The capacity provided by the
on-board microprocessor and data capacity for highly secure, off-line
processing Adherence to international standards, ensuring multiple
vendor sources and competitive prices. Established track record in real
world applications. Durability and long expected life span (guaranteed by
vendor for up to 10,000 read/writes before failure) Chip Operating
53
Systems that support multiple applications. Secure independent data
storage on one single card
54
Smart card securities
Smart Card Security (Section 1)
Smart cards provide computing and business systems the enormous
benefit of portable and secure storage of data and value. At the same
time, the integration of smart cards into your system introduces its own
security management issues, as people access card data far and wide in a
variety of applications.
The following is a basic discussion of system security and smart cards,
designed to familiarize you with the terminology and concepts you need
in order to start your security planning.
What Is Security?
Smart cards provide computing and business systems the enormous
benefit of portable and secure storage of data and value. At the same
time, the integration of smart cards into your system introduces its own
security management issues, as people access card data far and wide in a
variety of applications.
The following is a basic discussion of system security and smart cards,
designed to familiarize you with the terminology and concepts you need
in order to start your security planning.
Security is basically the protection of something valuable to ensure that it
is not stolen, lost, or altered. The term "data security" governs an
extremely wide range of applications and touches everyone's daily life.
Concerns over data security are at an all-time high, due to the rapid
55
advancement of technology into virtually every transaction, from parking
meters to national defense.
Data is created, updated, exchanged and stored via networks. A network is any
computing system where users are highly interactive and interdependent and by
definition, not all in the same physical place. In any network, diversity abounds,
certainly in terms of types of data, but also types of users. For that reason, a system of
security is essential to maintain computing and network functions, keep sensitive data
secret, or simply maintain worker safety. Any one company might provide an
example of these multiple security concerns: Take, for instance, a pharmaceutical
manufacturer:
Type of Data Security Concern Type of AccessDrug Formula Basis of business income.
Competitor spying.Highly selective list of executives
Accounting, Regulatory
Required by law Relevant executives and departments
Personnel Files Employee privacy Relevant executives and departmentsEmployee ID Non-employee access. Inaccurate
payroll, benefits assignmentRelevant executives and departments
Facilities Access authorization Individuals per function and clearance such as customers, visitors, or vendors
Building safety, emergency response
All employees Outside emergency response
What Is Information Security?
Information security is the application of measures to ensure the safety
and privacy of data by managing its storage and distribution. Information
security has both technical and social implications. The first simply deals
with the 'how' and 'how much' question of applying secure measures at a
reasonable cost. The second grapples with issues of individual freedom,
public concerns, legal standards and how the need for privacy intersects
them. This discussion covers a range of options open to business
56
managers, system planners and programmers that will contribute to your
ultimate security strategy. The eventual choice rests with the system
designer and issuer.
The Elements of Data Security
In implementing a security system, all data networks deal with the
following main elements:
Hardware
Including servers, redundant mass storage devices, communication
channels and lines, hardware tokens (smart cards) and remotely located
devices (e.g., thin clients or Internet appliances) serving as interfaces
between users and computers
Software
Including operating systems, database management systems,
communication and security application programs
Data
Including databases containing customer - related information.
Personnel
To act as originators and/or users of the data; professional personnel,
clerical staff, administrative personnel, and computer staff .
Smart Card Security (Section 2)
Data Integrity
57
This is the function that verifies the characteristics of a document and a
transaction. Characteristics of both are inspected and confirmed for
content and correct authorization. Data Integrity is achieved with
electronic cryptography that assigns a unique identity to data like a
fingerprint. Any attempt to change this identity signals the change and
flags any tampering.
Authentication
This inspects, then confirms, the proper identity of people involved in a
transaction of data or value. In authentication systems, authentication is
measured by assessing the mechanisms strength and how many factors
are used to confirm the identity. In a PKI system a Digital Signature
verifies data at its origination by producing an identity that can be
mutually verified by all parties involved in the transaction. A
cryptographic hash algorithm produces a Digital Signature.
Non-Repudiation
This eliminates the possibility of a transaction being repudiated, or
invalidated by incorporating a Digital Signature that a third party can
verify as correct. Similar in concept to registered mail, the recipient of
data re-hashes it, verifies the Digital Signature, and compares the two to
see that they match.
Authorization and Delegation
58
Authorization is the processes of allowing access to specific data within a
system. Delegation is the utilization of a third party to manage and certify
each of the users of your system. (Certificate Authorities).
