Smart Card Technology Integration Information Technology Essay

Keyword – Smart card technology; system integration; outsourcing; project management.

Introduction

The size of a smart card is like a credit card. It is made of plastic which has a computer chip embedded in it. It can be programmed for data or information storage as well as to perform specific tasks [1]. Smart cards are replacing the old- fashioned magnetic strip cards. The old cards have very limited memory and information security [2].

There are two categories of smart card: contact and contactless [1]. Omar and Djuhari [1] defined contact smart cards as “… programmed using a reader that connects to the computer chip on the card” [1]. Contactless refers to ” … smart cards [that] communicate through radio waves via a built in antenna to an external receiver which is a reader device” [1]. Contact smart cards are cheaper compared to contactless smart cards but contactless smart cards are more efficient and convenient for the user [1]. Examples of smart card technologies include RFID, MIFARE, Java etc.

Smart card technology enables secure access to its logical and physical applications [3]. It also supports security, authentication and multi-application capabilities for a variety of industries such as banking, telecommunications, transportations and public sectors [3].

There are many applications using the smart card technology. Examples include proximity access, network OS logins, VPN logins, biometrics, e-purse, health records, holding encryption keys, electronic signing, and inventory management [4]. In the banking industry, smart card is known as Payment Multi-Purpose Card or Bankcards and chip-based Credit Card or EMV Card [7]. Smart card technology can be used for toll, fuel, theme park entrance and car park payment [8, 9]. In Malaysia’s public sector, MyKad is a notable example of smart card technology application. MyKad or Government Multipurpose Card (GMPC) is the official compulsory identity card for Malaysians. It is regarded as the world’s first smart identity card [5]. By the year 2009, MyKad has nine government applications embedded in it: identification card for Malaysian, international passport, health information, driving licence, Automatic Teller Machine (ATM), public key infrastructure, e-cash, transit card and frequent travellers card [5]. From May 2003 onward, a variant issuable to newborn babies was introduced, known as MyKid [6].

The education sector has seen the application and integration of smart card technology with information systems since early year 2000. In Malaysia, several local schools took commendable initiatives and demonstrated the successful implementation in the smart card technology application. Sekolah Menengah Jenis Kebangsaan (SMJK) in Malaysia, a Chinese school successfully implemented the smart card technology within the school communities in year 2003 [11]. The school councils and administration took the step forward to break the tradition in becoming the first school that integrated the attendance system with RFID smart card technologies. They also assumed the project manager’s role. The project was sponsored by Hua Education Fund with an amount of RM100,000. The project was awarded to Perridot System as the consultant. SMJK Sin Min Kedah used smart card technology to enable students’ purchases. SMJK Dindings in Perak used RFID technology that was integrated with the School Management System in managing performance records and data of students and staff in real time [11]. Abroad, Chinese University of Hong Kong (CUHK) successfully implemented the smart card technology in early year 2000. CUHK was the project manager. The project was funded by Hang Seng Bank [10] and Advanced Card Systems (ACS) was the card supplier [12]. The smart card technology was used to integrate with banking application. Within one year of project commencement, CUHK fully implemented all the integration of smart card technology with application systems that managed registration, fees, library, swimming, e-wallet, air conditioning/laundry tokens, photocopying, class attendance, and building access and ticketing. Given several success stories in the education sector, this article attempts to provide insights into a challenged smart card technology integration project in a local education setting. Hence, the aim of this paper is to answer the following research question: What are the challenges of smart card technology integration with legacy systems in a local higher education institution?

There are five sections in this paper. This section has introduced the research. Section two is literature review. Section three discusses the research design. The fourth section is the background of the case study. Section five documents the findings. The last section presents the conclusion of the article.

We apply the Project Management Body of Knowledge (PMBoK) as a basis for the identification of the set of project management challenges (see Figure 1).

Figure 1. PMBoK Framework [10]

Literature review

PMBoK [10] provides a set of guidelines to manage requirements, scope, cost, quality, time, communication, procurement, human resource and risk in information technology and system integration projects. PMBoK (see Figure 1) acknowledges the importance of giving due attention to stakeholders i.e. project sponsor, project manager whose focus span from budget approval to managing day-to-day project activities respectively in ensuring the project meets its objectives within its cost, scope, time and quality [10].

