webinars



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

25 October 2007

Card issuer to adopt graphical Pin randomiser

SA Mathieson

GrIDsure, a British start-up providing a method to strengthen personal identification numbers, expects to announce that a major card issuer is introducing its system by the end of this year.

The card issuer is at an advanced stage of testing and implementing the system, which displays random single digits on a one-time use five-by-five grid. Rather than memorising a personal identification number (Pin), users have to remember a sequence of squares: obvious choices, such as the four corners, can be rejected. When authorising a transaction, the user types in the numbers found in their chosen squares.

The grid of random numbers can be displayed on devices including cash machines, mobile telephones and Chip and Pin card-readers: GrIDsure already counts French firm Ingenico, which makes such readers, among its customers.

Founder Jonathan Craymer says the system avoids use of biographical data, such as mother’s maiden name, or biometrics, making it “completely aseptic”. “Chip and Pin has severe flaws,” he adds, but as his company’s system could use the existing hardware to provide much improved security, “we’re talking about saving it”.

Craymer says the system makes shoulder-surfing much more difficult, as numbers are typed into a keypad, and it is tricky to watch both fingers and the screen. Even if the watcher does record both the numbers typed and on the grid, each 0 to 9 digit appears on average 2.5 times on each 25-digit grid, so a large number of square-sequences would still be possible.

The Cambridgeshire-based firm, which opened for business in late 2005 but launched publicly on 4 October, plans to licence its concept non-exclusively. Early customers include Canadian outsourcing firm CGI, which has supplied South Lakeland district council in Cumbria with the system, Indian services group Tata Consulting and US identity vendor ActivIdentity.

PCI payment card body adds PIN entry device testing to portfolio (14 September 2007)

HSBC develops new security authentication system (6 September 2007)

News index



 

 
Search this Site:
Google Custom Search



Click here...