Thales Blog

A Billion Here, A Billion There - We're Talking About The Real Need For Security

December 8, 2015


The smart security industry is booming – to the point where we can now only seem to talk about it in terms of 'billions'.

Today, we have billions of chip cards being issued worldwide by the payments industry with high growth rates especially in China, India and in the US, as the October 2015 EMV liability shift makes an impact. Eurosmart forecasts 2.6 billion contact chip cards and 1.1 billion contactless chip cards being issued for financial services worldwide in 2015. Eurosmart also predicts that around half a billion NFC secure elements present in phones (supporting new payment methods such as Apple Pay and Samsung Pay) will be supplied this year – a 40% growth from 2014 and it is easy to see another billion mark being achieved within a couple of years. Furthermore, Gartner predicts that there will be 6.4 billion connected “things” in use during 2016. With so many devices making up the IT infrastructure, this is where the greatest need for strong security lies, as the use cases get more security sensitive.

When we think about these things on this colossal scale, it hardly seems that shocking that at this year’s Cartes Eurosmart revealed that the number of secure elements shipped worldwide this year is expected to rise from 9 billion to 9.8 billion next year.

EMV: foundation of trust

Such growth can be attributed in part to EMV migration with a 32% growth in chip cards issued in the past 12 months. Originally conceived to improve security, protecting cardholder data, payment credentials and card based applications, EMV cards make it virtually impossible to extract information and create counterfeit cards.

But despite its 20 year old maturity, it is clear that EMV cannot be regarded as out of date. In fact, this incredibly versatile technology is playing a crucial role in supporting the future payments infrastructure, moving beyond just cards to mobile (NFC) payments with the choice of secure elements or host card emulation (HCE).

EMV, together with data encryption for card transactions and tokenisation for mobile payments, is now regarded as the entry level of security to combat the main data breach threats out there.

And this is important, because, we are today at a point where there is a crisis of trust. All too often we hear about the latest data breach, with hundreds, thousands or even millions of identities and payment details being extracted from banks and retailers’ databases. Cybersecurity is, today, a fundamental requirement in our digital lives. Perhaps that is why we are seeing the principles of secure EMV technology and banking best practices extending beyond the realms of payments into other industries.

More than cards

Here we turn our attention to the public sector. Eurosmart noted an uptick in the use of secure elements in eGovernment and healthcare sectors, given the importance around protecting sensitive, personal data from attack, especially when it comes to identity and authentication. In fact, governments’ use of smart cards grew by 8% in 2015, and given the importance of reassuring trust and security when it comes to identity, you can be sure that this is a trend we will continue to see grow in 2016.

But high strength authentication technologies such as tokens and smart cards are not silver bullets. Investment in such solutions can actually lead to a false sense of security if the management processes are not carefully thought through and secure. Only organisations that manage identities securely and efficiently can place more trust in their business processes. The ability to manage user identities and effectively control access to data is a critical piece of the puzzle.

This year’s Cartes has made it clear that focus in this industry is no longer on cards. The focus has shifted to put digital identity and authentication centre stage. In the digital world where we measure elements in billions, infrastructure needs to be robust and secure enough for customers to ‘trust’ that their identities are safe.