A study by Standish Group found that only 28 percent of IT projects were completed on time, on budget and meeting requirements [19]. Project scoping has been identified as a major contributing factor to project failure [16]. Woolridge et al. [16] define project scope as a project commencement activity; during which the project’s margin, problem area, software elements expected to be delivered, project’s value, quality metrics and resources need to be defined [16]. Effective scope management of a project also ensures the successful management of other key project management areas, including time, cost, and quality [18]. It also promotes positive effect on other project management areas too includes procurement management, contracts management, risk management, and human resource management [18]. A project with­out a clearly bounded scope is prone to scope creep, a steady increase of the system’s scope until it becomes a jack of all trades and master of none [17]. Scope creep is a term used to describe unauthorized scope changes [18]. Unclear scope and requirements had contributed to the project abandoned [19]. For example, in Regional Information Systems Plan (RISP) by Wessex Regional Health Authority (WRHA) case, the scope of the project was not well-defined which had lead to the project abandoned after ¿¡43 million had been spent [19]. Moreover, two IT project which are CONFIRM and VCF have been scrapped because the functional requirements were not clearly documented to provide a common frame of understanding between the users and the developers [19]. CONFIRM was developed by a consortium known as AMR Information System (AMRIS) in conjunction with Marriott International, Hilton Hotels and Budget Rent-A-Car to develop a state-of-the-art travel reservation system. After US$125 million and four years of development, CONFIRM was scrapped and the consortium disbanded [19]. In 2001, Federal Investigation Bureau (FBI) appointed Science Applications International Corp (SAIC) to develop the Virtual Case File (VCF) [19]. Virtual Case File (VCF) was an IT project which was supposed to automate the FBI’s paper-based work environment which allows agents to exchange intelligence information and replace the obsolete Automated Case Support system [19]. SAIC delivered the VCF to the FBI in December 2003, but FBI declared it unacceptable due to several functional deficiencies [19]. The US$170 million project was scrapped but a portion of the code was salvaged and turned into an electronic workflow system called the Initial Operating Capability (IOC) [19].

Group communication is an important aspect of system integration projects [20, 22, 23]. The lack of successful group communication has resulted in many information systems project failures [20]. Groups are encouraged to use various communication medium including telephone, email, and face-to-face communication [20]. Roberts et al. [20] stated that in such projects, group communication needs to be well-managed and that a project’s success is related to effective communication [20]. They defined communication as “the medium through which groups are both created and sustained and through which factors exert their influence” [20]. As they suggested, customers may lack comprehension regarding their role in the development. Roberts et al. [20] believed that the level of group communication conflict will vary depending on the complexity of the group project. Further, according to Myers [21], developers must help customers be aware of the complexity of software development process and the success of uncertain activities can only be achieved through close cooperation. It has also been suggested that the more people involved representing different areas of expertise, the harder it becomes to communicate effectively [22]. It has also been emphasized that an increased level of communication among team members is key to better team performance [23]. Sharing knowledge across projects development process can help ensure successful outcomes [29]. Knowledge sharing is achieved through utilization of documented knowledge available through the network [29]. Numerous vendors have created software as the knowledge-sharing tools and organizations need to search out software to meet their knowledge-sharing needs [29]. Examples of knowledge sharing tools available in the market are Collaboration systems: WebEx, Content repositories: Microsoft SharePoint, Investment and portfolio management systems: Primavera project portfolio management, Project management systems: Microsoft project or or Primavera, Risk assessment: Palisade Corp., or Relational Security Corp. and Templates: Method123 [29].

