The smart card is celebrating its 50th anniversary today. From the filing of the first patent on March 25, 1974 to the biometric payment card, a look back at a true French industrial success, which has today established itself as a global standard for everyday payments. We explain why.
This is called a misconception. According to our exclusive survey, carried out in partnership with YougGov France65% of you consider that the chip on your bank card can easily be hacked, compared to 22% who believe the opposite.
However, here, it is indeed the minority who are right. “ The smart card is deemed to be inviolableit’s a hyper-secure safe,” explains Amaanie Hakim, vice-president in charge of innovation at IDEMIA Secure Transactions.
It is precisely for this reason that this French invention, which is celebrating its 50th anniversary today, has become a global standard. For payments, but more generally in all sectors (telecommunications, transport, businesses, now identity documents, etc.) requiring a practical, inexpensive and secure means of authentication.
A French invention celebrating its 50th anniversary
Go back half a century. On March 25, 1974, French inventor Roland Moreno filed a patent with the National Institute of Industrial Property (INPI) for a “ memory card », integrating, in a plastic rectangle less than a millimeter thick, an integrated circuit capable of storing and processing information.
France’s particular history with the smart card does not end with this initial patent. It is also the first country to industrialize and generalize this invention. First in telecommunications, with the famous calling cards distributed in more than a billion copies from 1984 to 2014. Then in the banking sector, with the emergence of the chip payment card.
Before the chip, the embossed number and the magnetic stripe
Obviously, the history of the card that we commonly call “banking” largely precedes that of the smart card. The first credit cards appeared in the 1950s in the United States. They take the form, originally, of a simple rectangle of cardboard issued by the Diners’ Cluba credit company founded in 1950. It allows the bearer to be authenticated as a member and serves as a means of payment in certain affiliated restaurants.
Over the years, even before the chip, the object became more sophisticated and its acceptance grew in businesses of all types. At the end of the 1960s, the embossed payment card, which features an embossed unique identification number, allowing it to be printed on tracing paper slips. Then comes the era of electronic payments. Since 1971, in France, the famous Carte Bleue – whose acronym CB is a generic term – “has a magnetic strip allowing the use of a confidential code and avoiding merchants having to send transaction slips to banks”, recalls BNP Paribas on its website.
More than 50 years later, these innovations have not completely disappeared. Although they tend to disappear quickly, the embossed number and the magnetic stripe are still present on many cards in circulation. But they have long been supplanted.
Bank card: why the embossed numbers have (almost) disappeared
The hegemonic chip since 1993
It was in the second half of the 1980s, more than 10 years after the patent was filed, that the chip began to be deployed on a large scale on payment cards.
Since 1993, the France becomes the first country in the world to generalize it. A breakthrough that accompanies another world first : in 1984, the French banking industry set up a national card payment system, ensuring interoperability between different networks. It “is now possible, for all holders of different cards, to make payments and withdrawals wherever they wish”, summarizes an article published on the website of BNP Paribas.
These tricolor innovations were then deployed internationally, from 1997, and ended up becoming global standards in 1998, with the adoption of the EMV standard (for Europay Mastercard Visa). It is still, today, EMVcoan organization bringing together the five main global payment networks (2)which guarantees the interoperability of card payments, sets security standards and certifies the chips.
However, it will take many years to see the smart bank card become established everywhere: its generalization dates from 2006 in Europe and of 2015 in the United States, long refractory. We’ll come back to that.
The chip, robust against fraud
50 years after its invention, the chip now equips all tens of millions of bank cards issued each year around the world. And this, despite an initial handicap: its manufacturing cost, a well-kept industrial secret, which can be estimated at around a few euros. Much, much more, in any case, than embossing or a magnetic stripe.
However, it is easy to understand why the banks made this choice. “The chip increases the price of the card, but the return on investment during its generalization was rapid, thanks to the savings made on fraud”, explains Sébastien Loison, specialist in payment, electronic banking and risks issues within the consultancy firm Finegan.n. Clearly, the chip has imposed itself, because it is, by far, the most robust technology against fraud.
