The Security Committee of the Smart Card Industry Association (SCIA) has launched a two-part effort to help the industry manage security issues.
“First, we want to help educate card developers about the many facets of card security,” said Committee Chairman Gilles Lisimaque of Gemplus. “Second, we’re forming a Fast Response Team of experts in security issues who will provide factual information to the media when card security becomes headline news.” The effort was announced at a committee meeting held December 9, 1997, prior to the start of CardTech/SecurTech ’97 West.
Smart card security should not be a competitive issue, Lisimaque said. Smart cards are only one part of the security issue, which involves readers, and other systems–both human and electronic. “We need to ensure that smart cards are a strong link in that system. Working cooperatively with everyone in the security loop will help optimize card protection from unauthorized access.”
The results of this kind of effort go to the heart of security issues–protecting brand equity in the marketplace. Product and service branding has become one of the few areas in which a company can create a sustainable competitive advantage and is often cited as a factor in a company’s strong stock price.
The Educational Effort
The committee’s educational effort will span the smart card industry, but focus on card developers. Developers need information on the importance of balancing such security issues as cost, level of protection and sophistication of barriers to unauthorized access, but aren’t getting all they should have, Lisimaque said.
Educational activities will include creating white papers on a variety of security issues, gathering and sharing information with members, and inviting security experts to talk at committee meetings.
The committee also will search the Internet and contact other organizations for information on security issues and share that with members. Information Technology Security Evaluation Criteria, for example, could be helpful to card developers, even though they do not specifically address smart cards.
In terms of inviting security experts to talk at committee meetings, an executive of a major banking credit card company presented his company’s perspectives on financial security to committee members at the meeting in San Jose. The executive presented the company’s security testing procedures for consideration as industry standards.
The Fast Response Team
The second part of the effort is forming a SWAT-style spokesperson cadre of industry experts who can satisfy media inquiries for factual information on smart card security issues.
“When a crisis hits, this Fast Response Team will help the media better understand card security issues so they can report on news developments more accurately,” Lisimaque said. Team members will be recruited from manufacturers, resellers and consultancies. Included in this activity will be an ongoing effort to identify rumors and other misinformation circulating in the industry and proactively defuse them.
Besides the education and the response team activities, the committee plans to study the need for a separate Privacy Committee within SCIA.
The Security Committee of SCIA serves as a “meeting place” for members to discuss smart card security issues and to share information so they can develop better security solutions within the card applications they help develop.Details