Measuring software quality is one key in developing high-quality software. The IEEE Standard 1061-1998 defines quality requirement as “satisfy[ing] a contract, standard, specification, or other formally imposed document” [24]. According to ISO 8402, quality is “the totality of characteristics of an entity that bear on its ability to satisfy stated and implied needs” [25]. Furthermore, ISO/IEC 9126 quality model comprises six software quality characteristics i.e. functionality, reliability, usability, efficiency, maintainability and portability [25]. The lack of software quality has significant costs both to suppliers and to buyers who receive faulty systems that fail to meet their mission goals [24]. Engineers equipped with the knowledge to measure quality can apply it to improve software quality throughout the development life cycle [24]. However, users’ perceptions about product quality may vary across user types [25]. For example, end users typically value usability more than developers do. Moreover, cultural differences might exist in recognizing and making judgments on certain software quality [25]. There are also software quality estimation model which allows software development team to track and record any software defects during software development duration. However, problems arise when defects are not recorded accordingly from the very beginning of the development process which caused hard to achieve the expected quality software [26]. In October 1992, the London Ambulance Service (LAS) implemented a computer-assisted dispatch system (LASCAD) to replace its manual dispatch systems to improve its emergency response times which had cost of ¿¡1.1 million [19]. Nine days after LASCAD has been launched, many serious problems occurred which forced to stop LASCAD reinstated the original manual system [19]. It was awful to note that Systems Options, the developer of LASCAD had no previous experience of building such a dispatch system [19]. Throughout LASCAD development, the emergency backup system was untested [19]. Users were neither properly nor consistently trained [19]. Even after the LASCAD had been implemented, users were unfamiliar with the system and committed mistakes that ultimately led to its crash [19].

Project accountability is essential toward achieving success. Accountability often lies at the root of the problems and is an important part of the solutions [28]. Sohail [27] stated, “accountability works by formalizing expectations of action or behavior, creating sanctions for failure, enabling trust, and providing the motivation and incentives to use resources efficiently and effectively”. Accountability has proved to be a powerful concept to support the change in global organizations [28]. The extensiveness of the issue provides a wide platform on which different support groups can come together [28]. For example, a corporate accountability agenda can bring together groups working on sustainability reporting, social and environmental impact analysis, corporate governance, development issues and human rights concerns [28]. Parent and Reich [30] proved that IT Governance must be actively embraced by the Board if the organization is to be responsible to its stakeholders [30].

Research design

We used a single case-study approach to be in line with the contemporary nature of a challenged project [15]. We conducted semi-structured interviews with a representative from the outsourcer and a representative from the internal Information Technology Division of the university. The interviews were held in July and August 2009. There were five interview sessions i.e. twice with the outsourcer and thrice with the representative of the Information Technology Division. The interviews were taped and subsequently transcribed for our analysis.

Background of case study

A local university was chosen as the context of study. There are approximately 20,000 students and 1,600 staff in the university. The main sponsor for the project was Bank X. The bank appointed the university’s cooperative as the project manager. The objectives of the smart card technology were to:

Make the operational systems in the university more efficient.

Ensure security measures in the university.

The baseline of the project suggested that the smart card technology should integrate with the following university’s legacy systems:

Student Management System – The smart card technology should integrate with the Student Management System that manages students’ profile.

Library Card System – The smart card technology should integrate with the existing library system so that students will be able to access all library facilities.

Attendance System – The smart card technology should integrate with students’ attendance system as a mechanism for lecturers to note possibilities in truancy and absenteeism.

Financial Application – The smart card technology should enable students to reload value from their bank accounts, keep track of transactions using a report generator and make payments such as tuition fees or library fines.

Students’ Status Checking – The smart card technology should enable the storage of students’ status e.g. current active students, graduated students, suspended students etc.

Access Control System – The smart card technology should enable verification of holders’ access into a restricted area. The technology should check for holder’s access into the university’s parking space. It can block unauthorized entry into the restricted parking space, thus minimizing parking woes for lecturers within the university campus.

The smart card technology to be implemented was a hybrid card consisting of two chips: Contact and Contactless card.

Contactless Card – Encodes students’ information, used for university’s applications and debit card transactions.

