The smart card, long derided as a solution looking for a problem, may finally have found it.
Sellers of the technology are optimistic as never before. More and more bankers are climbing on the bandwagon - even in the notoriously skeptical and resistant United States.
Billions of the plastic cards with computer-chip memories have been issued worldwide. They seem capable of improving payment-system and marketing efficiency and of helping to usher some developing economies into the 21st century.
But this progress came only after years of fits and starts and soul- searching, and there is surely more of that to come. In view of technological acceleration and market whims, it is still not 100% certain that the phenomenon, as understood today, will have much more longevity than a prepaid, disposable telephone card.
Though integrated-circuit chip cards passed technical and market tests time and again, they left many bankers and other potential users cold. Why go to the trouble - and billions of dollars of expense - to retool the retail payment infrastructure just to automate small-value cash transactions?
Then along came something that was bigger than banking or payments - the Internet - and suddenly smart cards took on some of the glamour and promise of electronic commerce.
Simple cash loading and unloading are nice conveniences, but American bankers were carping for years that they saw no "business case."
By contrast, a security mechanism for encrypting and authenticating transactions over open networks, potentially guaranteeing that cardholders are who they say they are and allowing many services to coexist on a card with no risk of privacy loss or sharing of unauthorized information - that begins to sound like a business case.
Smart cards can do all that. They could even hold a cardholder's fingerprint or other biometric characteristics. A parallel explosion of smart card and biometric products is on view this week at the Cardtech/Securtech conference in Orlando.
"Security is what will drive smart cards," said David Weisman, senior analyst of Forrester Research.
Stratton Sclavos, president of Verisign Inc., a provider of digital certificates for on-line transactions, has predicted smart cards will be "the wallets of the future."
"Some sort of smart card or token will be involved in every security solution," said Jim Bidzos, president of RSA Data Security Inc., the data encryption standard-setter that has been especially influential in its support of the MasterCard-Visa Secure Electronic Transactions protocol for Internet payments.
It was at the last RSA-sponsored security conference - a major industry event held each January in San Francisco - that chip cards etched themselves into the communications security mind-set. At every turn was a company or exhibit touting a token-based data security method. If the token was a PCMCIA computer card or some other piece of hardware, it was easily convertible into a cheaper and more versatile package - a smart card.
To be sure, smart cards as security tokens were months if not years on the drawing boards before that sudden flowering in San Francisco. The new awareness followed logically from the credit card industry's SET project, which was on few security people's radar screens even a year earlier.
William Powar, a former Visa executive and now head of a Palo Alto, Calif., consulting firm, Venture Architects, said that when he brought up the subject of smart cards at the 1996 RSA conference, the common response was, "What do we need them for?"
James Chen, president of the firewall and secure-gateway vendor V- One Corp., has also been saying "I told you so."
"I predicted more than a year ago that SET will force the smart card to become an important piece of technology," Mr. Chen said. Encryption keys, the all-important scrambling and de-scrambling codes, "have to be really protected. It needs strong hardware-based security.
"I was right," he said. "Look at the major role SET and smart cards played at RSA('s conference). I see a strong deployment of smart cards when SET is deployed."
The convergence of SET and smart cards, though perhaps boding well for both, has a flip side: Both struggled, and are still struggling, to catch up with expectations. In the time it takes to get up to speed, technology can throw unpredictable curves.
"Today's limited technology can put you behind the curve for future applications," said Mark Dresner, principal, Infinite Technology Group, Mineola, N.Y. "Banks should be looking at solving tomorrow's problems."
He said technology advances soon could make it
possible to put a powerful 16-bit computer on a card, opening huge possibilities for security and other enhancements.
Smart cards were not part of the first contemplated solution for SET. When the principals started talking about a standard in 1995, hoping to finish the task relatively quickly, they dealt with contemporary Internet reality. (They also set themselves back several months over technical and political disagreements - a sometimes overlooked human-nature hazard.)
The SET panel, which included GTE Corp., International Business Machines Corp., Microsoft Corp., and Netscape Communications Corp., set out to enable credit card transactions from personal computers. The necessary digital certificates would reside on PC hard drives. A cardholder away from the "home" PC would not have access to those certificates for electronic payment. Thus, the "virtual credit card" could be seen as less convenient than the real plastic thing.
The answer: make the certificates portable. The vehicle: smart cards.
But then there is the rather daunting problem of interface - making the smart cards readable by home computers or any other relevant device. The technologists were on the case.
Mondex, the electronic cash system developed at Natwest Group in London and now the property of MasterCard International and almost two dozen banks around the world, sparked an initial burst of card-reader ingenuity. Internet access and card-to-card transferability were basic aspects of the Mondex design and needed appropriate hardware.
A year ago, Microsoft and Hewlett-Packard Co. joined the French smart card manufacturers Bull and Schlumberger, and Siemens-Nixdorf of Germany in forming the PC/SC Workgroup. Their goal was to promote smart card readers on PCs and technical standards for interoperability. The proposition later attracted still another card maker, Gemplus, into the fold, among others.
Saying it will be years before SC readers are prevalent on PCs, Fischer International Systems Corp. of Naples, Fla., has thrown Smarty into the mix. It is a modified 3.5-inch diskette that turns a PC drive into a smart card reader.
Meanwhile, digital and virtual wallets, like Mondex's hand-size card-reading "sleeves" and those Microsoft and others want to deliver on PC screens, are beginning to proliferate. Oki Advanced Products, for one, offers a smart card Value-Checker, a compact balance reader that can link to a PC for transactions. Verifone Inc., soon to be a subsidiary of Hewlett-Packard, developed the Personal ATM, which can hook right into a phone line.
At an even more basic level, technology is being propelled by Java. The Sun Microsystems Inc. computer language, tailor-made for distributing programs securely over the Internet, gave rise to the Java Card API - applications programming interface - which is generating a bandwagon effect of its own.
Almost without exception, the smart card community saw Java as a revolutionary programming advance that would smooth out technical differences, speed service innovations, and slash costs.
"I said security will drive smart cards," said Mr. Weisman at Forrester in Cambridge, Mass. "Make that security and Java."
At First Union Corp., an endorser of Sun's recent Java Card 2.0 release, senior vice president Edgar Brown said dealing with multiple terminal vendors in the 1996 Visa Cash trial in Atlanta was "expensive and time-consuming."
He said Java will accelerate and lower the cost of new smart card applications at unattended points of sale, sporting facilities, universities, tollways, and elsewhere.
"Acceptance of Java Card creates the critical mass that will enable widespread deployment of this new technology," said Henry Lichstein, vice president of Citibank, another big-name backer.
Potentially the most important Java Card signing was Visa International. The biggest of the bank card groups is basing on Java its counterattack against MasterCard and Mondex, which Visa contended is mired in a fixed, inflexible, obsolescent operating system.
When Visa unveiled its strategy in March, president Edmund Jensen suggested Java is a breakthrough of such magnitude that Mondex would do the industry a service by migrating to it. "It is imperative that we converge on common platforms," he said.
Mondex, seven years in development and confident it is well out in front of the new-money pack, cannot be expected to change on a dime. But neither is it likely to ignore progress, as indicated by its plans for an operating platform that accommodates Java.
Tim Jones, the Mondex inventor who is now head of U.K. retail banking at Natwest, said current smart card chips containing up to 8,000 bytes are "very constrained." He sees no operating system improving on how Mondex uses that capacity.
"Java will become interesting as the real estate on the chip opens up," Mr. Jones said.
