Smart Cards

  1. Location
  2. Home page
  3. Service & News
  4. Blog
  5. Smart Cards

Smart Card System Design Considerations

2020-06-06 13:09:28 M&W SmartCard 53

Is it your job to deploy a smart card system? Are you unsure where to start?

When developing a smart card system, several factors should be considered in advance. Careful planning will help you avoid problems and optimize results in the long run. Consider, for example, the type of information that you will store and how you will protect and share that data. Additionally, you may want to avoid overrunning the system with too many features in the beginning. It could confuse users or create unnecessary difficulties for management. While the inclusion of smart cards requires careful planning and consideration, its advantages are worth the effort. Smart cards and secure elements are the industry standard for identity and device authentication, secure transactions, and the protection of data and assets. The following list of questions and recommendations is intended as a rough guideline to help you get started.


Getting Started: Important Considerations for Smart Card System Design

The First Four

  1. Do you require an original smart card system design? Or, is there an existing application that you can leverage?

  2. Is there a clear business case? Does it include financial and consumer behavior factors?

  3. Will the smart card handle data, value, or both? Adding a value function increases system design security and complexity.

  4. What are the card’s most essential features? With multiple functions, you must prioritize. Start with the most important feature and phase in additional features incrementally.

.


Security

  1. What are your security requirements?

  2. Does all of the data need to be secured (protected)? Or, only some?

  3. Will you include biometrics? Fingerprint, iris, face, signature, and/or other? Do you require 1:1 matching or 1:many?

  4. Will the biometrics be stored in the smart card’s chip for user privacy and distributed user authentication?

  5. Who will have access to this information?

  6. Who will be allowed to change this information?

  7. In what manner will you secure this data? (e.g. encryption, host passwords, card passwords, PINs, etc.)

  8. Should keys/PINs be customer or system activated?

  9. How will you identify the card issuance and versions?

  10. Will the system utilize PKI and Digital Certificates? If so, how will they be managed?

  11. What about security printing options? (e.g. guilloches, microprinting, holograms, hidden images, etc.)

Basic Setup

  1. Will the smart card system be single-application or multi-application?

  2. Are there industry standards (e.g. ISO, EAL, or ETTSI) to conform to for specific encryption or chip requirements?

  3. What information do you want to store in the cards?

  4. How much memory is required for the applications?

  5. If the system is multi-application, how will you separate different types of data?

  6. Will data be obtained from a database or loaded each
    time?

  7. Will this data concurrently reside on a database?

  8. How many smart cards will be needed?

  9. Have card or infrastructure vendors been identified? What are their lead times?

  10. What are the required readers, handsets, terminals, and software?

  11. Is a Card Management System (CMS) necessary?

  12. How many types of artwork will be included in the issuance?

  13. Who will design the artwork?

  14. What is needed on the card (e.g. signature panels, magnetic stripes, embossing, etc.)?

Deployment Recommendations

  1. Establish clear and achievable program objectives

  2. Analyze the application and IT environment

  3. Make sure the organization has a stake in the project’s success and that management buys into the program

  4. Set a budget

  5. Name a project manager

  6. Assemble a project team and create a team vision

  7. Graphically create a data flow diagram

  8. Assess the card and reader options

  9. Write a detailed specification for the cards and system

  10. Set a realistic schedule with inch stones and milestones

  11. Establish security parameters for people and the system

  12. Build your on-card and host file structures

  13. Phase in each system element and test as you deploy

  14. Reassess your system for security leaks

  15. Deploy the first phase of cards and test the system

  16. Train the key employees responsible for each area

  17. Set up a system user manual

  18. Check the reporting structures

  19. Create contingency plans, should problems arise

  20. Deploy and announce your system

  21. Advertise and market your system

Value Applications

  1. Is the value in your cards re-loadable or designed for one-time use?

  2. How will you distribute the cards?

  3. How will cards be activated and loaded with value?

  4. Will there be a refund policy?

  5. What is the minimum and maximum value to store on each card?

Smart Card System Design Considerations


Recommended content

Home
Product
News
Contact us