Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Visa CodeSure technology tapped for online government services

As reported in October, when Infosecurity caught up with Riten Gohil, Visa's senior manager for payment authentication at the RSA Europe conference, Visa was originally looking at a rollout of the technology some time in 2012.

That timescale has now accelerated, as Visa Europe has partnered with Consult Hyperion to secure Technology Strategy Board funding on a joint research project for the secure authentication of online government services.

The current government in the UK has been talking about moving many of its government services online in a bid to cut costs, and it seems that the use of CodeSure-enabled Visa payment cards will allow the government to achieve this and also bypass the need to issue smart cards to its citizens.

The gameplan now is for Consult Hyperion and Visa Europe to be joined by Codes & Ciphers, an IT security consultancy, to complete further tests around what the government is calling its 'Sure Identity' program.

Commenting on the linkup, Andrew Tyrer of the Technology Strategy Board said that the project targets the increasing risks associated with online transactions, whilst providing significant market opportunities to build a strong UK capability base.

"The tools, techniques and services developed will accelerate the deployment of secure and trustworthy information systems, within the UK and the wider global economy", he said.

"This project in an excellent example of a business-led collaboration which will hopefully develop trusted services delivering significant improvements over today’s service offerings", he added.

David Birch, a director of Consult Hyperion, meanwhile, said that the project represents a new direction. This is, he explained, a fascinating project to be involved in.

"With the government's clear goal of using private sector identification and authentication services to make it cost-effective, simple and practical for consumers to access government services online, it is important to assess a range of new technologies", he said.

"There would be an obvious advantage in using a technology that is designed for the mass market, and this is what the proof-of-concept will explore", he added.

Sandra Alzetta, senior vice president and head of innovation at Visa Europe, said that the card firm's focus is very much on finding secure and also convenient ways for consumers to authenticate themselves online.

"This project offers the opportunity for Visa to effectively evaluate whether there is a place for bank-issued technology like Visa CodeSure to be used for accessing services such as transactions on the website of the UK government – Directgov", she said.

"This new Visa card has been specifically designed to allow consumers to authenticate themselves in many different channels in a consistent, easy and highly secure manner", she added.

Alzetta went on to say that, as well as Visa debit cards, the technology could also be used in the future with photo ID driving licences, national health cards, benefit payment cards and even some types of prepaid card that would benefit those consumers who currently cannot access financial or government services today.

As reported previously by Infosecurity, a CodeSure Visa card operates in five modes – as an interactive extension to the Verified by Visa program; as an interactive authenticator for online banking; as an authenticator for telephone banking; as an authenticator for online purchases; and as a regular payment/cash withdrawal card.

In use, the card operates as a regular Visa card but, when a cardholder not present transaction is requested, the bank generates a challenge code to the cardholder, either on the internet or over the phone, and the cardholder inputs this code into the keypad.

The card then returns a reply code, which authenticates the user as having the card in their possession, rather than simply using a cloned card or having stolen the card data.

What’s Hot on Infosecurity Magazine?