Recently, the Lucky supermarket chain had many of its self-checkout stands “hacked” by technically sophisticated persons who were able to insert a device in the checkout machines that captured credit card numbers and PINs and transmitted that information wirelessly to receivers unknown. Because Lucky’s management took its sweet time informing customers whose cards were hacked, there was a lot of notoriety that accompanied this particular scam.
The weak link in this scam as in many others, is the ubiquitous credit/debit card. Given the technology extant today, these cards have to be among the most vulnerable devices in the modern world. I think most people would be amazed to know that there is a solution to the vulnerability of these cards, and that it was invented in 1968! That solution is known colloquially as a Smart Card.
Smart Cards usually look like regular credit cards, but they have a chip imbedded in them that contains a processor, memory, and, in some cases, a wireless transceiver. You may be familiar with one form of smart card , often called a transponder, that is used to automatically pay bridge and road tolls. When you pass through the tollgate, your transponder sends a signal to a reader in the gate that identifies your vehicle. That data is then used to debit your account for the toll.
The chip in the card is programmable. It can, for example, store biometric information, such as fingerprints or retinal scan data. It can also be powered without needing a battery using an inductor that can capture power from a radio signal.
Despite the obvious advantages of a smart card over and above a dumb one, they have never caught on in a major application. The big application is, of course, credit/debit cards. Although Visa, Mastercard and Europay worked together in the early 1990s to develop a smart card specification, it was never implemented. The banks claimed it would cost more to replace credit card readers with smart card readers than the losses they sustained from credit card fraud!
Today, smart cards have, with one exception, been relegated to special applications such as company security access and club membership cards. The one generic application in use today is the SIM (Subscriber Identification Module) cards used in GSM mobile phones in Europe.
I recall working with an Australian company that had invented a system it called BagTag. The idea was that airline baggage tags attached to bags and the claim stubs carried by passengers would have smart card type chips imbedded in them. A checked bag’s registration would be captured at the baggage check-in counter. Then, when the passenger checked in at the gate, his claim stubs would be read and compared with those of the checked bags. If the readings failed to match, security would know immediately that there is a problem. Unfortunately, the airlines were unwilling to try it, and the company did not have the resources to develop and sell it without financial support from the airlines. Aside from the security benefits of the application, the system could also be used to find lost baggage more efficiently than the bar code system currently being used.
Thus, the benefits of smart cards are obvious, and for many applications, cost-effective as well. They would go far to protect consumers from ID theft and would effectively address many security issues. Reluctance to change the way things are done on the part of banks, credit card processors, etc. is the culprit, exacerbated by a lack of leadership by government entities.
Think about how airport security problems would be resolved if travelers had to carry smart cards that identified them with 100% reliability. How about eliminating credit card ID theft? The solution is the smart card, but the prospective users are too dumb to see it.
If you are interested in reading more about smart cards, take a look at the Wikipedia article on the subject.