Smart Cards: Opportunities for Public Sector Applications
Smart Cards: Opportunities for Public Sector Applications
Smart card technology has come of age. It provides real
opportunities for improving the delivery of services and reducing
the cost of administration. Smart cards are becoming an affordable
solution to the requirements for a transportable, secure, reliable and
compact device.
CCTA's report on smart cards for the public sector is summarised
on these pages. The report describes how organisations are using
smart cards and their benefits. It details the applications, how the
technology works and the issues to be addressed by people
interested in exploiting the opportunities presented by smart cards.
Introduction
Smart card technology has come of age. It provides real
opportunities for improving the delivery of services and reducing
the cost of administration.
The move towards a service based society and service delivery is
making new demands. The growing telecommunications and
information market requires systems with new security features.
New services in banking, health care, home entertainment and
leisure are creating new applications. Smart cards are becoming an
affordable solution to the requirements for a transportable, secure,
reliable and compact device.
Smart card applications are rapidly expanding beyond the areas that
have historically made the most use of them - banking and
payphones. The banking sector introduced smart cards to reduce
losses from card fraud and to improve card security. In the
European public sector, smart cards are increasingly being used as
portable personal files - for health records, for example, or to store
and update details of eligibility for benefits.
A smart card can authenticate the holder, authenticate the card and
authorise transactions, carrying out all these tasks offline. It is
much more secure than a magnetic stripe card; it has the processing
capabilities of a small microcomputer and can store large amounts
of information.
There are opportunities for savings and increased efficiencies if
information is held securely by individuals rather than being
accessed from a number of different sources. The potential
advantages to the individual are the security, convenience and
flexibility of the card, providing an interface to public sector
information whenever they need it and wherever they are.
Although the cost of smart cards is higher than magnetic stripe
cards, it is falling rapidly. At the same time the processing
capability of smart cards is increasing. The building blocks for a
smart card infrastructure are already available. Cards that are in use
now can allow a number of applications on the card and have built
in security features. These cards could be accessed by a
reader/writer in an Automated Teller Machine (ATM), telephone,
personal computer, television set or vehicle. They can also be used
with touch-tone telephones for services delivered direct to the
office or home.
Organisations that are already using smart cards have reported
significant savings in administration through simplified procedures,
in addition to the benefits of increased security and reduced
transaction costs. Anything that involves exchange of information
or value can be done, cost-effectively.
Applications
There are many potential applications for the smart card. They are
already widely used in Europe and elsewhere in the world. Overall
the annual smart card market growth is predicted to be between
30% and 40% by the end of the decade. Sectors such as
communications are expected to reach 25% growth, transportation
60% and healthcare and banking are the fastest at over 90% per
year.
Only a smart card has the capability to process rather than just store
information. This means it can be used to:
authenticate the cardholder store value in the form of electronic
cash or credits store and process information
A smart card application may use only one of these functions or
may combine them in different ways for different purposes. Some
examples are major pan-European initiatives; others are localised
implementations, perhaps with plans for future integration into
larger scale schemes; some are still at the pilot stage. What they
have in common is a business requirement that is most effectively
met by using smart card technology.
It may not be cost effective - or even applicable - to just adopt an
application implemented elsewhere; but analysis of applications at
local, regional, national levels or beyond may help to identify what
is possible.
Planning considerations
There may be a number of options for the way the smart card
service is provided - including partnership with the private sector.
But however the service is provided, the following planning issues
will need to be considered:
strategic issues - concerning the organisation's business and IS
strategy and the impact that smart cards would have on those plans
and the existing portfolio technology/infrastructure issues -
concerning technical standards and the infrastructure needed to
deliver the smart card service issues of public accountability and
acceptability - concerning responsibilities for protecting the
individual's data and for making the service acceptable to everyone
who wants to use it implementation issues - concerning the plans
needed for successful rollout of the new service and associated
systems.
Data protection issues
There will be opportunities for doing new things and in new ways,
which might include sharing information. The Data Protection Act
1984 regulates what may be done with personal data, through
registration and the eight Data Protection Principles. Everything
that has been developed as good practice in computer applications
should be equally applicable to smart cards but there are some
points that will need particular consideration. These include:
if sharing information across organisations, the information must
be obtained and processed fairly and lawfully. People must be clear
about who will be using their personal data, what it will be used for
and why; organisations will need to consider the statutory
framework within which they work where there is application-
specific data on a smart card, that data must be clearly
"compartmentalised" the entitlement of the cardholder to a copy of
personal information held on the smart card and any associated
databases the risk of revealing information through association;
consider the measures necessary to preserve the confidentiality of
personal information. An issue to bear in mind is whether the
information on the card can be minimised, which would have
security and data protection benefits.
Further Information:
The Office of the Data Protection Registrar can provide advice and guidance on specific issues related to smart cards:
Office of the Data Protection Registrar
Wycliffe House,
Water Lane, Wilmslow,
Cheshire SK9 5AF;
telephone 0625 535777
|