Card technology is a general term for machine readable storage mechanisms built into or onto a plastic card at the time of manufacture. Some technologies provide simple identification of the card through a coded number whilst others provide memory storage capacity for the purposes of attaching to an individual card information pertaining to the card holder for use in a variety of applications.
Each card technology presents challenges to those who would choose to copy or duplicate that card with its stored information. Some technologies are rather open to such attempts whereas others are designed to make such attempts very difficult and costly.
The choice of card technology for an application centres on the entire application architecture (ie how the application will work from card presentation through to central system function back to service delivery) and the security level demanded by the application in question. For example if I am using a card to identify me for borrowing a library book there is a very different set of security parameters to the case where I am using a card to identify myself for access to a Nuclear Power Plant.
So in each case all architectural and security parameters must be well understood in order that the most cost effective card technology is selected for the application.
The most fundamental issues that must be resolved in selecting the most suitable card technology are:-
- On or Off Line
- Will the transaction, be it ID, payment etc be conducted on or off line ie will there be a direct connection to a central host / database or will the transaction be limited to the card / terminal pair.
- Some systems may be conducted in batch mode ie the transaction itself is off line but is stored for batch up loading to a central system.
- It is important to consider this issue very carefully. The cost of on-line transactions is decreasing with the falling costs of telecommunications. The flexibility of off line transactions is also increasing with the ready availability of card technologies with significant memory capacity and security facilities. The bottom line – cost – is always the final determinant.
- Do not make the mistake of prejudicing this process by deciding in favour of a particular card technology before this fundamental architectural issue is well understood and resolved.
- Closed or Open Systems
- Are you intending to limit the utility of the system to a single service provider. A good example of a closed system is an access control system. By definition, you only want the card to work in designated buildings. The system is owned by an organisation which definitely does not want the ID cards used else where nor is it permissible that cards issued by another employer permit access to the first organisation's premises.
- An example of an open system is the EFTPOS network. Cards issued by CBA may be processed through a Westpac terminal and vice versa. The card technology that each issues must therefore be compatible. This openness results in more convenience for users and consequential wider system uptake. For businesses with a critical mass imperative, this form of standardisation is necessary and desirable.
- An application must be analysed with respect to the need to exclude unauthorised system usage and/or access. The greater the potential gain to an unauthorised party should fraudulent access be achieved, the greater the security barrier required.
- Were a system to store cash value on a card, the security measures required at the card level would be much more substantial than if the card were being used simply for ID to access a gymnasium. Moreover, were the system to store cash which could be used widely in an open system, the security barrier required would be much higher than if the value could only be redeemed for one service only eg payphone calls.
- Once the essential architecture and security conditions are well understood there will usually be a shortlist of appropriate card technologies. It is then that cost analysis must be performed in detail. The ratio of cards to terminals will determine where cost sensitivities lie. Clearly if I have roughly one terminal per card eg mobile phone, the cost of the card is not the driving factor. On the other hand if my ratio of cards to terminals is of the order of 1000 eg in the case of payphone cards, then my card cost sensitivity is very high.
- Following all of these considerations, an informed, logical choice can be made as to the most appropriate mix of card and terminal technology. The above considerations may become more complex as the security technologies employed escalate in strength and complexity. Key management and logistics issues may be hidden costs which must also be considered across the lifetime of the system.
COST / SECURITY COMPARISON OF VARIOUS CARD TECHNOLOGIES:
Tell Me More About:
Or ask us any Card Technology question for a quick reply
Designed & created by indent.com.au
All Content © Copyright 1999 indent.com.au,
& © Copyright 1999 Security Magnetics Pty Ltd
All images are used with permission of original owners.
Reproduction by permission only please.