Blog article
See all stories »

An article relating to this blog post on Finextra:

Vasco to sell card authentication readers directly to end users

Digital security outfit Vasco is to sell its two-factor authentication devices direct to the consumer via high street retailers and online markets such as eBay.


See article

Smartcard readers from your local corner store

News from Vasco yesterday that it will soon be selling smartcard readers via the local corner store has interesting implications for Internet banking security.

Such readers have been available in many Asian convenience stores for some time – they make sense in countries where online access to public services is only made available to holders of Government-issued identity cards.

Vasco already sells the readers on eBay for Belgian customers, again because Belgian citizens will soon be required to use an identity card to securely access both public and private institutions.

Vasco is expanding its strategy to include the UK, with plans for retail distribution in other markets down the line.

Whether the strategy works will be highly dependent on local market conditions. For example in Australia smart cards are only just beginning to gain traction. While the UK has already moved to Chip & PIN, Australians are only beginning to learn of the difference between a magstripe card and a chip card.

One bank that is fond of using security as a competitive differentiator is ANZ, which is currently promoting the benefits of chip in these advertisements as a selling point for its credit cards

Most Australian banks have deployed two-factor authentication for increased online banking security – in most cases via one-time password tokens or SMS. Many have avoided moving to card readers, hoping to avoid the cost of deploying the readers and instead relying on transaction monitoring and point solutions to keep fraud costs to a minimum.  

It would only take one or two major banks, or online service providers such as PayPal, to raise awareness of the benefits of smartcards to eCommerce and online banking security. There’s also the potential for electronic document signing which has strong appeal to financial institutions, particularly those without a large branch network.

Whether consumers will fork out the money required to purchase a reader will depend largely on the cost and the number of services they can gain more convenient access to as a result.

3875

Comments: (1)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 01 May, 2008, 07:49Be the first to give this comment the thumbs up 0 likes

The appearance of connected smartcard readers on the UK market is very interesting. Are they being aimed at Chip and PIN usage online? 

To date, AFAIK the only online Chip and PIN applications have used un-connected smartcard readers, to generate OTPs for Internet banking. But the connected reader is hugely more powerful, for it allows digital signatures. 

To date I reckon thinking about digital signatures has tended to be a bit wooden, being overly preoccupied with "non repudiation".  But that's not the be all and end all. A digital signature is actually more complex than a handwritten 'legal' autograph; it allows all sorts of digital attributes to be baked into online transactions -- like credit card numbers, scheme membership, account numbers, qualifications, government IDs, whatever is relevant to a transaction, even personal properties like age or nationality as might be notarised by a trusted third party.

And thanks to PKI, digital signatures plus attributes can be processed in 'open' settings (and even offline!). In contrast, OTPs and all conventional two factor authenticators only work in closed 'hub and spoke' environments. 

So, for instance, an OTP generated by a Chip and PIN card and an un-connected reader is good for accessing my Internet bank account, but it cannot be recognised by anyone else, notably web merchants. However, my smartcard in a connected reader can allow me to send a notarised (digitally signed) copy of my credit card details to any merchant, to stop CNP fraud. 

In effect, a connected smartcard reader together with PKI could help make Card Not Present transactions over the Internet look much more like Card Present. 

Cheers,

Stephen Wilson.

 

Blog group founder

Retired Member

Member since

19 Mar 2009

Location

Blog posts

6,066

Comments

6,309

This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.


See all