Authorization and Trust Model
59
Auditing and Logging
This is the independent examination and recording of records and
activities to ensure compliance with established controls, policy, and
operational procedures, and to recommend any indicated changes in
controls, policy, or procedures.
Management
Is the oversight and design of the elements and mechanisms discussed
above and below? Card management also requires the management of
card issuance, replacement and retirement as well as polices that govern a
system.
Cryptography / Confidentiality
Confidentiality is the use of encryption to protect information from
unauthorized disclosure. Plain text is turned into cipher text via an
algorithm, then decrypted back into plain text using the same method.
Cryptography is the method of converting data from a human readable
form to a modified form, and then back to its original readable form, to
make unauthorized access difficult. Cryptography is used in the following
ways:
Ensure data privacy, by encrypting data
Ensures data integrity, by recognizing if data has been manipulated in
unauthorized way Ensures data uniqueness by checking that data is
"original", and not a "copy" of the "original". The sender attaches a
60
unique identifier to the "original" data. This unique identifier is then
checked by the receiver of the data.
The original data may be in a human-readable form, such as a text file, or
it may be in a computer-readable form, such as a database, spreadsheet or
graphics file. The original data is called unencrypted data or plain text.
The modified data is called encrypted data or cipher text. The process of
converting the unencrypted data is called encryption. The process of
converting encrypted data to unencrypted data is called decryption.
Data Security Mechanisms and their Respective Algorithms
In order to convert the data, you need to have an encryption algorithm
and a key. If the same key is used for both encryption and decryption that
key is called a secret key and the algorithm is called a symmetric
algorithm. The most well-known symmetric algorithm is DES (Data
Encryption Standard).
61
The Data Encryption Standard (DES) was invented by the IBM
Corporation in the 1970's. During the process of becoming a standard
algorithm, it was modified according to recommendations from the
National Security Agency (NSA). The algorithm has been studied by
cryptographers for nearly 20 years. During this time, no methods have
been published that describe a way to break the algorithm, except for
brute-force techniques. DES has a 56-bit key, which offers 256 or 7 x
1016 possible variations. There are a very small numbers of weak keys,
but it is easy to test for these keys and they are easy to avoid.
Triple-DES is a method of using DES to provide additional security.
Triple-DES can be done with two or with three keys. Since the algorithm
performs an encrypt-decrypt-encrypt sequence, this is sometimes called
the EDE mode. This diagram shows Triple-DES three-key mode used for
encryption:
62
If different keys are used for encryption and decryption, the algorithm is
called an asymmetric algorithm. The most well-known asymmetric
algorithm is RSA, named after its three inventors (Rivest, Shamir, and
Adleman). This algorithm uses two keys, called the private key. These
keys are mathematically linked. Here is a diagram that illustrates an
asymmetric algorithm:
Asymmetric algorithms involve extremely complex mathematics
typically involving the factoring of large prime numbers. Asymmetric
algorithms are typically stronger than a short key length symmetric
algorithm. But because of their complexity they are used in signing a
message or a certificate. They not ordinarily used for data transmission
encryption.
63
Smart Card Security (Section 3)
As the card issuer, you must define all of the parameters for card and data
security. There are two methods of using cards for data system security,
host-based and card-based. The safest systems employ both
methodologies.
64
Host-Based System Security
A host-based system treats a card as a simple data carrier. Because of
this, straight memory cards can be used very cost-effectively for many
systems. All protection of the data is done from the host computer. The
card data may be encrypted but the transmission to the host can be
vulnerable to attack. A common method of increasing the security is to
write in the clear (not encrypted) a key that usually contains a date and/or
time along with a secret reference to a set of keys on the host. Each time
the card is re-written the host can write a reference to the keys. This way
each transmission is different. But parts of the keys are in the clear for
hackers to analyze. This security can be increased by the use of smart
memory cards that employ a password mechanism to prevent
unauthorized reading of the data. Unfortunately the passwords can be
sniffed in the clear. Access is then possible to the main memory. These
methodologies are often used when a network can batch up the data
regularly and compare values and card usage and generate a problem card
list.
Card-Based System Security
These systems are typically microprocessor card-based. A card, or token-
based system treats a card as an active computing device. The Interaction
65
between the host and the card can be a series of steps to determine if the
card is authorized to be used in the system. The process also checks if the
user can be identified, authenticated and if the card will present the
appropriate credentials to conduct a transaction. The card itself can also
demand the same from the host before proceeding with a transaction. The
access to specific information in the card is controlled by (1) the card's
internal Operating System and (2) the preset permissions set by the card
issuer regarding the files conditions. The card can be in a standard CR80
form factor or be in a USB dongle or it could be a GSM SIM Card.
