New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
 
2008 Best Deployment Scenario

 Credit Card Embedded Authentication Device

 

Current Scenario: The 12-button Credit Card Embedded Authentication Device was developed by eMue Technologies and Innovative Card Technologies as a secure and user-friendly remedy for the persistent problem of electronic bank fraud. In order to guard against the $4 billion financial institutions lose annually to fraud, governments and banks worldwide are now requiring strong authentication for online banking and securities trading. The most common authentication measures used by banks are OTP keyfob tokens and software programs. The keyfobs are bulky and most often do not provide the reciprocal authentication. Software programs have been proven vulnerable to hacking and are tied to a specific computer.

ORDER REPRINTS
 
Info Security Products Guide
 
this article
 
COMPARE and print reports
 
RATE products






Tomorrow's Technology Today - Tokens


Tomorrow's Technology Today: The Credit Card Embedded Authentication Device has an embedded alphanumeric, electrophoretic display, a 12-button keypad with buzzers, circuitry, and an algorithm-storing chip. These electronics have been squeezed into the space used by a standard payment card.  It protects against electronic fraud and ID theft (especially in online banking and securities trading) by generating a one-time passcode completely unique to the device, and dependent on the user's correct entry of a secret PIN code.  With the entry of a PIN code, an embedded algorithm (the seed is unique to each card and is tracked by the backend server) generates the resulting OTP – thus achieving reciprocal authentication. The firmware inside the card is currently configured to generate different OTPs respectively for email, web, and phone applications. The menu is scrollable with the ‘mode’ button.  Thus, an OTP generated for one mode is not transferable to other modes.

A user logging into their account via electronic interface or by supplying an OTP to a bank associate via phone would not only need to physically possess the card in order to generate the correct OTP, but would also have to know the secret PIN code.  This protects against both theft of electronic information (static userID and PIN alone cannot access the account) and physical theft of the card (useless without the correct PIN). In these scenarios, the OTP is entered into the interface by the user or phone operator and is validated instantly by a backend server. Lastly, the magnetic stripe can also be coded to permit physical access via a swipe lock, such as at an ATM terminal inside the lobby of a bank after hours.

All of the previous security functions are combined in a card is that is compliant with ISO size specifications.  Thus, via magnetic stripe, the card can facilitate full payment card capabilities. To the user, the card is taking up the wallet space of a regular credit or debit card, but is also providing strong authentication for electronic and phone access to their accounts. For the financial institution, this is a security device that can be distributed through existing infrastructures (card mailing and processing equipment), and fulfillment costs are combined with that of their regular payment card distribution. The device may also help allay consumer fraud fears and drive more customers to online banking, which is the least expensive method of account management for banks.

The technology being usurped here is that of the OTP keyfob token. This bulky form factor is a hassle for users to carry and keep track of, and is separate from the other bank-issued device they carry – their payment card. From the issuer’s perspective, managing an alien form factor that users are not pleased with presents financial and logistical challenges in addition to the possibility that customers will either not use the device or switch banks to a system that is less cumbersome. While OTP technology is intuitive and secure, keyfobs do not deliver it in a convenient form factor.  All of these concerns are alleviated with the Credit Card Embedded Authentication Device.

Since January 1, 2005, eMue Technologies and Innovative Card Technologies have produced consistently functional prototype cards in increasingly large batches. Production hurdles are being surmounted rapidly. We are not aware of any other company able to manufacture a similar product, and we are working to commercialize this product very quickly.  The firmware inside the card, as well as the manufacturing methods and design are proprietary, and patents are pending.

Conclusion: End-users gain strong reciprocal authentication for online banking and account management in a payment card device that they have on hand at all times.  This will allay fears of online banking fraud and will result in a reduction in funds lost to fraud by both consumers and financial institutions.


Innovative Card Technologies
10080 Wilshire Blvd, Suite 950
Los Angeles, CA 90024  USA
Tel: +1 310 312-0700

eMue Technologies
180 Lonsdale St, Level 15
Melbourne 3000  AUSTRALIA
Tel: +61 3 9018-7213