May 1998

Soon-Yong Choi and
Andrew B. Whinston

(DRAFT)

Internet technologies, through intranet and extranet applications, have proven themselves to be efficient and effective in streamlining existing processes from supply chain management to manufacturing logistics, from marketing to customer asset management, and by creating new value chains and businesses. Nevertheless, these changes and benefits signal only an evolutionary shift in the way we do business. The Internet-enabled economy resembles the conventional physical market in many aspects. Some of the new technologies and applications may even be unnecessary. American consumers, for example, regard smart cards as a redundant payment mechanism when checks, credit cards and ATM cards do an adequate job for current needs. What is the use of smart cards? Do we really need them? Will they ever take off?

This document presents an overview of the smart card technologies and their applications in order to answer these questions. Smart cards are more than collectible replacements of a wallet full of plastic cards. Unlike the read-only plastic card, the processing power of smart cards gives them the versatility needed to make payments, to configure your cell phones, TVs and video players and to connect to your computers via telephone, satellite or the Internet anytime, anywhere in the world. As a smart infrastructure for mobile computing, smart card technologies will prove to be the killer application for the networked economy.

A smart card is a credit-card sized plastic card embedded with an integrated circuit chip that makes it "smart". This marriage between a convenient plastic card and a microprocessor allows an immense amount of information to be stored, accessed and processed either online or offline. Smart cards can store several hundred times more data than a conventional card with a magnetic stripe. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader. A contactless smart card has an antenna coil which communicates with a receiving antenna to transfer information. Depending on the type of the embedded chip, smart cards can be either memory cards or processor cards.

Memory Cards Any plastic card is made "smart" by including an IC chip. But the chip may simply be a memory storage device. Memory cards can hold information thousands times greater than a magnetic stripe card. Nevertheless, their functions are limited to basic applications such as phone cards.

Processor Cards Smart cards with a full-fledged microprocessor on board can function as a processor device that offers multiple functions such as encryption, advanced security mechanism, local data processing, complex calculation and other interactive processes. Most stored-value cards integrated with identification, security and information purposes are processor cards. Only processor cards are truly smart enough to offer the flexibility and multifunctionality desired in the networked economy.

PC Cards While any IC-embedded card may be called a smart card, its distinguishing feature is its use for personal activities. For example, PC cards (also known as PCMCIA cards) have the same characteristics as a smart card but they are used as peripheral devices such as modems or game cartridges. These PC cards are seldom called smart cards since they are extension devices without personalization. In this sense, a smart card is a processor card that allows persons to interact with others digitally to conduct transactions and other personal activities.

Literally, billions of smart cards are already in use. Worldwide smart card sales could reach 1.6 billion units in 1998, up 23% from 1.3 billion units in 1997. Western Europe accounts for about 70% of the current smart card uses, followed by South America and Asia with about 10% each, while North America languishes at less than 5%. However, most smart cards issued today are memory cards (see Table) with limited processing capabilities. Still, hundreds of millions of processor cards are already in use today.

Smart Cards Issued in 1996 (in million units)
____________________________________
Phone cards                      605
Health cards	                  70
Banking	                          40
ID/access cards                   20
Pay TV cards	                  20
GSM cards (mobile phone)          20
Transportation	                  15
Metering/vending                  10
Others	                          10
------------------------------------
Total	                         810
____________________________________
Source: Smart Card Industry Association

Phone cards have become ubiquitous in Western Europe and Asia where coin-operated public phones are becoming nearly obsolete. These pre-paid cards increase payphone operator revenues, allow more sophisticated transactions via public phones, and have become advertising devices as well as collector's items. Although the popularity of phone cards contributed to a widening acceptance of smart cards by consumers, however, processor cards are projected to be the fastest growing smart card uses by the year 2000.

For smart cards to carry out applications, several components must come together. The technology of smart cards include four critical segments.

A smart card begins with a micro-controller produced by semiconductor manufacturers such as Siemens, Motorola and Thomson. This integrated circuit chip is attached to an electronic module by inserting into a cavity on the module. Then, terminals between the chip and the electronic module are interconnected. Finally, the chip-embedded electronic module is glued to a plastic card. The global leader in card manufacturing is Schlumberger who sold about half of all smart cards in use in 1997. A close second is Gemplus followed by Bull and De La Rue of France.

