Smartcards are one of those good ideas that somehow, unaccountably, always seem to be in gestation and never quite born, and that’s despite the online banking scares of the last five years.
Good idea they might be but here’s the odd thing about smartcards: nobody much is buying them.
Granted, there’s been a lot of interest, a few trials here and there in places such as the UK, and they have been taken up with enthusiasm in niche applications. But I don’t today know a single ordinary mortal who uses one for anything more complicated than navigating the London tube network, and even that’s about as basic a smartcard application (i.e it’s basically data storage) as one can think of.
So what gives? Innovative Card Technologies recently brought out its DisplayCard, a token card for multi-factor authentication of the sort I earnestly wish my bank would invest in.
There are a number of uses for such a card, but the most obvious one is just logging into an online bank. But where today’s dull plastic cards come with a PIN built in that never changes (unless the customer phones the issuer and that is an event slightly less common than unicorns), this card can create its own, over and over again.
Press the corner of the card and an 8-digit number is generated on an integrated screen every time it is pressed. Remember, it’s identical in outward appearance to most bank or credit cards, so no extra bulk. It makes its own PIN every time it is used forsooth. Others have done much the same using terminals, or by having PINs texted to phones, but this card does it off its own bat.
It also has a PKI chip onboard for email encryption, digital signatures and secure login, among other features, but the idea of long, single-use PINs that come off a simple object such as a plastic card is something that deserves to become commonplace.
A fair plug here for the company that sent me a working example, Actividentity, which builds software systems around technologies such as the DisplayCard to make them do useful work.
The downside of smartcards is that investing in them means fighting against the inertia of a banking industry that has got used to managing fraud using existing systems. Giving every customer an ICT DisplayCard would mean spending on the infrastructure to support and manage them, and allowing for the fact that people lose millions of them every year and they cost more to replace. There’s also the baroque confusion of various smartcard technologies and variations on technologies to contend with.
Assuming someone doesn’t convince the banks that the future of smartcards lies with building them into phone SIMs or something, the mental log-jam will one day be broken. Smartcards are inevitable in some form or other, and ICT/Actividentity’s card would be a great starting point. But you suspect that the customer will not be getting this innovation for nothing. Someone is going to have to pay, but working out who might be what is slowing down adoption.