Smart cards have their own microprocessor. This microprocessor enables smart cards to not only store data but also update the data it stores, receive data, make decisions about data that it stores and receives, and detect unauthorized attempts to read its contents.

The overwhelming majority of smart cards is used in telecommunication applications. In many countries, this was driven by the use of smart cards as payment cards for public telephones and as subscriber information modules (SIMs) in mobile phones that use GSM (global system for mobile communications) technology.

The smart card manufacturing industry is highly concentrated, with three companies producing almost three-quarters of all smart cards viz., Gemalto, SchlumbergerSema and Giesecke & Devrient.

The smart cards that these and other manufacturers produce are of two basic varieties: those that require contact with a reader to be accessed (contact smart cards) and those that do not (contactless smart cards). With the exception of a small antenna embedded in the contactless card, the basic design of the two is the same. Both have an integrated circuit embedded in a credit card-sized piece of plastic. The contact card, however, has a small gold plate about one-half inch in diameter that covers the circuit. This plate is used to make contact with the electrical connectors inside a credit-card-like reader and allows data to be sent to and from the chip.

Since contactless cards can communicate with an antenna or coupler unit without being inserted into a reader, they are ideal for transactions that must be processed very quickly, such as mass-transit or toll collection activities.

Smart card integrated circuits, or chips, are manufactured from silicon wafers just like other computer chips. These circuits are bonded to aluminum contact areas (to ensure readability) and encapsulated in an epoxy resin before being embedded in plastic cards.

The card portion of smart cards, like magnetic stripe cards, is manufactured from sheets of plastic, except smart cards have a small channel milled in the card deep enough to fit the encapsulated chip. The computer chip, having been embedded in the card, is tested to ensure that the resulting card functions properly.

Since smart cards have a central processing unit (CPU), an operating system, and different types of memory contained on their computer chip, their anatomy is very much like that of a personal computer's. Smart cards depend on power supplied to them either directly from an electrical connector inside a card reader or indirectly from the radio frequency transmissions of contactless readers. The main functional elements of the chip include:

The chip’s central processing unit interprets and executes instructions delivered to it by the operating system.

The read-only memory stores data that, once written, cannot be changed or removed. For this reason, chipmakers store the card’s operating system as well as various testing and diagnostic functions in the ROM portion of the chip. ROM’s content does not depend on power.

The random access memory acts as the central processing unit’s “scratchpad.” It can store and modify data written to it during a session of use and be accessed as many times as necessary as long as it is supplied power. When it stops receiving power, its contents are permanently lost.

For data that need to be modified or erased, like application data, chipmakers use electrically erasable programmable read-only memory (EEPROM). EEPROM is very similar to a personal computer’s hard disk, since the data stored on it can remain in the memory in the absence of power and be continuously modified during a session. In smart cards produced thus far, this memory is eight or 16 kilobytes. In contrast, a magnetic stripe card has only 0.14 kilobytes of memory.

Smart cards offer virtually unlimited application possibilities. Storage capacity is a maximum of 32 kilobytes (KB) per card or more at time, to store,

• Personal information
• Electronic purse transactions
• Prepaid telephone transactions
• Personal authentication information
• Personal finance transactions
• Health-care data
• Loyalty program information
  

Smart cards are composed of an IC, an interface between the IC and card reader, and a body. Smart cards are differentiated by the IC type, size, and the method of communication with the reader.

Smart-card ICs provide the logic for specific card applications. The ICs are memory chips or microprocessor chips .

Smart-card memory chips are used for data storage and identification applications. Data can consist of any information required for transmitting to a specific application. The main use for memory smart cards is to store keys and certificates for cryptography. Keys function as passwords to secure environments, and certificates verify the authenticity of keys.

Memory smart cards are built with erasable programmable read-only memory (EPROM) or electrically EPROM (EEPROM) chips. EPROM, which can only be changed once, is often used in prepaid service cards such as telephone calling cards that count off minutes used and then are discarded. EEPROM, which can be changed up to 100,000 times, includes built-in logic that can be used to update a counter in prepaid service cards.

A memory chip's architecture (and thus, cost) varies, depending on the application.

However, the manufacturer identification (ID) and the application ID fields in the architecture are the same for all memory card chips. The smart-card reader uses these fields to communicate with the card.

The application ID includes:

• Card issuer
• Card serial number
• Other user information (depending on the card application)

The serial number is unique for each card. Optional fields on memory chips include counter logic, data, and secret codes or keys. Application developers have options for several memory-card structures to meet design requirements.

Smart-card microprocessor chips are smaller, slower versions of the central processing units (CPUs) used in PCs.

Smart-Card Microprocessor	PC CPU
8-bit machine	32-bit machine
3.57-MHz speed	Up to 1-GHz speed

Their programming capability provides for many uses. Different applications can even be combined on a single card. Microprocessor smart cards are required for applications that manipulate or compare data, such as public key infrastructure (PKI) data encryption, Java applets, and electronic purses.