Smart cards may be read by conventional card reader or by wireless terminals. New devices similar to a floppy disk allow smart cards to be read by PC disk drive. Suppliers of POS and ATM card readers have expanded into smart card readers for their product lines, where some worldwide consolidation is occurring. For example, a market leader Grupe Ingenico is buying another player De La Rue of France.

Electronic modules embedded in smart cards have contacts by which messages are exchanged between the card's IC chip and the card reader. International standards such as ISO 7816 have specified which contact handles what type of data but applications must be programmed to manage message exchanges that can be used by networked processors. An interoperable and multi-platform application programming interface (API) is critical for smart cards to carry out diverse functions. Open standards such as Java smart card API provides one of several proposed interfaces. Java Card API in particular offers a development tool for flexible, multi-platform applications–"Write Once, Run Anywhere"–for devices ranging from Network Computers, Web TV, smart phones and other consumer appliances. The industry leader Schlumberger, for example, has introduced EasyFlex and FastOS based on Java API.

The ultimate utility of smart cards is in the functions they carry out–for example, payment process, identification, network computing, health care management, benefits distribution and so on. Application programs handle data read by smart card readers and forward them to central computers located at the other end of the smart card infrastructure such as payment servers in banks, traffic control centers or mobile phone centers, credit card companies, transit authorities, governments, Microsoft and other service providers. Market players and stake holders in this end game for smart cards include a wide variety of firms and institutions including card issuers, content providers, Visa and MasterCard, banks, government agencies, security implementers such as Lucent Technologies, electronics manufacturers such as NEC, and service providers who want to exploit advantages of smart card technologies.

Compared to conventional data transmission devices such as magnetic-stripe cards, smart cards offer enhanced security, convenience and economic benefits. In addition, smart card-based systems are highly configurable to suit individual needs. Finally, the multifunctionality as payment, application and networking devices renders a smart card as a perfect user interface in a mobile, networked economy.

Smart cards incorporate encryption and authentication technologies that can implement issuer's and user's requirements for the highest degree of security. Using encryption, contents and data can be securely transferred via wired and wireless networks. Coupled with biometric authentication methods which rely on personal physical attributes, smart cards are used in distributing government welfare payments in order to reduce frauds and abuse. Health care cards allow doctors to access and manage patient's medical records and insurance information without compromising privacy. Personalized network access cards allow safer and easier management of diverse networks without a significant costs for access control.

One use of the old fashioned memory cards is to replace various identification cards. Smart cards will combine paper, plastic and magnetic cards used for identification, automatic teller machines, copiers, toll collection, pay phones, health care and welfare administration. Universities, firms and governments rely on smart identification cards since they can contain more detailed data and enable many services to be integrated. Health care cards, for example, reduce document processing costs by allowing immediate access to personalized patient information stored in smart cards. Most other smart card uses combine identification function with specialized purposes as in military PX cards, government's Electronic Benefit Transfer cards, and university ID cards that are also used to pay for food and photocopies.

Smart cards reduce transaction costs by eliminating paper and paper handling costs in hospitals and government benefit payment programs. Contact and contactless toll payment cards streamline toll collection procedures, reducing labor costs as well as delays caused by manual systems. Maintenance costs for vending machines, petroleum dispensers, parking meters and public phones are lowered while revenues could increase, about 30% in some estimates, due to the convenience of the smart card payment systems in these machines.

A smart card contains all the data needed to personalize networking, Web connection, payments and other applications. Using a smart card, one can establish a personalized network connection anywhere in the world using a phone center or an information kiosk. Web servers will verify the user's identity and present a customized Web page, an e-mail connection and other authorized services based on the data read from a smart card. Personal settings for electronic appliances, including computers, will be stored in smart cards rather than in the appliances themselves. Phone numbers are stored in smart cards instead of phones. While appliances become generic tools, users only carry a smart card as the ultimate networking and personal computing device.

