What is identity management?

Identity Management is a system to manage and define a network user’s access to specific information. This is achieved through the authentication of user, allowing different access levels and restrictions to a specific user based upon settings controlled by an administrator. The identity is verified by having the correct information to gain access to the system.

What is a smart card?

Smart card technology incorporates a micro controller, or chip, that stores information in a secure and privacy enhancing way using electronic functionality and encryption capabilities. Smart cards can take many different form factors including polycarbonate or plastic cards, similar in size to credit cards; ID tokens such as key fobs or dongles; or sim-cards used in mobile devices and cable set-top boxes.

What are smart cards used for today?

Smart cards are used in many industries around the world today, including mobile communication, financial services, healthcare, ID credentials, and travel documents.

Today smart cards are used to allow the distribution of mobile TV without the fear of piracy. Smart cards provide necessary security to mobile communication divices. Smart card technology can transforming mobile phones into contactless devices for touch-and-go applications: transport ticketing, payment, loyalty and other innovative services like smart poster, peer-to-peer or access control. Smart cards are used for contactless payments. Such payments provice speed and convience for low value items, such as fast food, movie tickets, and vending machines. Additionally, smart cards allow for more secure online banking due to the user authentication they require. Smart cards in the healthcare industry have many benefits. They enable security to prevent medical identity theft and fraud and the deployment of an eHealthcare IT system streamlines the prescription process, improves the quality of care given and simplifies electronic healthcare records management through a coordinated health service process. Smart Cards are currently used in E-passports and passport cards, providing a more secure passport or passport card. By using technology our borders are stronger and our nation is safer.

What security capabilities do smart cards support?

Smart cards have advanced electronic technological features that make them more secure than other types of identity solutions. First, the card can verify the reader is authentic in addition to the reader verifying the authenticity of the card before a transaction takes place. Second, the data on the card is encrypted to prevent the data from being compromised. Third, smart cards support biometric identification measures allowing multi-factor authentication. Finally smart cards can utilize personal firewalls to secure sensitive data and ensures only those authorized have access to the data.

How do smart cards help to protect privacy?

Smart cards protect privacy by encrypting the information they contain both at rest and in transit. They support personal identification numbers and biometrics to authenticate users. Additionally, because smart cards incorporate advance hardware and software, they are extremely difficult to counterfeit, fraud or forge.

Why are smart cards better than other ID token technologies?

Smart cards are more technologically advanced than other ID token technologies. Smart cards store sensitive personal information on the card itself, as opposed to on a server. Since the information is encrypted and never leaves the card, it is almost impossible to compromise. Smart cards can also offer three factors of authentication. The individual needs to physically have the card, know a password or pin number, and match a biometric identification. As this illustrates smart cards have superior capabilities to authenticate users and protect sensitive information.

What is a contactless smart card?

Embedded into the smart card is an antenna that enables communication with the reader without physical contact. It works by holding the card or token near the reader usually about three inches away. After an electronic hand-shake both the card and the reader agree they can trust each other and exchange information. This process provides a very high level of security.

Is contactless smart card technology the same as RFID technology?

No, contactless smart cards are a very different technology from RFID tags. Both are wireless, meaning they can communicate using radio like a cell phone, but contactless smart cards are far more advanced and secure. Contactless smart cards have small but sophisticated computers inside them. They deliver the highest levels of computer security to protect your identity, privacy or financial information. Contactless smart card technology is suitable for uses such as identity credentials, passports and payment cards.

RFID (Radio Frequency IDentification) tags and labels are used mostly in manufacturing, shipping and object-related tracking. They have minimal built-in support for security and privacy. Retailers, such as Wal-Mart and others, have been working to use RFID tags to replace bar codes on store-bought items to scan purchases and track inventory. Another important difference is how far away someone can read the cards or tags. Contactless smart card technology has a very limited read range of four inches or less to prevent tracking or eavesdropping. RFID tags can be read from much further away, at distances up to thirty feet. RFID feature lets you find items in a warehouse or identify railcars in transit.

What is contactless payment?

Contactless payment allows the cardholder to hold their card within three inches of the payment reader at an enabled checkout register, gas pump or vending machine. At the point of sale payment is sent wirelessly and securely to the register and the transaction is processed. Cardholders don’t swipe or insert credit or debit card into a reader; making the transaction faster and more convenient. Many retailers accept contactless payment including Dairy Queen, Walgreen's, McDonalds, CVS and Arby's.

Learn How

Secure ID News to Know

  • Making Medicare Smart

    Today the House of Representatives took a significant step forward to protect seniors and ensure the solvency of the Medicare program by unanimously passing the bipartisan Fighting Fraud to Protect Senior Care Act – HR.6690. The bill calls for a pilot program to test modernizing the Medicare card by incorporating smart card technology to prevent waste, fraud and abuse.

    This landmark program will enable front-end authentication of Medicare beneficiaries and providers at point of care and support back-end data analytics to ensure transactions are legitimate. The Government Accountability Office estimates that such a program can positively impact over 22% of all Medicare improper payment and fraud cases. With Medicare waste, fraud, and abuse costing US taxpayers an approximated $60 billion every year, the Fighting Fraud to Protect Senior Care Act will help prevent over $13.2 billion from being lost on a yearly basis.

    We thank Congressman Peter Roskam and Congressman Earl Blumenauer for their heroic effort to protect Medicare for all Americans: beneficiaries, providers, and taxpayers alike.

  • The Five Things IoT Manufacturers Can Do To Future-Proof the Industry

    If there’s one thing that we’ve learned over the past few days since the Internet of Things (IoT) distributed-denial-of-service attack (DDoS) attack gave the Internet brain freeze last Friday is that (1) IoT devices are insecure, (2) we have a really good idea what needs to be done to make them more secure, yet (3) it’s hard to get everyone on the same page in dedicating the resources to actually make them more secure.

    While that might seem like a stark truth, it only makes sense given how our economy and legal system works. Since no one company or device was responsible for allowing the attack, there’s no specific organization to shame or blame. Plus, it’s way too easy to point fingers at everyone else in the room and say there was nothing that could’ve been done, as everyone is responsible. Further, security costs money, and at the moment, companies want to pour their resources into grabbing IoT market share, not plugging holes that may or may not cause problems downstream. Unfortunately, this kind of thinking invites regulators and legislators to step in and attempt to dictate technology standards and best practices to address harms, both real and imagined.

  • Patient Identity: Getting Back to Basics for National Health IT Week

    Monday kicked off National Health IT week! While the United States has made progress in moving towards a more modern healthcare system, significant work remains. There’s no disputing that our medical device and health technology companies are the most advanced on the planet, developing the solutions that are diagnosing diseases earlier, expanding treatment options, and improving quality of life. However, when it comes to healthcare and identity—making sure that the correct data is associated with the right patient, and ensuring that that information is able to be shared, analyzed, and acted upon in a timely fashion—the United States lags woefully behind many other developed nations.