Threats to Cards and Data Security
Effective security system planning takes into account the need for
authorized users to access data reasonably easily, while considering the
many threats that this access presents to the integrity and safety of the
information. There are basic steps to follow to secure all smart card
systems, regardless of type or size.
Analysis: Types of data to secure; users, points of contact, transmission.
Relative risk/impact of data loss
Deployment of your proposed system
Road Test: Attempt to hack your system; learn about weak spots, etc.
Synthesis: Incorporate road test data, re-deploy
Auditing: Periodic security monitoring, checks of system, fine-tuning
When analyzing the threats to your data an organization should look
closely at two specific areas: Internal attacks and external attacks. The
first and most common compromise of data comes from disgruntled
66
employees. Knowing this, a good system manager separates all back-up
data and back-up systems into a separately partitioned and secured space.
The introduction of viruses and the attempted formatting of network
drives is a typical internal attack behavior. By deploying employee cards
that log an employee into the system and record the time, date and
machine that the employee is on, a company automatically discourages
these type of attacks.
External attacks are typically aimed at the weakest link in a company's
security armor. The first place an external hacker looks at is where they
can intercept the transmission of your data. In a smart card-enhanced
67
system this starts with the card.
The following sets of questions are relevant to your analysis. Is the data
on the card transmitted in the clear or is it encrypted? If the transmission
is sniffed, is each session secured with a different key? Does the data
move from the card reader to the PC in the clear? Does the PC or client
transmit the data in the clear? If the packet is sniffed, is each session
secured with a different key? Does the operating system have a back
door? Is there a mechanism to upload and down load functioning code?
How secure is this system? Does the OS provider have a good security
track record? Does the card manufacturer have precautions in place to
secure your data? Do they understand the liabilities? Can they provide
other security measures that can be implemented on the card and or
module? When the card is subjected to Differential Power attacks and
Differential Thermal attacks does the OS reveal any secrets? Will the
semiconductor utilized meet this scrutiny? Do your suppliers understand
these questions?
Other types of problems that can be a threat to your assets include:
Improperly secured passwords (writing them down, sharing)
68
Assigned PINs and the replacement mechanisms
Delegated Authentication Services
Poor data segmentation
Physical Security (the physical removal or destruction of your
computing hardware)
Security Architectures
When designing a system a planner should look at the total cost of
ownership this includes:
Analysis
Installation and Deployment
Delegated Services
Training
Management
Audits and Upgrades
Infrastructure Costs (Software and Hardware)
Over 99% of all U.S. - based financial networks are secured with a
Private Key Infrastructure. This is changing over time, based on the sheer
volume of transactions managed daily and the hassles that come with
private key management. Private Key-based systems make good sense if
your expected user base is less than 500,000 participants.
Public Key Systems are typically cost effective only in large volumes or
where the value of data is so high that it’s worth the higher costs
associated with this type of deployment. What most people don’t realizes
is that Public Key systems still rely heavily on Private Key encryption for
69
all transmission of data. The Public Key encryption algorithms are only
used for non-repudiation and to secure data integrity. Public Key
infrastructures as a rule employ every mechanism of data security in a
nested and coordinated fashion to insure the highest level of security
available today.
PKI Public Key Infrastructure
As the card issuer, you must define all of the parameters for card and data
security. There are two methods of using
Cards for data system security, host-based and card-based. The safest
systems employ both methodologies.
Public Key Keep (Asymmetric Card)
How it works?
Typical System (example)
70
Multi-Application Card Systems
It is highly recommended that you graphically diagram the flow of
information as shown. Large distributed multifunction systems require
lots of advance planning to make them effective. Smart cards often act as
the glue between disparate software applications and use cases. Below is
an example of a multifunction card that is issued by a large enterprise or
government. Everywhere you see a CD is a separate and distinct software
application that interacts with the data and service from the card.