The processing power of a smart card makes it ideal to mix multiple functions. For example, government benefit cards will also allow users access to other benefit programs such as health care clinics and job training programs. A college identification card can be used to pay for food, phone calls and photocopies, to access campus networks and to register classes. By integrating many functions, governments and colleges can manage and improve their operations at lower costs and offer innovative services.

Smart cards were first developed as a payment method to simplify small value transactions. Commonly called as a stored-value card, the data contained in a smart card represents a monetary value that can be added or reduced as transactions are carried out. This has proven to be useful in Western Europe and Asia where public transportation and public phones are widely used.

In North American, the popularity of checks, credit cards and debit cards makes smart cards a less attractive alternative. But in countries where the public phone system is less than optimal, a smart card-based payment system offers convenience without increasing investment in phone infrastructure. In some countries, the increasing use of smart cards is also leading to advancements in banking services and the acceptance of credit and debit cards by consumers.

A cost effective, secure and convenient alternative to cash transactions is needed as cash is still the most important payment method in terms of number of transaction. Over 80% of transactions are made in cash. Smart cards offer several advantages over checks and credit cards:

• Reduced handling costs
• Improved ease of use
• Lowered costs in infrastructural supports such as banking system and phone networks
• Versatility of combining credit, debit and stored value cards in one convenient platform
• Lower transaction costs
• Ability to carry out offline, online and peer-to-peer transactions

The world leader in smart card payment system is Mondex International which is the international franchising organization that licenses its right to a local Mondex originator in each country. A Mondex originator then creates electronic cash units serving as a given nation's currency. In each country, several Mondex issuers actually issue, distribute and resell cards to consumers. The Mondex card functions as an electronic purse that downloads and stores cash values. Mondex cards are read at time of transaction verified either through telephone line, on site through Mondex wallets which allow transfers between cards, or via the Internet by inserting the card into a standard smart card reader connected to a PC.

Mondex is one of several electronic cash payment systems. Other systems such as DigiCash are purely a form of electronic cash developed for online transactions. However, differences between pure electronic cash and smart card (stored value) based payment system are increasingly less obvious since electronic cash can be stored in a smart card and exchanged offline and a Mondex card reader can be connected to a personal computer allowing online transactions.

A payment function is an integral part of most smart card applications because most services accessible by smart cards must be paid one way or the other. But before smart cards are widely used as a preferred payment method in electronic commerce, two outstanding issues must be resolved:

• legal protection for loss and fraud
• demand and supply for microtransactions

Currently, a cash balance stored in Mondex is not insured or protected against loss or theft. In comparison, a credit card user is liable only to a minimum determined by legislation such as Regulation E. Being a cash equivalent, however, a stored value on a Mondex card is not recoverable if the card is lost or stolen. Several electronic cash payment systems guard against such losses by an elaborate encryption mechanism or a required authentication in each transaction. They, however, add significant transaction costs minimizing their advantages over cash or checks. A cost effective guarantee or assurance on stored values must be established to protect consumers. But legal opinions regarding the liability and rights of issuers and users of electronic cash vary widely. In general, online stored value systems which do not rely on smart cards may be protected by existing Federal Reserve regulations as long as the funds are considered to be in consumer deposit accounts. Offline systems are left to voluntary arrangements between card issuers or financial institutions and consumers.

A more convenient, low-cost payment method is necessary for low-value transactions. There are many examples of micropayments already in use: toll and bus fare collections, copy machine payments, parking meters and vending machines. Coins and tokens used in all of these examples can be substituted by smart cards. However, will there be substantial demand for microtransactions and micropayment methods in electronic commerce? The answer will depend on how information and other digital products are sold online. Bundling and subscription plans are based on aggregating small charges into a periodic bill that is large enough to utilize conventional credit card payments. If sellers and consumers prefer to aggregate products and services, there will be little need for a flexible payment system. On the other hand, unbundling and customizing products require a payment system which can facilitate small charges, for example one or two cents for a Web page. Before smart cards and electronic cash are used widely, the demand for, and supply of, microproducts and microtransactions must precede.