Contact Card – Used for BankCard transactions, e-Purse transaction e.g. cash

There were three phases of the project. The first phase began in April 2007 with the supply of the smart card to all staffs and students. The outsourcer was to install the attendance system readers in all classes, labs and lecture theatres. By then, however, the majority of modules in application systems listed above were not fully implemented. Only three of them were in use. The smart card had limited functionalities i.e. as entry pass into the library and ATM card for Bank X.

The university issued an instruction to lecturers and students for the compulsory use of smart card as a monitoring mechanism of students’ attendance with effect from 21 April 2007. However, by the end of year 2008, the university management decided to cease the use of the smart card for attendance monitoring pending further investigation.

Findings

Based on PMBOK, our analysis of interview transcripts reveals the following:

Analysis of project scope

The analysis suggested that at the onset of the project, the project scope was not well-identified and therefore ill-defined. Because certain modules in application systems were not functional at the time of project commencement, these could have affected the integration of the smart card technology with the entire application systems listed above. Furthermore, the clarity of the project scope for outsourcer and project manager was lacking. The outsourcer may have expected smaller scope than that of the owner.

The outsourcer noted:

“There are three phases in the smart card implementation. We’ve completed the first phase. In this phase, we need to supply the cards to all the lecturers and students and install the readers in all places that they listed. We should’ve started the second phase a few months ago.”

The outsourcer added:

“We only handled the attendance system. Other applications listed are not our responsibility.”

The findings suggest that the lack of scope definition at the early stage of the project in line with Woolridge [16] which contributed to more issues that the originally expected in the project. The worst cases due to the unclear scope and requirements had contributed to the project abandoned. This issue also has been proved by Chua [19].

Analysis of project communications

The study suggests that the university management was not aware of the project status. The documented information shared availability is questioned. The internal respondent commented:

“May be, the outsourcer had the system tested for a few months. But, the university management understood that the system was ready for use…”

The findings suggest that the lack of project communication management may contribute to the project failure and misunderstanding among the stakeholders. This is in line with Roberts et al. [20] which said effective communication in a group project is related to the project successful. Moreover, the findings also suggest that all matters regarding the project especially communication must be well documented to avoid false judgments. This is what knowledge sharing all about as been said by Peter et al. [29]. Sharing knowledge across projects development process can help ensure successful outcomes and it is achieved through utilization of documented knowledge available through the network.

Analysis of software quality

The analysis reveals that there could have been a lack of attention to software quality in terms of carrying out tests among a number of users i.e. staffs and students. The expectation of the software quality was not available at the onset of the project and not communicated. The internal respondent noted:

“Before the enforcement, there should be a testing period; may be one to two months to make sure that the system was ready for use and take away the curiosity.”

The finding shows that the lack of analysis of software quality of the project is in line with Chua [19] which contributed crash of the project. Analysis of software quality is an activity of software testing and user’s training [19].

Analysis of project accountability

The study suggests that the project manager should be appointed from within the university management rather than an external party. An external party might not be well-versed with Senate rules regarding students’ academic affairs and staffs’ responsibility in monitoring them. The internal respondent noted:

“In my opinion, the project manager for this should be Division B. I don’t know why they put the cooperative as a project manager for this project.”

The finding of project accountability shows is in line with Parent and Reich [30] which said that IT Governance must be actively embraced by the Board if the organization is to be responsible to its stakeholders [30].

CONCLUSION

While the application of smart card technology in many industries locally and abroad is common nowadays, there may not be as many challenged projects reported. We began with the research question: What are the challenges of smart card technology integration with legacy systems in a local higher education institution?

In this paper, we reported a challenged implementation of smart card technology in a higher education institution. We used the PMBOK as a framework to guide the discussions. Our study suggests that issues in smart card technology integration with legacy systems may be attributable to ill-defined project scope and project accountability as well as the lack of quality communications and adherence to clearly specified and well-understood software quality practices. This supports in the earlier reports in Woolridge et. al [16], Buschmann [17], Khan [18], Chua [19], Roberts et. al [20], Myers [21], Gilbert [22], Volvdoska et. al [23], Schneidewind [24], Jung et. al [25], Seliya et. al [26], Sohail et. al [27] and Lloyd [28].