Can smart cards be forged, copied, or altered?

They are probably better than much of what is around now, but no doubt once they are in use, sophisticated thieves will begint rying to break them. Basically, their claims to security seem to rest on the use of multiple types of security. From their FAQ:

“Encryption. Smart cards provide a robust set of encryption capabilities including key generation, secure key storage, hashing, and digital signing. These capabilities can be used by a system to protect privacy in a number of ways. For example, a smart card system can produce a digital signature for the content in an email, providing a means to validate the email authenticity. This protects the email message from subsequently being tampered with and provides the email recipient with an assurance of where it originated. The fact that the signing key originated from a smart card adds credibility to the origin and intent of the signer.

Strong device security. Smart card technology is extremely difficult to duplicate or forge and has built-in tamper-resistance. Smart card chips include a variety of hardware and software capabilities that detect and react to tampering attempts and help counter possible attacks. For example, the chips are manufactured with features such as extra metal layers, sensors to detect thermal and UV light attacks, and additional software and hardware circuitry to thwart differential power analysis.

Secure communications. Smart cards provide a means of secure communications between the card and card readers. Similar in concept to security protocols used in many networks, this feature allows smart cards to send and receive data in a secure and private manner. This capability can be used by a system to enhance privacy by ensuring that data sent to and from the card is not intercepted or tapped into.

Biometrics. Smart cards provide mechanisms to securely store biometric templates and perform biometric matching functions. These features can be used to improve privacy in systems that utilize biometrics. For example, storing fingerprint templates on a smart card rather than in a central database can be an effective way of increasing privacy in a single sign-on system that uses fingerprint biometrics as the single sign-on credential.”

IIRC, Smartcards have been shown to be vulnerable to side channel attacks (using things like the aforementioned differential power analysis, which sounds like they’ve patched up).

However, it sounds like smartcards will be reasonably secure, probably more secure than the people carrying them. (Which tends to be the problem).