Smart cards are poised for growth in 2006, according to an analyst report, but as far as the Canadian market goes, some industries are smartening up faster than others.
Smart cards are embedded with microchips that can be programmed to hold data and other personal information for identification and authorization purposes. They can be used as security identification for physical access to buildings and other areas or for providing digital identity for accessing data and applications.
In particular, healthcare, government and financial services are industries where many smart card implementations are taking place. These are typically organizations that maintain huge amounts of sensitive information, according to Joe Greene, vice-president, IT security research for IDC Canada.
“The more sensitive information, products and services that organizations have, the more likely they will be using smart card technology,” Greene said.
Regulatory compliance, continued development of international standards, an increasing need for two-factor authentication and growing incidents of identity fraud are market forces that are setting the stage for the anticipated growth of smart card technology, according to IDC Corp.
Two-factor authentication is a security process where a user is asked to provide two means of identification – something you have and something you know – usually a token or card issued to the user and a PIN number or password which the user has memorized. Three-factor authentication typically adds some form of biometric identification, such as fingerprint or voiceprint.
Regulatory developments south of the border will also likely influence how Canadian companies manage and secure corporate data and sensitive information, Greene pointed out.
For instance, the U.S. Federal Financial Institutions Examination Council (FFIEC), in its new guidance titled Authentication in an Internet Banking Environment, recommended that banks implement two-factor or multi-factor authentication as another layer of IT security for their customers, the IDC analyst added. The FFIEC publishes standards and guidance for banks under the Federal Deposit Insurance Corp.
“[What] you’re going to see in the financial services community in Canada, (is that) as their counterparts in the United States start to adopt dual-factor smart card technology for online banking, that is certainly going to have a spillover effect into Canada,” said Greene.
The Canadian card payment industry’s move towards smart card technology is also expected to accelerate the growth of the technology, Greene said. MasterCard earlier announced that it will introduce chip-enabled payment cards by 2010.
The IDC analyst pointed out, though, that smart card adoption in Canada is still in the “early stages” but that the next three to five years will see “increasing penetration” in the market.
An executive at security systems provider Veridin Systems Canada, however, has given a longer estimate for the maturity of smart card in Canada.
“In the next five to 10 years, companies will start adopting [smart cards] more…with the advent of the different types of threats as far as identity management is concerned,” said Colin Doe, CEO at Veridin in Toronto.
The reason, said Doe, is that most companies have already invested considerably in certain technologies that are now firmly embedded on their systems and switching over to smart cards would entail a “considerable expense.”
Veridin recently completed a smart card implementation at Trillium Health Centre in Mississauga, Ont. The technology is being used for physical security for employee access in and out of the building, as well as in certain areas of the hospital.
“[Trillium] looked at what they’re going to be using the smart card for, mainly for security, but they also took a long-term approach to see what else they could use the card for. And as such, decided that the smart card would be the way to go so that they can have those (other) technologies,” said Doe.