Even when these issues are resolved and smart cards become a preferred payment method for electronic commerce, the excitement over smart card technologies and the ready embrace by many developers of these technologies are due more to the explosion of applications than to being a convenient form of payment. The smart card platform has already expanded into the mainstream computing and commercial arena as a versatile technology to implement innovative services in a mobile network.

A smart card as an interoperable computing device has become the ultimate utility of processor cards. Today's networked societies revolve around accessing the worldwide information superhighways. As more people log-in to the network and more and more activities take place through networks, online security is of utmost importance. Smart card technologies provide strong security through encryption as well as access control based on identification technologies such as biometrics. Information kiosks and phone booths equipped with smart card readers will become network centers. Smart cards are the world’s smallest mobile computers.

Mobile Communications By the year 2000, global mobile networks will enable a real time connection to anywhere, anytime. Global networks based on low earth orbiting satellites such as Teledesic and Iridium are in the works or already in operation. Mobile phones are gearing up to be a truly global communications network via Global Services for Mobiles (GSM) system. Phones come equipped with a smart card slot to enable integrated services. For example, Schlumberger's SIM (Subscriber Identification Module) card can take care of call personalization, payment, security and other services such as linking your phone with your PC using a GSM phone. A smart network can also operate through a reader terminal installed at home or in offices, at a convenient store or a gas station, at an information kiosk in libraries or a phone center at airports or even on a remote hiking trail.

Smart cards go beyond replacing existing cards. Smart cards are interface devices that allow users to digitally interact with firms, consumers and products in the networked world. Smart cards are closer to a personal mobile computer.

Electronic Ticketing Traffic management and fare collection systems often impose heavy operating costs in public transit systems and toll highways. Prepaid cards have proven to be very effective and popular in saving time and resources in managing traffic and passenger flows and improving services. Contactless smart cards send data via radio frequency waves eliminating long lines. The amount of information on smart cards also allow new type of services which are customized for specific groups of users, and the user data can be collected and analyzed by a central server further improving services. Such ticketing systems can also be used in sports arenas, concert halls, amusement parks and other venues processing admissions.

Smart Vending Smart card vending systems are used for petroleum dispensors, various vending machines and parking meters. Smart card-based vending systems not only simplify payment processes but also enable customized services. For example, a smart parking meter can charge a fraction of a minute or levy different amounts depending on the customer profile, time of day or zones. Smart vendors also provide marketing incentives such as discounts and coupons to reward loyal customers based on purchasing behaviors. Smart vending thus allows a total integration of payment, marketing and services in a networked enterprise.

The Smart Village envisioned by Schlumberger, the largest smart card seller, illustrates the vision of a networked world where smart card-based services and products inhabit our every day lives. This smart marketplace includes: GSM payphones and mobile telecommunication, private site smart pay phones, smart ticket vending machines at transit terminals, smart pay and display units at parking lots, smart fuel dispenser at gas stations, contactless, remote and prepaid card terminals in retail locations, smart health care management and network access based on secured, personalized smart cards.

Smart resort cards issued and managed by Leapfrog Smart Products Inc. are smart cards that allow cashless transactions in RV parks for in-park transactions that include admission and usage fees as well as vending and laundry services. Cards are also used to record annual membership payments, to grant physical access to the park, and to store information such as medical records for emergency usage. Several loyalty programs such as coupons and reward vouchers are also stored and managed on the cards.

The infrastructure required for such an integrated service is relatively simple: doors and gates, POS terminals in each RV park, vending machines and washers are retrofitted to accept 8K Gemplus cards which cost about $10.75 each. Operational benefits, as elaborated by Leapfrog, include:

• increased gross revenues
• decreased pilfering and fraud
• decreased administrative cost
• increased security
• streamlined accounting procedures
• increased overall profit

When customer profiles, product information and payment data are combined, a simple smart card becomes a versatile operating, marketing and management tool. One Yellow Rabbit Performance Theatre of Calgary, Canada, has introduced smart card-based season tickets. Using StarGenix smart cards, the season pass is a convenient and cost-saving ticketing and stored-value system. The card contains ticket, performance, reservation and cardholder information as well as a stored-value component redeemable for bar service and the theatre's products sold at its stores.

