PayPal has begun making available a cryptographic token for users who wish to have an extra layer of security on their account. The card is only $5 and there are two good reasons for ordering one. First of all, this card represents and amazing piece of technology that has somehow been crammed into a container the size of a credit card and it is well worth the $5 just to own such a thing. Secondly, your PayPal account really is something that could use an extra layer of security beyond just a simple password, especially considering the ease with which a computer virus can harvest passwords. Maybe if enough people show interest in this the credit card companies will take note and finally start making use of cryptographic protocols. The current system, which relies on a never changing "secret" number (the 16-digit number printed on the card) which is only known by, well, everyone you have ever done business with, is getting a bit out of date.
The first card PayPal sent me was defective. Given the size of the device and the fact that the display uses e-paper, my first reaction was that they sent me some sort of fake card that I was somehow supposed to redeem for an actual working device. Only by noticing that the display was inset a bit from the surface of the card was I able to convince myself that this actually was the token. After a total of a couple hours navigating PayPal's terrible customer service labrinth I was able to get a working replacement (hint: you will have better results if you understand from the beginning that they don't even read your emails before choosing an automated answer).
Given the insanely small thickness of this device I was very curious to see what was inside. Not finding much info on the Internet and having a defective card in my possession, I decided to spend a couple of hours peeling off the top layer of plastic with a razor blade and to post the pictures here for those who are as curious about this device as I was. Eventually I found that the easiest way to do this was by taping the card (by the edges) to a curved ABS pipe. If you try this at home, make sure to remove the battery first. If you carefully slice the plastic near the edge of the battery that entire section of covering will peel right off.
The battery measured 0.6 volts, but as I said this card was defective. The SmartDisplayer web page lists an input voltage range of 2V to 5.5V so this battery is probably a standard 3.7V lithium cell. On the other hand, I remember reading that the card is safe to throw in the garbage so maybe it is something besides lithium.
The green circuit board says "SmartDisplay" and "SD120" and contains the card's only IC, which is a custom ASIC chip. There is no epoxy covering the chip so it will crack easily. The SmartDisplayer page mentions an RTC but this card probably either does not have or does not make use of that feature since I was able to log on to my PayPal account using a code that was several days old. Below the green board there are a few passive components that probably are used to support the charge pump for the display.
Although the PayPal card was intended to only be used online, it does in fact have an RFID coil. I don't have the equipment needed to determine whether this feature is active. There are also five contacts on the left side of the card. The passive components next to these contacts are probably for ESD protection. Many of SmartDisplayer's products have smart card interfaces, and my guess is that this is what these contacts are for. They are not really placed in the right configuration for a smart card connector, but perhaps they interface with a connector that can be part of the card's lamination. It would be wonderful if someone could figure out how to use this interface to reprogram the card! There are also a few other contact points below the green board which could possibly be used for programming.
The back was much easier to peel away but there was nothing exciting on that side, just some more circuit traces.