Professional Documents
Culture Documents
Latin America:
grow to a 16.4% share of the total market by
2011.
Interestingly, Central and South America
is ranked fourth out of nine regions in the
Opportunities for
UN’s Global eGovernment Readiness Report
2005, which places North America, Europe
and South and East Asia in the top three.
The Latin America government smart card
government
markets in Latin America, the government ID
sector will grow at the fastest rate over the next
four years.
10
Card Technology Today • May 2007
feature
sector utilising the greatest number of deployments in the country has been extremely Government Agency issued it. The CAC is the
smart cards was health and social services, positive, not only because of the smart card principal card used to enable physical access
comprising 48.9% of the total Latin American programmes launched in association with ICP to buildings and controlled spaces and is used
government smart card market. National ID Brasil itself, but also because it has raised the to gain access to the DoD’s computer network
programmes came in a close second, with profile and acceptance of smart cards as a valid, and systems.
40.5% and applications which accounted reliable and secure technology for government As of August 2006, over eleven million
for a significantly smaller share of the total and public sector initiatives. CAC cards had been issued. The cards have
government smart card market were driving been issued on a decentralised basis at over
licences with 8.1%, government employee ID Interoperable smart card 1,400 sites in 27 countries and at over 2,000
programmes with 2.0% and ePassports with
0.5%.
standards workstations, clearly illustrating the benefits
Given that a number of smart card deployments of interoperable smart card standards.
So, while there are ePassport pilots Following the roll out of the CAC, a dedicated
are already well progressed in the region and
underway in Brazil, Mexico and Venezuela GlobalPlatform Government Task Force has
that Latin American governments generally
and smart driving licences have been deployed worked closely with the US Government to
appear to be embracing smart card technology
in El Salvador, Mexico and Argentina, health extend GlobalPlatform’s systems technology
to address eGovernment objectives, reduce
and national ID programmes are really the – specifically its Messaging Specification – to
costs and improve services to citizens, the
driving forces behind the smart card market support the unique issuance requirements of
future growth of the regional smart card
at present. Two implementations of particular the Personal Identity Verification (PIV) card
industry looks certain.
significance in terms of card volume are the for the US Federal Government. This will
To ensure that current investment in smart
Mexican health care card and the Brazilian naturally benefit governments beyond that
card infrastructure, and the technology
Public Key Infrastructure programme. of the US and as an extension to this work,
itself, is protected for the future, however, it
In the first quarter of 2006, a nationwide GlobalPlatform aims to develop a White Paper
is vital that government decision makers are
initiative in Mexico was launched with the in 2007 which states GlobalPlatform’s value
fully educated on and aware of the benefits
aim of securely storing patient information, proposition in relation to eID initiatives.
and scope of basing smart card solutions on
ensuring citizens receive correct healthcare Another example of a government using
open, interoperable standards, such as the
benefits a n d re d u c i n g p a p e r b a s e d open specifications is the Macau Government.
GlobalPlatform specifications.
administration. Seguro Popular, a Mexican In 2003, its Identification Department (DSI)
Governments in Latin America may
Government social security organisation, commissioned the distribution of multi-
reference many successful smart card
began rolling out 3.7 million smart cards to its application smart-card based identity cards
members, each containing patient information, implementations by governments world-
to all of Macau’s 460,000 citizens, resident
prescription details and an ePurse which will be wide, including Austria, Morocco, Moscow,
within the Chinese Special Administrative
used to load the patient’s health care subsidies. Poland, Qatar, Saudi Arabia, South Korea,
Region (SAR), with a target completion date
On each visit to the doctor the patient will the Sultanate of Oman and the USA, to
of 2007.
produce his/her card, which can only be read clearly understand the benefits offered by In January 2003, distribution of the 460,000
by authorised healthcare professionals, and open standards, regardless of the complexity GlobalPlatform multi-functional cards began.
patient information can be viewed and updated of the requirement. The cards have built-in security features to
in real time. It is anticipated that the cards will Using the US Department of Defense prevent forgery, such as the use of fingerprint
be successful in reducing administration costs (DoD) as a widely recognised successful matching for automated identity verification.
while minimizing the potential for benefit model, it is clear that open standards provided They also allow the uploading of other
fraud. the solution to a specific issue – being able to applications to realise Macau’s eGovernment
Meanwhile in Brazil, the Public Key use one card, known as the Common Access goals among others. The ultimate vision for
Infrastructure (PKI) programme led by the Card (CAC), across different government the smart card is for it to serve as an all-in-one
National Institute of Information Technology, agencies and for use in both the physical and card combining, for example, ID card, driving
which is a federal agency linked to the logical access context. license, student card, medical card, social
Presidency of the Republic of Brazil, is one In 1999, the US DoD began work on a security card and possibly ePurse functionality
of the largest electronic government digital programme to issue a smart, common-access for secure electronic transactions.