The key ingredient for smart cards to succeed is interoperability and standardization in hardware and applications. Without such standards, potential card issuers and users take a severe risk in investing in new technologies that may not be compatible with future generation technologies. Hardware standards have been an integral part of smart card development in the last few years while application specific standards have only begun to emerge.

Hardware standards specify physical and communications dimensions of smart cards. International Standard Organization (ISO) 7816 is a global standards which lay out physical characteristics of cards and contacts, transmission protocols, interindustry commands for interchange and rules for applications and data elements. ISO 10536 specifies similar characteristics for contactless cards. Several other ISO standards have been developed or under review which control local and global interchange message specifications, card accepting devices and security architecture.

Application-centered standards are developed to resolve communications and data exchange conflicts between the cards and the institutions which process these data. By limiting to specific solutions, these standards often include both hardware and application standards. For example, electronic purse standards (CEN, Mondex or EMV) describe card's physical characteristics, data and application interfaces and transaction procedures that involve financial institutions. Payment standards such as Secure Electronic Transaction (SET) or Chip-Secure Electronic Transaction (C-SET) are protocols which facilitate exchanging and validating transaction data. For mobile communications based on smart cards, European ETSI standards provide a basic framework under Global Services for Mobiles (GSM) based on Subscriber Identification Module (SIM).

As more industry-specific applications appear, local standards are evolving to manage integrated transactions between end users' smart cards and processing institutions. Such standards eliminate the need for expensive and inflexible custom interfaces and allow industry-wide integration. For example, health care card standards intend to create a common computing framework to identify patients, query their medical data, process payments and allow health care management in a distributed environment. The health care industry is also developing Electronic Medical Record standards to facilitate technological developments and applications. Smart card technologies are only a harbinger of things to come. To maximize their usefulness and promote wider acceptance by users, standards across industry users must be available whether it is for traffic management, electronic benefit transfers, health care or travel services.

Network Computing Standards

With the exponential growth in computing power and a drive toward miniaturization, smart cards will ultimately function as a mobile networking interface for personal use. A group of technology companies under the OpenCard Framework is now working to extend industry standards for network computer into smart cards. A smart card in this capacity is inserted to Network Computers, public phone booths, networked information kiosks and LAN terminals to become your personal computer. A key element in allowing smart cards as a computing platform is an interoperable operating system or an application programming interface which can be incorporated into smart cards' processors. A leading candidate is Sun Microsystems' Java smart card API which allows developers to create multi-platform applications. The much-hyped Network Computers could become terminals that accept Java-enabled smart cards.

Unlike European and Asian consumers, Americans seem to be reluctant to swap their credit cards and ATM cards with smart cards. An average consumer in the U.S. uses his or her ATM cards 15 times per month according to a Star Systems, Inc., survey, and the increased use of cards at POS terminals is the single most important factor in this trend. Compared to this growing trend toward using plastic cards, the reluctance in using smart cards stems primarily from the public's perception of smart cards as an electronic payment system. Although ATM card holders report "some interest" in using smart cards, security is the primary concern in storing money on their cards. Several pilot programs, however, are introducing the versatility of smart cards to consumers.

Several large scale pilot projects are aimed at testing the future acceptance of smart cards. The most publicized try-out during the 1996 Atlanta Summer Olympics had a mixed result. Regardless, transit authorities in San Francisco, Washington, D.C., and Finland are rolling out smart card systems for transit management. 120,000 members of Quebec Soccer Federation of Canada will soon be using smart cards for registration at tournaments, at McDonald's restaurants, and for several promotional and reward programs. States of Ohio and Wyoming are testing smart card technologies to deliver government benefit payments.

Despite growing interests, smart card-based systems are not entirely cost effective compared to many alternatives when one considers only the immediate costs and benefits. For example, a welfare benefit distribution program using magnetic-stripe cards cost less than smart card-based systems due to initial capital investment and the cost of cards. Nevertheless, long-term benefits are substantial. Ohio expects to reduce its monthly cost of benefit distribution from $3.84 to $2.89 per household by using smart cards. In addition, transaction data associated with smart cards allow the state to cut down benefit frauds and abuses substantially.