71
SMART CARD APPLICATION AREAS
APPLICATION AREAS
The first chip cards were simple prepaid telephone cards implemented in
Europe in the mid-1980s, using memory cards. Today, the major active
application areas for microprocessor-based smart cards include: financial,
communications, government programs, information security, physical
access security, transportation, retail and loyalty, health care, and
university identification. These are intersecting areas in that the smart
card may carry applications from more than one area (for example,
72
combining information and physical security access, or financial and
retail/loyalty). Here are some industries and their applications:
Industry Application
AccountantsBusiness cards, client id, promotions, calendar
cards
Airports Employee access cards, security ID badges
Associations
Memberships
Identification cards (ID cards), point of sale (POS)
Discounts, calendar cards
Automobile dealers VIN ID cards, dealer loyalty, discounts, warranty
cards
Bars, nightclubs VIP cards, preferred door entry, membership cards
Car Wash Frequency cards, pre-paid car wash cards
Clubs Membership cards
ComputersWarranty card, customer support, internet
access#'s, discounts
Dry Cleaners Discount cards, frequent customer cards
Golf Courses Membership cards, bag tags, prepaid greens, ball
dispensers
Hotels Discount, frequency cards, key cards, employee ID
badges
Investment Customer cards, calendar cards
Library ID cards, bar codes
Real Estate Business cards, telephone cards, calendar cards
Rental Services Identification, preferred entry
73
Restaurants Promotional, discount, membership, loyalty,
preferred customer cards
Retail Customer cards, cheque cashing, discount &
loyalty cards
Security Access control, name badges
Shopping Centers Customer, discount cards, loyalty programs
Travel Agents Telephone cards, customer cards
Financial Applications
Electronic Purse to replace coins for small purchases in vending machines
and over-the-counter transactions.
Credit and/or Debit Accounts, replicating what is currently on the
magnetic stripe bank card, but in a more secure environment.
Securing payment across the Internet as part of Electronic Commerce.
Communications Applications
The secure initiation of calls and identification of caller (for billing
purposes) on any Global System for Mobile Communications (GSM)
phone.
Subscriber activation of programming on Pay-TV.
Government Programs
Electronic Benefits Transfer using smart cards to carry Food Stamp and
WIC food benefits in lieu of paper coupons and vouchers.
74
Agricultural producer smart marketing card to track quotas.
Information Security
Employee access card with secured passwords and the potential to
employ biometrics to protect access to computer systems.
Physical Access
Employee access card with secured ID and the potential to employ
biometrics to protect physical access to facilities.
Transportation
Drivers Licenses.
Mass Transit Fare Collection Systems.
Electronic Toll Collection Systems.
Retail and Loyalty
Consumer reward/redemption tracking on a smart loyalty card, that is
marketed to specific consumer profiles and linked to one or more specific
retailers serving that profile set.
Health Card
Consumer health card containing insurance eligibility and emergency
medical data.
University Identification
All-purpose student ID card (a/k/a/ campus card) , containing a variety of
applications such as electronic purse (for vending and laundry machines),
library card, and meal card.
75
Comparison with Magnetic Stripe Cards
The increasing complex performance and application requirements of
today's card systems have spurred interest in smart cards as an alternative
to magnetic stripe cards, or as an enhancement to magnetic stripe cards in
the form of a hybrid card which can support more than one technology (a
smart card micro-module and a magnetic stripe).
Smart Card Applications in the U.S.
Because of the significant investment in an extensive magnetic stripe-
based infrastructure, and the availability of reliable and low cost, on-line
telecommunication services, the U.S. has thus far represented a limited
smart card market. Smart card projects implemented in the U.S. have
been primarily closed systems deployed on military bases, universities,
corporate campuses, and by the banking and credit card industries. The
exception to this has been the movement by the Federal Government to
use smart cards in Electronic Benefits Transfers for food stamps and
other social programs nationwide.
The Federal Government's ultimate goal is to adopt a limited number of
multi-application smart cards that will support a wide range of
Government-wide and agency-specific services. It is envisioned that
eventually every Federal employee will carry smart cards that can be used
for multiple purposes such as identification, building access, network
access, property accountability, travel, and other administrative and
financial functions.
The introduction of smart cards to personal computing is probably the
most exciting change in digital history. We believe that smart cards and
76
other systems with a security microcontroller will literally be the key to
the access and exchange of digital data over the Internet. It took forty
years from the initial idea of two German engineers in the 1960s to the
sophisticated systems available today. It is hard to imagine that the little
piece of silicon, embedded in a credit card size plastic already has the
calculating power of 1980-era computers.
Yearly billions of cards are deployed worldwide, mainly in Europe and
Asia. We think that this trend will continue and smart cards will take off
in the U.S. Currently millions of cards are deployed in the U.S., mainly
by the banking industry. It won't be long until there is a smart card in
nearly every wallet - for banking, healthcare, electronic ID, cell phone
identifier, or web access.