credential programmes using smart cards identification card to 4.5 million active While these are just two examples of many
and tokens in Latin America. Established in duty, Selected Reserve, DoD civilian and government smart card programmes globally
2002 by the Brazilian Government, the PKI eligible contractor personnel with a target which are based on interoperable technology,
– known as ICP Brasil – aims to minimise completion date of April 2004. The CAC the numerous gains provided by open standards
paper based administration by using Internet is a smart card standard established by the include greater flexibility, economies of scale,
services. It provides digital identity credentials Government Services Administration (GSA), a multi-sourcing opportunities, faster time to
to individuals and corporations in order to file key purchasing arm of the US government, in market and the ability to share card space
electronically signed documents. According conjunction with various military departments. with strategic partner organizations or other
to Brazilian law, any electronic document is The CAC card utilises GlobalPlatform government departments / agencies. Issuers
legally valid if it is certified by ICP Brasil or technology to simplify the process of who adopt open standards also stand to benefit
any other PKI where the concerned parties multiple government agencies deploying an from the long term assurance that their current
agree on the validity of the document. interoperable smart card. The ultimate goal investment in a smart card infrastructure
Naturally, the scope of this initiative is is to be able to use a CAC anywhere that is protected against future changes in their
vast. Its impact on encouraging smart card the cards are accepted, regardless of which technical or strategic approach. The flexibility
11
Card Technology Today • May 2007
feature
offered by an interoperable smart card At this stage in the market’s lifecycle, As leading industry bodies, with synergistic
environment allows the programme to evolve governments throughout Latin America can goals across diverse smart cards sectors,
in line with future business decisions and clearly benefit from the experience, knowledge and including government, financial, mobile
market considerations. decision-making processes of other governments telecommunications, healthcare, transit and
which have already deployed successful smart retail, and many geographies world-wide, it is
A synergistic relationship card solutions world-wide. GlobalPlatform and hoped that this event will be the first of many
Current trends and future forecasts show that the Smart Card Alliance hosted the Smart Cards collaborations and joint initiatives between
the government smart card market in Latin for Government and Payment in Mexico in May the two organisations.
America is growing at a significant and rapid to address this clear need for regional industry This feature was provided by Kevin Gillick,
rate. Smart card technology is fast becoming discussion and education around the benefits executive director, GlobalPlatform and Randy
Vanderhoof, executive director, Smart Card
a cost-effective, safe and proven facilitator of of smart cards, best practice implementations
Alliance. They can be contacted at: kevin_
eGovernment services and the roll out is set to and the advantages of deploying products and gillick@globalplatform.org or rvanderhoof@smart
continue for the foreseeable future. infrastructure based on interoperable standards. cardalliance.org
and two-factor
leverage their considerable investment in the
technology and use it for security purposes.
Europe is ahead of other regions in this respect
with forecasts from MasterCard predicting
authentication
the percentage of EMV-enabled cards in
Europe at 67% this year. The banking and
financial services industry is starting to wake
up to the need for greater security for online
transactions. With Gartner warning that static
Forrester Research forecasts that, in Europe alone, over 130 million people will be passwords will become obsolete in two years,
using remote banking services by 2007, up 75 million compared to 2005. This trend the industry is moving towards wide-spread
has been welcomed by banks and financial service providers, who can keep branch implementation of two-factor authentication.
costs low, while increasing transaction frequency. At the front end, customers are In the US, federal regulators went as far as
afforded greater freedom and more immediate control over their finances. to state that banks must have two-factor
authentication on their websites by the end of
However, a less welcome trend accompanying More recently, criminals have been using
2006.
this development is that of fraudulent increasingly sophisticated spy-ware including
transactions, notably card-not-present (CNP)
fraud. Historically, banks have relied on the
trojan horses, key logging and screen scrapper
programmes, which capture screen shots to
Current authentication
use of static passwords to enable remote access obtain end-user credentials. solutions
to banking applications. However, highly To minimise the financial impact of this A range of security solutions is currently
sophisticated fraudulent techniques are fast type of fraud, and bolster customer confidence, available including tokens, smart card readers
rendering this one-factor authentication system banks and other financial institutions have and devices that generate one-time passwords
obsolete. Statistics released by APACS in March begun to upgrade their current password- (OTP). Pocket-sized EMV-compliant smart
2007, reveal that online banking fraud in the based authentication solutions to stronger, card readers incorporating a challenge/response
UK increased from £23.2 million in 2005 to two-factor authentication. capability appear to offer the most promising
£33.5 million in 2006, whilst card-not-present Common implementations of two-factor long-term answer to online authentication
(CNP) fraud grew by 16% to £212.6 million authentication (2FA) use ‘something you know’ problems - at least in European and Middle
in 2006 from £183.2 million in 2005. These as one of the two factors, and either ‘something Eastern markets. Not only do the readers
losses are being compounded by the increasing you have’ or ‘something you are’ as the other leverage the considerable investment by the
customer reluctance to use online financial factor. A common example of 2FA is a bank banking industry in EMV chip card migration,
services which they deem to be insecure card (credit card, debit card); the card itself but they can also be extended in scope to cover
One particularly ubiquitous security issue is the physical ‘something you have’ item, and other forms of CNP fraud.
has been the emergence of phishing as the the personal identification number (PIN) is the As for the process itself, banks provide
foremost weapon in the criminals’ arsenal. In ‘something you know’ password that goes with their customers with a hand-held card reader,
very basic terms, phishing involves a fraudster it. The use of a remote card authentication device which does not require a direct connection to
masquerading as a financial institution in order to enter the PIN code that is not connected to a personal computer, and often incorporates a
to steal a customer’s account information. the PC leaves no room for online fraud. user familiar PIN pad. The customer inserts
12
Card Technology Today • May 2007