Carte Vitale, bank card… the smart card is 50 years old. Does it still keep its security promises?

Carte Vitale, bank card... the smart card is 50 years old.  Does it still keep its security promises?

We use it every day without realizing it. The smart card, a French invention which celebrates its 50th anniversary on Monday, is housed in bank cards, SIM cards or even Vitale cards.

This plastic rectangle inlaid with a miniaturized integrated electronic circuit was popular, first in Europe and then around the world, because of its high level of security. Explanations.

How it works ?

It is the equivalent of a “microcomputer embedded on the card”, which will respond securely, yes or no, to security questions from the outside, “without ever giving away the secrets that are put inside”decrypts for AFP Loic Guezo, vice-president of Clusif, a French association of cybersecurity professionals.

The majority of smart cards therefore contain encrypted information. They can be used as a means of personal identification and payment.

The smart card was designed to resist several types of attacks: software attacks “where we will try to hijack security by playing on the commands”, so-called “invasive” attacks which target the silicon of the card, observation attacks where we seek to trace the cryptographic key by observing the electronic signals emitted or even attacks by disrupting the component during its operation, details Jessy Clédière, smart card security expert at the Atomic Energy Commission and to alternative energies (CEA).

Failures or fraud are uncommon. For example, the bank card fraud rate was 0.053% in Europe in 2022, its lowest historical level, according to the Banque de Europe.

What are the alternatives ?

They mainly concern the banking sector with the development of instant transfers, contactless payment or even by mobile where the card is dematerialized and which use short-distance radio wave technology.

The smartphone is a game changer“, recognizes Mr. Clédière, who mentions Apple Pay and Google Pay.

It’s not going to disappear in five years, but in 15 to 20 years, I’m not sure there will be as many smart cards on the ground as there are now.“, he continues.

Are these alternatives also secure?

They present a slightly lower level of security for the experts interviewed.

Remote hacking, online identity theft: “as soon as we dematerialize, we are on digital so there are new types of attacks which are possible, which are not possible on a physical card“, underlines Loic Guezo. “This opens up the field of possibilities for attackers“.

Because to hack a smart card, you still need to have access to it, be physically present, steal it or install a fake card reader on an ATM.

It’s a different act. More difficult“, says Nosing Doeuk, head of technological innovation at the consulting firm mc2i. “You need to have some equipment“.

Disappearance or evolution?

For certain use cases, such as payments of small amounts or everyday purchases, “we are not against having a little less security for a lot more practicality“, note M. Doeuk.

But when you need maximum security, the smart card remains a very robust means of authentication, according to him.

This device has also shown that it can adapt to new security challenges such as the emergence of quantum computers, whose unprecedented computing capabilities can break the algorithms used in classical cryptography.

Thales, the world’s leading SIM card manufacturer, announced in 2023 the creation of a smart card with an embedded post-quantum algorithm, in collaboration with the South Korean operator SK Telecom.

The smart card has no reason to disappear. It’s not obsolete technology and it doesn’t have many inherent flaws“, summarizes Nosing Doeuk, for whom digital alternatives represent a complement, not a threat.