Why Consider Smart Cards?
If a portable record of one or more applications is necessary or desirable,
and records are likely to require updating over time.
Records will interface with more than one automated system.
Security and confidentiality of records is important
THEN, smart cards are a feasible solution for making data processing and
transfer more efficient and secure.
Barriers to Acceptance of Smart Cards
77
Relatively higher cost of smart cards as compared to magnetic stripe
cards. (The difference in initial costs between the two technologies,
however, decreases significantly when the differences in expected life
span and capabilities- particularly in terms of supporting multiple
applications and thus affording cost sharing among application providers-
are taken into account).
Present lack of infrastructure to support the smart card, particularly in the
U.S., necessitating retrofitting of equipment such as vending machines,
ATMs, and telephones.
Proprietary nature of the Chip Operating System. The consumer must be
technically knowledgeable to select the most appropriate card for the
target application.
Lack of standards to ensure interoperability among varying smart card
programs.
Unresolved legal and policy issues related to privacy and confidentiality
or consumer protection laws.
Benefits of Smart card
Whether you’re trying to control physical or network access to a system
or facility, you have three basic options for access control:
Something you know–a username and password or PIN
Something you have–a secure access card
Something you are–the field of biometrics, such as fingerprint scans,
retina scans, voiceprint analysis, etc.
78
If you only depend on the first basic method to defend your network,
you’re leaving it wide open to any password hack. It could be as simple
as sniffing your wire to capture a username and password transmitted via
clear text, or it could be as difficult as stealing the Security Accounts
Manager (SAM) file from your domain controller–or even stealing
passwords through social engineering.
One of the latest standards in secure access is secure ID cards, also
known as smart cards. Given enough time and computing power, hackers
can and will obtain your passwords. That’s why you should consider
implementing smart cards, which boost access security.
Secure access
By incorporating smart card logon access control to your network, you
eliminate a username/password compromise as a potential point of entry.
In addition, deploying smart card logon to your network offers the
following benefits:
Positive identification: You verify users by photo identification
when issuing their account.
Strong authentication: Most smart cards use a nonreversible
encryption algorithm to transmit user token requests and deliver the
user access token through similar security.
No repudiation: Because of the physical and logical requirements, a
person can’t deny participation in a network transaction.
Secure certificate mobility: By placing user certificates on the card,
they remain on the card after user logoff.
79
Active Card tops a very short list of vendors that support several
operating systems, including Red Hat Linux, Mac OS X, Solaris,
Windows 98, Me, NT, 2000, and XP. This includes authentication for the
applications that run on these platforms and Web-enabled applications.
Secure identity
Smart cards are an enhancement to Public Key Infrastructure (PKI)
certificates. From your certificate server, you can generate user
certificates to verify a client’s identity. However, the private key for these
certificates ends up on the hard drive of the system the client uses to
access the secure content.
By transferring that private key to a physically mobile device, such as a
smart card, you have a secure, mobile identity certificate that clients can
safely use for network access and document or e-mail signing, regardless
of where the access point originates.
In addition, the current generation of smart cards allows you to easily
create and manage access policies through roles for different users and
groups.
Limitations
If you want to deploy 100-percent mobile security throughout your
enterprise, be prepared for the up-front costs in labor and hardware. You
need to install smart card readers on all of your mobile platforms, such as
laptops and PDAs.
Don’t forget that you must develop a strategy for installation on your
users’ home PCs. If your network configuration doesn’t support a total
80
conversion to the change in secure access, you must still maintain the
existing username/password structure.
Furthermore, remember that most public systems at hotels, airports, and
internet kiosks won’t have a smart card reader attached to the terminal.
Final Thoughts
Smart card technology is becoming the authentication standard for
enterprise networks. Your organization can gain significant cost savings
if you remove its dependency on antiquated username/password logins.
We all know that users write down or forget complex passwords. Stop
relying on users to defend your organization’s network. Let technology
do the job for you.
Advantages of Smart Cards
The key advantages of smart card technology include:
The capacity provided by the on-board microprocessor and data
capacity for highly secure, off-line processing.
Adherence to international standards, ensuring multiple vendor
sources and competitive prices.
Established track record in real world applications.
Durability and long expected life span (guaranteed by vendor for
up to 10,000 read/writes before failure).
Chip Operating Systems that support multiple applications and
secure independent data storage on one single card.