Larger and more important benefits are less obvious at this stage of smart card technologies. Most smart card applications available today seem only to duplicate functions carried out successfully and effectively by existing methods. The advanced banking and financial systems and efficient communications networks in the U.S. work against adopting smart cards. Like cellular phones which may be useful in less developed countries with limited phone lines and high communications costs, smart cards are readily accepted in countries where consumers and businesses do not trust checks and other debt instruments, or there is a high incidence of inflation, fraud, crime and other factors favoring cash. For smart cards to gain a wider acceptance, interoperable hardware, simple user interface and more applications must appear to satisfy consumers who expect to use the same card in different retail outlets and for different purposes. Considering that Java smart card API was introduced in 1996, smart card technologies do have enormous potential to become the next killer application for the digital economy.

The future prospect for smart cards critically depends on introducing multifunctional cards and overcoming the simplistic view of smart cards as a payment medium. The Internet as a distributed and interoperable computing network provides a perfect setting for smart cards to become the ultimate network computing platform. Further developments in mobile networks and digitally-interfaced consumer appliances all point to smart cards playing the role of the ultimate personal computing and communications devices. In the networked economy where smart cards provide a smart infrastructure, physical products become smart products.

Opportunities largely depend on the developments in applications and a standardized user interface that allow users to interact with smart products over a network.

Smart products, like smart cards, are made smart by marrying physical products with computing power. However, the nature of smart products is changing from a product with a lot of computing power embedded within the product itself to a product with a smart interface. For example, a smart highway is equipped with sensors that interact with smart automobiles which come with their own on-board computers and sensors. Nevertheless, this involves a significant cost to upgrade millions of miles of highways. The marriage between information superinfrastructure and physical highways seems impractical.

The solution is not to equip highways and automobiles with powerful computers but to engineer them to interact with smart devices. With an accurate global positioning system, sensors need not be embedded in highways. The location of a vehicle can be determined by interfacing an automobile's computer with a satellite. Much of the automobile's computing is done through smart cards and remotely connected servers. Similarly, consumer appliances can be equipped with smart card readers instead of installing product-specific computers. For example, cellular phones interact with smart cards to access personal information instead of storing it in each phone. In essence, smart network computers and smart products can be less powerful and more standardized when interfaced with smart cards.

The future of production and consumption is based on customization which often involves unbundling and re-bundling different products, changing contents and pricing individually. Unlike the economy where mass produced goods help reduce production costs, the economy of customization is concerned with increasing choices for consumers. Managing such an economy is challenging as the number of products explodes and transactions become extremely complex.

A smart card-enabled system offers a versatile management tool in such an economy. For example, smart credit cards issued by American Express can be loaded up with airline tickets and hotel reservations. A travel plan may also include rental cars, admissions to concerts and amusement parks, long distance phone bills, food and drinks. Arrangements may change in real time necessitating coordination and adjustments among different vendors. Such an integrated product or service has to be managed by computers and requires spontaneous interactions with all parties involved. Instead of carrying a personal computer to do the job, all transactions within such an integrated (‘portfolio’) service plan can be managed through a single smart card by inserting it into a public or mobile phone or a network terminal at business locations.

By the year 2000, an estimated 2.8 billion smart cards will be issued annually in the world. But 70% of these cards will be in use in Western Europe and Asia while North America will account for only about 12% of the business. Nevertheless, even in North America, the prospect for processor cards is not as gloomy as phone cards. If the current trend will persist, there will be over 100 million processor cards in use in North America. These smart cards allow merchants to integrate products, payment and customer service and customize pricing and marketing efforts based on real user behaviors in real time. Smart cards as a secure payment system has garnered the keenest attention in the marketplace. However, smart cards are an indispensable commercial infrastructure in a networked marketplace which combine the functions of purses, credit cards, ID cards, tickets, coupons and tokens with data for personalized settings. The electronic persona in the digital world will be indeed in the form of a smart card and no enterprise solutions should ignore its potential impacts on business.