A few years later, testing began for phone cards in France, which was the first large-scale implementation of IC cards. These tests were followed by initial tests of automated teller machine cards with chips. The first large smartcard application in the United States was by the Department of Agriculture. A peanut marketing card was issued to every eligible farmer. Farmers then took their crops to an authorized buying point. Computers at the buying points calculated the value of the peanuts and recorded it on the card. The data was then transmitted to a central source. The Wyoming Special Supplemental Nutrition Program also started using smartcards for electronic benefits transfers in 1991.
 
Meanwhile in Europe, France implemented the first large-scale deployment of smartcards used in pay phones. Schlumberger had acquired several companies, enabling it to implement public key infrastructure using smartcard technology to, among other functions, manage digital certificates. France was again a leader in 1992 when Carte Bleue debit cards were introduced. These cards required a personal identification number (PIN) to be entered for each transaction (one exception was small highway tolls). Also implemented were “electronic purse” smartcards. These cards store balances on the card so no connectivity to a network is required to complete a transaction.

EMV (Europay MasterCard Visa) has been around, in some form since 1993. This is when the three organizations above agreed to technical standards for smart cards to be used as debit and credit cards. The current standards include backwards compatibility with the 1998 standard. The equipment is in wide use in most countries except the United States. Mastercard was the first company to accept EMV cards in the United States beginning in 2014. Chase has also begun using the technology for some of its newer offerings. There is still a feeling among some segments of the industry that there is adequate security already in place to protect against credit card fraud and the additional costs of implementing EMV is not warranted.

There are several types of smartcards including contactless technology. The most common application of these cards is in toll road collection and mass transit fare payment.

In contrast, contact smartcards have contact pads that are read using electricity to store and transmit data originated from the card itself. There are hybrid cards that have a dual interface that uses both contact and contactless reading capability.

The chip card interface device uses a standard USB connection to interact with a computer or other device. It looks like a USB dongle and is used mainly as a security device. When will smartcards be in wide use in the United States?  The Payments Security Task force (an industry group) reported that nine top card issuers would have 50 percent of their cards chip enabled by the end of 2015. The cards selected depend upon whether the card is business or personal and whether the card holder has requested a chip-enabled version.

Many merchants already have EMV processing terminals installed. In some cases, though, these terminals have not been enabled, so a standard swipe is still required. A more secure method than the mag stripe swipe is the NFC-payment app on smartphones. Most all EMV payment terminals also have NFC readers.

When the October 1 deadline for merchants to install an EMV terminal occurs it will bring with it a liability shift from the card issuer to the merchant in case of a fraudulent transaction. Some merchants may decide the cost of the upgrades is not justified to cover what they may consider a low chance of fraud. There are other security considerations besides the processing terminal itself such as storing the card number in point-of-sale systems and encrypting data that is stored.

There are many applications for smartcards besides financial that include identification, work-related security, student IDs and digital television streams, to name just a few.

Chip-and-pin cards will certainly provide additional security to cardholders, merchants and card issuers, but it is not perfect technology and could still be breached in some cases.

Geoff Griswold is a field engineer and general manager of the Omni Group, an IT services company specializing in the hospitality industry. He can be reached at geoff@atlantaomnigroup.com or (678) 464-2427.