More about of Smart Cards
81
Smart cards (a/k/a chip or integrated circuit cards or ICCs) are plastic
cards containing a microcontroller. The embedded microcontroller
transforms a credit card-sized piece of plastic into a portable, tamper-
resistant computer with a calculating power of the original IBM PC.
Although most smart cards still use 8-bit microcontrollers, 32-bit systems
already line up for next generation cards. The same happens with the
available on-card memory, which quickly becomes larger.
Smart cards are either contact or contactless. Most smart cards are
"contact" cards, distinguished by a visible set of golden electrical contact
pads. "Contactless" smart cards contain an antenna rather than the golden
contact pads of regular smart cards. Contact cards require a card reader;
contactless cards use radio frequency signals to operate. Both types can
be printed with the issuer's artwork and information. Smart cards can only
be as intelligent, imaginative, and attractive as their designers make them.
Smart cards have diffused worldwide in the form of prepaid and
reloadable payment, telephone, travel, and health care cards. It is the
latest advance in payment card technology, user authentication, and
access control to computer systems.
Billions of cards are deployed in the U.S., mainly by the healthcare,
banking, and credit card industries. Public transportation and other
services are also employing smart card technology. This trend will
continue and smart cards will become prevalent in the United States for a
variety of applications. It won't be long until most people have smart
cards in their wallets for banking, healthcare, electronic ID, loyalty, cell
phone identifier, or web access token.
82
A multitude of suppliers of smart cards and smart card readers is out
there. The differences between products are confusing and often obscured
by colorful sales brochures. To make matters worse, the fight over
industry standards is not yet over. This can make choosing the smart card
technology for your needs overwhelming. This site is intended to give
you a comprehensive overview and some starting points.
83
Smart card…….The Future
The important thing about Smart Cards is that they are everyday objects
that people can carry in their pockets, yet they have the capacity to retain
and protect critical information stored in electronic form. The
“smartness” of Smart Cards comes from the integrated circuit embedded
in the plastic card. Embedding similar circuits in other everyday objects,
such as key rings, watches, glasses, rings or earrings, could perform the
same electronic function. The development of contactless card
technology was the catalyst for what is known as tags. Tags function like
contactless Smart Cards but are in the form of a coin, a ring or even a
baggage label. They are generally attached to objects such as gas bottles,
cars or animals and can hold and protect information concerning that
object. This allows the object to be managed by an information system
without any manual data handling. The use of Biometrics will soon mean
that his/her hand, fingerprint and the retina of the eye or the sound of the
voice can reliably identify a person. Soon it will be possible to authorize
the use of electronic information in Smart Cards by using a spoken word
or the touch of a hand.
Also, Smart Card readers will be appearing on the PC and will enable the
user to pay for goods purchased over the Internet. This will be especially
useful for small value purchases, which are not really appropriate for
credit card transactions. If you have products that have relatively low
value - for example a few pages of information about your product that
customer may pay 50c for - they may well pay you in the future using a
Smart Card.
84
As a smart infrastructure for mobile computing, Smart Card technologies
will prove to be the killer application for the networked economy. The
Smart Card will be "charged up" with money and you will use it as you
do cash or a phone card. In the near future, the traditional magnetic strip
card will be replaced and integrated together into a single card by using
the multi-application Smart Card, which is known as an electronic purse
or wallet in the Smart Card industry. It will be used to carry a lot of
sensitive and critical data about the consumers ever more than before
when compared with the magnetic strip card.
Smart Cards are a relatively new technology that already affects the
everyday lives of millions of people.
This is just the beginning; soon it will influence the way we shop, see the
doctor, use the telephone and even enjoy leisure!!!
85
Research & Methodology
1. Title
Recent trends in banking system in Indian with special reference to mart
card are the title of my research project. Banking sector and the new
technology both are correlated and also banking sector and law also
corelatedand have wide impact on society. Being a law student I am to
study banking sector and new trends of technology.
2. Objective of Study
Objective one:
To determine the recent trends in banking sector.
To determine the relation banking and society, new technology &
society and smart card & society.
To know about the impact of new technology of banking system as
like smart card on society.
To know about the new technology and recent trend in banking
system.
To find out of problem of smart card user customer and banks.
Objective two:
To determine customer perceptions towards banks and their
expectations from banks.
To determine the feedback on smart card services provided by
banking companies.
86
To study the new trends in banking system and its products.
To determine the legal issues of the smart card user customer & banks.