11 euros stolen for 100,000 euros paid
The numbers show it. In France, in the first half of 2023, the fraud rate for card payments using the chip (those called “proximity payments”) was 0.011%, or €11 stolen per €100,000 paid. (3). This is barely more than the safest means of payment, the transfer (0.010%) and much less, for example, than the check (0.076%). These frauds, moreover, are never linked to a defect in the chip, but rather to the bearers themselves, who communicate their secret code to their loved ones, write it down in their wallet for fear of forgetting it or have it extorted from them. under the threat.
The skepticism about the security of the card, detected by our survey, undoubtedly finds its origin in fraud resulting from online payments, the rate of which is, in fact, 14 times higher (0.153%). It must be remembered that this type of payment (and this is the problem) does not use the security of the chip, but only the numbers written in plain text on the card.
An intelligent mini-computer
To understand why the chip is so effective against fraud, we need to get a little more technical. What is it for ? How does it work?
To simplify, we can compare it to a mini-computer, capable of storing, processing and exchanging information.
First there is the visible part of the chip, this small metal rectangle which adorns the front of the card. It’s about a contact area, which allows the exchange of information with the electronic payment terminal (TPE) of the merchant or the machine (parking lot, toll booth, gas station, fast food restaurant, etc.). A “plug” which also allows the chip to be supplied with electricity.
Below this contact area is a microprocessor in which all the information necessary for payment authentication is stored: the name of the holder, his bank, the card number, as well as a whole series of parameters allowing to determine whether a payment must be authorized or not. Because this mini computer is smart. “He is capable of making decisions,” explains Sébastien Loison. “Should we contact the bank for such payment or not, depending on the amount, the type of merchant and other criteria allowing the level of risk to be assessed? The decision will potentially not be the same depending on whether you pay at the supermarket on a Saturday afternoon or at a nightclub on Sunday morning. »
This on-board intelligence allows, first of all, the card to be more reliable. In particular, it authorizes so-called “offline” payments, that is to say authorized without contacting the bank: “In this case, only the security embedded on the card is used,” explains Amaanie Hakim.
Above all, the smart card is able to carry much more security. In particular cryptographic keys increasingly complex, in ever smaller and more energy-efficient chips. Because no information is written there in plain text : everything is coded in a secret and evolving language, which only the payment terminal is capable of understanding.
“The card itself is not just a piece of plastic meeting a standard. All the intelligence is in the chip, it is the hotspot », summarizes Sébastien Loison. Intelligence which is also used for contactless payment, since the NFC antenna now integrated into the cards is connected to it.
Does the chip have a future?
It is therefore because it was less intelligent, less reliable and less secure that the magnetic track ended up being abandoned. “Cards with a magnetic stripe were prone to fraud because they were very easy to clone. The secret stored there was always the same,” explains Amaanie Hakim, from IDEMIA. “Smart cards are impossible to clone. »
It is this fundamental difference which finally convinced American banks to migrate to smart cards, after having been reluctant for a long time due to their additional costs. It was in 2015, and this date owes nothing to chance. In 2014, the Target supermarket chain suffered a massive breach: its cash registers were infected by malware and the data on tens of millions of cards was stolen, opening the door to the manufacturing of millions of magnetic card clones. Result: since 2015, American merchants who do not accept chip cards have been held responsible in the event of fraud.
Could the chip suffer the same fate as the magnetic strip? This is unlikely, at least in the medium term. Constant progress in miniaturization allows cards to embed increasingly powerful chips. Capable, for example, of encrypting your fingerprint on biometric bank cards that have already appeared on the market. Or even to resist, the industry hopes, the formidable computing power of future quantum computers with which cybercriminals will, sooner or later, be equipped.
How to get a free bank card?
(1) Survey carried out on 1,010 people representative of the French national population aged 18 and over. The survey was carried out online, on the YouGov France proprietary panel, from March 19 to 20, 2024. (2) American Express (United States), Discover (United States), JCB (Japan), Mastercard (United States). ), UnionPay (China), Visa (United States). (3) Source: Observatory for the security of means of payment, Banque de France