RSS Alerts

Related Links

Related Stories

  • What level of authentication is needed?
    Usability and context are often more important than the absolute effectiveness of authentication. It's why the simple password refuses to die, reports William Knight.
  • 100 000 New Zealanders hit by payment card skimming fraud
    More than 100 000 debit and credit card holders in New Zealand are reportedly having their cards replaced as a result of a potentially major fraud involving a skimming device installed at an Auckland car park.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • PCI: here to stay
    As retailers face the costs and changes involved in complying with the Payment Card Industry Data Security Standard, its worth and necessity are up for debate, with some arguing it gives a raw deal to retailers. Dan Ilett investigates
  • Verified by Visa and MasterCard SecureCode security in question
    The 3D Secure method of online card transaction protection – aka Verified by Visa and MasterCard SecureCode – may not be as secure as the banks are telling us, as a team of security researchers claim there are multiple weaknesses.

News

Australian two-factor payment card authentication technology on beta test

13 May 2009

A two-factor authentication system - complete with keypad and display - has been successfully integrated into a plastic payment card by Melbourne-based EMUE and is being trialled by MBNA in the UK

Similar trials of the combined two-factor authentication payment card technology from the Australian firm are also about to enter the beta test stages across Europe.

In Switzerland, Cornhr Bank is planning a trial, whilst in Italy, IW Bank is working on a similar test payment card system, and in Israel, Cal is also developing its own commercial trial, Infosecurity understands.

In the UK, around 500 staff with Deloitte are using their corporate Visa cards to act as a two-factor token when accessing the company's IT resources remotely.

The EMUE-developed card has a calculator-like 12-button keypad and LCD screen on the rear, where the signature and magnetic strip is located. Staff enter a PIN and are able to generate a one-time passcode which authenticates them across their VPN connection.

Visa Europe has been quietly promoting EMUE's technology - which was unveiled to the public in Australia last summer - as the "Visa PIN Card" to issuing banks.

Infosecurity notes that the EMUE card bears a passing similarity to the RSA's latest SecurID card token, which was also unveiled last summer.

The SecurID card does not feature a keypad, but returns a PIN to the display when a button on the card is pressed.

Like EMUE, RSA has been hoping to work with a payment card issuer to stage a commercial trial of its two-factor authentication card although, unlike the Australian company, RSA's card also be supplied as a two-factor authentication token in its own right.

The biggest issue with the card is cost, as whilst a typical smart payment card can be mass-produced for around 30 pence per card in volume, the EMUE card is thought to be as much as 10 times this cost on an ex-factory basis.

However, given that banks are also issuing two-factor authentication tokens to their e-banking customers, there appears to be a strong financial case for the integrated EMUE-style card, especially since the banks can market this as a premium product to their customers.

 

This article is featured in:
Identity and Access Management

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water