3. Types of Research
Descriptive:
sample size and methods of selecting sample :-
For the satisfying the major objectives of the research, I have gone for
both primary and secondary data collection. Which are following?
Source of data collection:-
Research will be based on two sources.
A). Primary data
B). Secondary data.
A). PRIMARY DATA
Questionnaire:
Primary data was collected by preparing questionnaire for customers.
B). SECONADARY DATA
Secondary data will consist on different literature like books, which are
published, articles, Internet, Different banks manuals and website of
banks, different website of relevant to smart card.
In order to research relevant conclusion, research work needed to be
designed in a proper way.
87
This research methodology also included:
Familiarization with the concept of banking and its various services.
Through study of the information collected.
Conclusion based on finding.
Significance to the Industry
This is a limited study which takes into consideration the response of 40
people. This data can be exported to take in the trends across the banking
industry. The significance for the banking industry lies in studying these
trends and issues that emerge from the study. It’s a rapidly changing and
evolving sector. A study like this can attempt to guide the future of the
industry based on current trends as like smart cards, credit card and
information technology.
I have to met person and asked them from which area are they belong.28 person said they are
belong to urban area and 12 person said rural area.
Urban area Rural Area
28 12
My next question was that is any bank in your area all of them said yes,
and then I asked them whether they have any account in bank all of them
asserted it.
My next question was which type of account they have opened .32 people have saving accounts and 8 person have current account.
Saving Account Current Account
32 8
88
Afterword I have asked they are using ATM card and credit card. 38 person using ATM card
and 15 person using both cards.
ATM Card ATM card + Credit Card
38 15
Afterword I have asked they are using Credit card and smart card.15 peron using credit card
and only 10 person using both Credit card and mart card.
Credit Card Credit card + Smart Card
15 10
My next question was about the E- banking and smart card services. 26
people know about that but 10 people know about smart card service.
30 person bearing account in government bank ant they prefer to take
facilities.
15 person uses the smart card and like it facility.
Most of person don’t know about smart card even they are not aware
about the E- banking and smart card ,credit card and other new
technology.
Significance for the Researcher
A vast knowledge about banking sector , banking history , Smart card
trends, Smart card facility , E- Banking smart banking etc and
knowledge about different new trends in banking sector.
89
Sampling Unit:
The respondent who were asked to fill out questionnaire are they
sampling units. These comprise of servicemen, Retired person
businessmen professionals housewives and other etc.
Sample Size:
The Sample size was restricted to only 40, which comprised of mainly
people from different region of Udaipur city due to time constraints.
Sampling Area:
The area of the research was UDAIPUR CITY {RAJATHAN} INDIA.
4. Limitation of the Research
A.) The research is confined to a certain parts of Udaipur city and does
not necessarily shows a pattern applicable to all of country.
B.) Some respondent were reluctant to divulge personal information,
which can affect the validity of all responses.
C.) In a rapidly changing industry analysis on one day or in one segment
can change very quickly .The environmental changes are vital to be
considered in order to assimilate the finding.
90
CONCLUSION & SUGGESTION
In conclusion as has been rightly noted by working group that the
applicability of various existing laws and banking practice to new
technology is not least and is still evolving, in the field of banking system
,there is a need for constant review of different law relating to banking
and technology.
I would like to emphasize the role of institution and incentives in
ensuring globalization that benefit all. The global giants in banking all
over the world are named by Indians and education in India. The best of
technology for the most sophisticated banks in the word is provided by
Indian companies and by Indians in foreign companies. Yet banks in
India do not as yet appear to be world class. Now a day’s banking
industry is expanding in remark areas and people of those village areas
are also talking benefits of these facilities private plays are also attracting
in these areas because of RBI guide lines. Thus we can say that Indian
banking system well developed that is why it is mostly affected by
recession time. One reason is this is that the regulatory authorities and
various legislation. Competition are also playing main role in
technologies upgrading in banking industry.
Recent new trends are very important in banking system, E- banking,
Information technology, Credit card; Debit card and Smart card are very
useful service provided by banks. New technology saves the time of
customer n also banks. Most of people who lives in urban areas they
know aware about to smart card uses n new technology but in rural area
91
people don’t know more about smart card and, credit card and new
technology n new services about banks.
After studying the doctrinal part conducted a survey to find the result
related to recent trends in banking system. I prepared a questionnaire and
took a sample 40 respondents and conducting a survey and found out
same conclusion about the vise of people about banking services which
are being discussed below.
1. That mostly respondents are using banking service but some of them
relating to professions and business are using as a main of monetary
transaction in day to day routine.
