Editing Smart card (section)

== Disadvantages ==
[[File:Carteapuce.jpg|thumb|right|upright|A false smart card, with two 8-bit [[CMOS]] [[microcontroller]]s, used in the 1990s to decode the signals of Sky Television]]

The plastic or paper card in which the chip is embedded is fairly flexible. The larger the chip, the higher the probability that normal use could damage it. Cards are often carried in wallets or pockets, a harsh environment for a chip and antenna in contactless cards. PVC cards can crack or break if bent/flexed excessively. However, for large banking systems, failure-management costs can be more than offset by fraud reduction.{{citation needed|date=February 2013}}

The production, use and disposal of PVC plastic is known to be more harmful to the environment than other plastics.<ref>{{cite web| url =  https://www.greenpeace.org/usa/toxics/pvc-free/| title =  PVC free| date = 29 June 2015| publisher =  Greepeace| access-date =  24 April 2018| archive-date =  25 April 2018| archive-url =  https://web.archive.org/web/20180425115447/https://www.greenpeace.org/usa/toxics/pvc-free/| url-status =  live}}</ref> Alternative materials including chlorine free plastics and paper are available for some smart applications.

If the account holder's computer hosts [[malware]], the smart card security model may be broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the application. [[Man-in-the-browser]] malware (e.g., the Trojan [[Silentbanker]]) could modify a transaction, unnoticed by the user. Banks like [[Fortis (finance)|Fortis]] and [[Belfius]] in Belgium and [[Rabobank]] ("[[:nl:Random Reader|random reader]]") in the Netherlands combine a smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, a PIN and the transaction amount into the reader. The reader returns an 8-digit signature. This signature is manually entered into the personal computer and verified by the bank, preventing [[Point-of-sale malware|point-of-sale-malware]] from changing the transaction amount.

Smart cards have also been the targets of security attacks. These attacks range from physical invasion of the card's electronics, to non-invasive attacks that exploit weaknesses in the card's software or hardware. The usual goal is to expose private encryption keys and then read and manipulate secure data such as funds. Once an attacker develops a non-invasive attack for a particular smart card model, he or she is typically able to perform the attack on other cards of that model in seconds, often using equipment that can be disguised as a normal smart card reader.<ref>{{cite web | url=http://www.infosecwriters.com/text_resources/pdf/Known_Attacks_Against_Smartcards.pdf | title=Known Attacks Against Smartcards | publisher=Discretix Technologies Ltd | access-date=20 February 2013 | author=Bar-El, Hagai | archive-date=12 May 2013 | archive-url=https://web.archive.org/web/20130512100956/http://www.infosecwriters.com/text_resources/pdf/Known_Attacks_Against_Smartcards.pdf | url-status=live }}</ref> While manufacturers may develop new card models with additional [[information security]], it may be costly or inconvenient for users to upgrade vulnerable systems. [[Tamper-evident]] and audit features in a smart card system help manage the risks of compromised cards.

Another problem is the lack of standards for functionality and security. To address this problem, the Berlin Group launched the ERIDANE Project to propose "a new functional and security framework for smart-card based Point of Interaction (POI) equipment".<ref>{{cite web | url = http://www.berlin-group.org/related-eridane.html | archive-url = https://web.archive.org/web/20060507222917/http://www.berlin-group.org/related-eridane.html | url-status = dead | archive-date = 7 May 2006 | title = Related Initiatives | access-date = 20 December 2007 | date = 1 August 2005 | work = Home web for The Berlin Group | publisher = [[The Berlin Group]] }}</ref>