Thanks to recent advancements in smartcard technology and NFC, some of these seemingly futuristic options may soon become realities. However, there are some larger security issues that preclude the widespread adoption of smartcards in some environments.
While smartcards are in use today in a variety of applications, there has always been a great deal of trepidation about their widespread deployment. This is the result of several factors, some of which have been mitigated in recent years and some of which have not. These include:
-- Privacy concerns: Any technology that can be used to collect or share personal information will always draw the ire of privacy advocacy groups, whose voices can be quite loud and politically active. For every customer that would appreciate a customized purchasing experience that would be created as a result of smartcard technology, there is another who does not want personal spending habits collected, sold, and fed back upon walking in a retailer's door.
-- Lack of standards: The absence of industry standards crippled early innovation in the smartcard market, and successful deployments of any smartcard-like technology were proprietary and application-specific. Today, a handful of standards have shaken out, and these standards are setting the stage for the broader adoption of smartcard-enabled applications.
-- Security issues: There are varying levels of concern when it comes to smartcard security. From an enterprise perspective, there is always the threat that an employee's smartcard could be lost or stolen and then misused. Could it happen? Absolutely. However, well-communicated policy about not sharing PINs, along with the requirement that any lost card be immediately reported, will significantly reduce the security threats associated with a lost or stolen smartcard.
Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)