2. The ratio of male or females is not similar; women participant in
banking services is less then males but I being increases day by day.
3. 60% Respondents says that they people ATM and Credit Card and
30% prefer Smart Card.
4. Mostly general people are not aware about rules and regulation and
legal provision but some highly educated people pay deep interest in
such provisions.
5. 60% people user of banking services know about e-banking, 27% says
somewhat and 10% says that don't know. In result be can says that
people are more aware and using latest facilities of banking services.
6. Credit card and Debit card is more useful facility than Smart Card so
banks should have to expand and make easy to service of smart card.
7. In overall result we can say that most of respondents are satisfied with
banking services including Smart Card. They are using but few
respondents which have even faced any problem that are not satisfied.
92
Bibliography
Rankl, W., W. Effing. Smart Card Handbook. John Wiley & Sons.
Guthery, Scott B., Timothy M. Jurgensen (1998). Macmillan
Technical Publishing.
Allen, Catherine A. (ed.). Smart Cards: Sizing Strategic Position
Opportunities. Irwin, 1996.
Business Wire. March 3, 1997. Motorola and MicroModule
Systems Team on MCM for breakthrough display technology
implemented in Gemplus Smart card Reader.
Business Wire. March 4, 1997. Entrust Technologies Launches
Partner Program.
Data Based Advisor. March 1997.
JavaCard API. Frequently Asked Questions Version 1.1 October
25, 1996.
M2 Presswire. February 17, 1997.
PR Newswire. February 4, 1997. Frost & Sullivan The Future Is In
the Cards.
The Scotsman. March 5, 1997. Credit Firms Cash in on Security.
Smart card by Prof. Dr. Andreas Steffen
Workshop of future banking organize by HMA & ISB 2004.
93
Institute for Development and Research in Banking Technology
www.cardshow.com
www.chipcard.ibm.com
www.compinfo.co.uk/tpsmrt.htm
www.gemplus.com/presse/java_1.html
www.javasoft.com/pr/1996/oct/pr961029-02.html
www.sl.com
www.slb.com/et/cyberflex_faq.html#q1
www.slb.com/et/cyberflex_faq2.html#q9
www.slb.com/et/universe_of_smart_cards.html
www.visa.com
www.wikipidia.com
www.smartcardbassic.com
www.CyberAdsstudio.com
www.smart-card.com/
www.india-reports.com
www.vikalpa.com/pdf/articles
94
QUESTIONNAIRE
Recent trends in Banking System with special reference to
Smart Card
[With special reference to Udaipur city]
1. Name _____________________________________
2. Gender Male Female
3. Age
Below 20 Year 20-30 Year
3Year More than 50 Year4. Occupation
Business Professional
Service Retired
Housewife
5. Where are you from?
(a) Urban Area
(b) Rural Area
6. Is there any Bank in your Area :
(a) Yes
(b) No
7. Do you have any Bank account?
(a) Yes
(b) No
8. Which type of accounts you are using?
(a) Saving Accounts
95
(b) Current Accounts
9. Are you using ATM Card?
(a) Yes
(b) No
10.Are you using Credit Card?
(a) Yes
(b) No
11.Do you know about Smart Card?
(a) Yes
(b) No
12. Are you using Smart Card?
(a) Yes
(b) No
13.Do you know about E-Banking?
(a) Yes
(b) No
14.Do you think that Smart Card is most important service of Banks?
(a) Yes
(b) No
15.Are you aware of different policies and scheme of the banks?
(a) Yes
(b) No
16.Which type of Card you have taken?
(a) Credit Card
(b) Smart Card
96
17. From Which medium did you get the information regarding the Smart
Card?
(a) Advertisement
(b) Bank Employee
(c) Other Customers
18.Do you have information about other facilities provided by Bank?
(a) Yes
(b) No
19.Generally what is your medium of transaction?
(a) Through Check
(b) Through Card
20.Is any member of you family has availed the facilities provided by
bank?
(a) Yes
(b) No
21.Do you think that the internet facilities provided by banks save the
time of customers?
(a) Yes
(b) No
22. Do you pay any transaction fee which transecting though cards?
(a) Yes
(b) No
23. Do you know the terms and conditions regarding internet banking
provided by your banks?
(a) Yes
(b) No
24.Are you satisfied with services provided by the banks?
97
(a) Yes
(b) No
25.According to you which card more suitable to general people?
(a) Credit Card
(b) Smart Card
98