Every microprocessor smart card has an OS on the chip to operate the internal functions of the application. The OS loads off of the read-only memory (ROM), much like a basic input/output system (BIOS) on a modern PC. The primary function of the card OS is to enable memory access. The OS also manages the security functions that these cards typically perform. A microprocessor card, using an OS, has a predefined behavior that allows the card and application to communicate using predefined commands.

Smart-card microprocessors use either open-OS or OS-like programs. Open-OS applications are easier to write because software developers use programming interfaces that they already know. The development code is the same code used to write a program for an Intel or PowerPC machine; thus, the learning curve is eliminated.

Three of the open-OS card standards include:

• Microsoft® Windows® for Smart Cards - uses common Microsoft Windows API calls
• Multi-Application Operating System (MULTOS) - developed by the MAOSCO1 consortium for financial transactions with emphasis on security
• Sun Microsystem Java Technology - provides for dowloading and running Java applets
  

OS-like programs use proprietary software solutions for specific applications that are usually developed by the smart-card manufacturer. Because a developer must learn a proprietary code, the software is initially more difficult to write, but can provide additional security from hackers.

Card readers provide the physical link between the smart card and the host.

The host can be a PC or a stand-alone device. The reader delivers power, initializes the card, and acts as the mediator between the smart card and the host.

Power is delivered to the smart card through a contact on the micro-module of contact smart cards or by inducing current through the antenna of contactless designs.

Initialization is a specified protocol that all cards must perform. All smart-card readers support the initialization of any smart card, but they may not support the card after it switches to its specific application.

A reader's view of a smart card is called card awareness. Most card readers support both of the two view options:

Aware —

• Readers view the physical card structure, and act as a translator between the host and the card. Memory cards require the aware view because the reader must know the exact address for the data.

Generic —

Smart-card reader devices are transparent - or standalone -type hardware.

Transparent-reader hardware, sometimes simply called a reader, requires a host for all signaling functions, including initialization and application. This type of hardware has no internal logic, except for a line driver to condition the signal between the card and the host. A transparent reader is similar to a PC soft modem; a host drives the reader and the card. This requires more support from the software, which must understand the electrical design of the reader and how to communicate with the card. The driver must also have the logic to support the aware view for communication with memory cards.

Stand-alone reader hardware, sometimes called a terminal, includes all of the logic required to initialize a card and to act as mediator between a memory card and the host. For example, the host may deliver a large packet of information to the reader to pass on to the memory card. The reader has to check the packet, and sometimes break it into two packets, before sending the information to the smart card. This means the host is only concerned with communication to the reader and not the smart card. Stand-alone hardware functions as a pass-through for microprocessor cards. The OS defines all of the commands that a microprocessor card understands, so the reader is not required to intervene. Transparent readers require more drivers than stand-alone equipment, but are cheaper to manufacture and easier to change. Stand-alone readers, although more expensive than transparent devices, have generic driver sets that define the communication between a reader and a host. Memory-card drivers are built into the logic, making driver management easier, but the reader can become obsolete unless the drivers can be upgraded.

EMV is primarily designed to tackle card-present fraud. The introduction of EMV microchip cards requires retailers and banks to upgrade their POS devices and ATMs to the EMV standard. The process known as EMV migration can take a year or longer to complete. So to ensure that payment cards can still be used during the migration period, the new secure cards will still continue to carry the old magnetic stripe bearing the cardholder’s signature for some years to come.

The magnetic stripe also ensures that the cards can still be used in places where EMV is not yet adopted. The EMV microchip almost eliminates skimming and lost and stolen card fraud in card-present environments in EMV-compliant locations.

Driven by savings in telecommunications and fraud costs, the banking industry has embraced smart card over magnetic stripe technology. Since a smart card can authorize purchases based on data stored on its chip, each purchase does not require a phone call to a card issuer’s remote authorization system. Given that telecommunication costs are higher issuers have realized telecommunications savings by not having to authorize each purchase by phone.

In addition, use of personal identification numbers (PINs) verified by the smart card at the point of sale has significantly lowered fraud costs. Unlike debit cards that transmit a PIN over a network for verification, smart banking cards can verify a PIN without the number ever leaving the confines of the smart card reader, thus precluding the need for authentication via phone lines.

By reducing the per transaction fees that merchants were required to pay issuers each time a smart card was used, merchants were willing to accept smart cards.

Magnetic stripe credit cards cost credit card issuers about $0.50 each, while single application smart cards offering the exact same functionality as a magnetic stripe card cost about $0.99 each. Smart cards that can run multiple applications (e.g., having credit card functionality and managing a rewards program) store 16 kilobytes of data but cost almost four times as much as magnetic stripe cards — $2.89 each.

Real selling point is ability of chip cards to store multiple applications. A single computer chip on a single plastic card could remember consumers’ passwords, ensure secure online shopping, store coupons and loyalty program information, and reduce the costs merchants pay for fraudulent card use.