Secure application modules


A secure application module (SAM) is an additional chip or module that provides a higher level of security for smart-card applications.

All smart-cards have security features. They use various forms of cryptography to protect the system from unauthorized access to the system and unauthorized transactions. The SAM provides a higher level of security by managing the security keys for all data exchange and transactions.

In essence, the SAM sits between the client-side card reader / terminal and the smart-card, and ensures that all transactions between card and reader are secure. A SAM may also be required between devices on the client side – e.g. between the smart-card reader and the ticket-issuing machine, when both devices participate in the transaction.

The SAM is a microprocessor, or a series of microprocessors on a circuit board. In the public transport sector, the SAM is usually integrated into the relevant devices (smart-card encoders, smart-card readers, ticket-issuing machines, self-service machines). 

For new machines, the SAM is integrated from the design stage. For existing machines, the SAM needs to be retrofitted. This can present some challenges, both in terms of the electronics and of the limited volume within the device.

In other application domains (e.g. merchant terminals), the SAM may be in the form of a SIM card that is inserted into the terminal (just like a mobile phone). When the SAM is not in place, the secured transactions cannot proceed.

The requirements for additional security relates to the risk of fraudulent attack, which in turn relates to the potential value to criminals or hackers. As smart-cards are already quite secure, it would require a sophisticated and well-resourced effort to both successfully attack the smart-card system and to profit from it. 

In the public transport domain, the majority of travel applications and fare products are assigned to the individual, require an extensive distribution network, or are of low value. More importantly, they are not ‘cash equivalent’. Two main exceptions arise, and these are the primary motivations to implement SAM within the smart-card systems of passenger transport:

  • Where electronic money is used, SAMs are essential. The stored value is actual money. It is of very high interest to criminals due to its value and potential mechanisms to convert that value.  Electronic money schemes such as EMV require SAMs in all smart-card reading devices and other devices in the transaction chain.
  • Where transportation stored value is used on a large scale. This is particularly relevant to major urban integrated ticketing where stored value is a significant means of fare payment. In these multi-operator schemes, the annual turnover can be several hundred millions of Dollars, and hence they are of high interest to criminals. As operators are reimbursed based on the recorded transactions, there is also an incentive for insider fraud.

Benefits of secure application modules are:

  • Provides a very high level of security.
  • Electronic money schemes cannot be safely operated without them.
  • Supports EMV cards, which in turn makes payment for passenger transport available to new and irregular customers.
  • Mature technology, well supported by standards.

Cautions with regard to secure application modules are:

  • High technical complexity, which requires a very substantial level of technical competence within the organization.
  • Significant additional development and deployment cost.
  • There may be significant technical challenges in cases where retrofitting of existing card readers and ticket-issuing machines is required.
  • Standards are set outside of the passenger transport sector. The technical requirements may be in excess of what is needed for transport.
  • Some transit agencies have concerns about a significant level of control passing to third parties. 
You are here Technologies Smart-card transactions Secure application modules