Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security

Group

Online Banking
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

An article relating to this blog post on Finextra:

Vasco to sell card authentication readers directly to end users

Digital security outfit Vasco is to sell its two-factor authentication devices direct to the consumer via high street retailers and online markets such as eBay.

See article

Smartcard readers from your local corner store

News from Vasco yesterday that it will soon be selling smartcard readers via the local corner store has interesting implications for Internet banking security.

Such readers have been available in many Asian convenience stores for some time – they make sense in countries where online access to public services is only made available to holders of Government-issued identity cards.

Vasco already sells the readers on eBay for Belgian customers, again because Belgian citizens will soon be required to use an identity card to securely access both public and private institutions.

Vasco is expanding its strategy to include the UK, with plans for retail distribution in other markets down the line.

Whether the strategy works will be highly dependent on local market conditions. For example in Australia smart cards are only just beginning to gain traction. While the UK has already moved to Chip & PIN, Australians are only beginning to learn of the difference between a magstripe card and a chip card.

One bank that is fond of using security as a competitive differentiator is ANZ, which is currently promoting the benefits of chip in these advertisements as a selling point for its credit cards

Most Australian banks have deployed two-factor authentication for increased online banking security – in most cases via one-time password tokens or SMS. Many have avoided moving to card readers, hoping to avoid the cost of deploying the readers and instead relying on transaction monitoring and point solutions to keep fraud costs to a minimum.  

It would only take one or two major banks, or online service providers such as PayPal, to raise awareness of the benefits of smartcards to eCommerce and online banking security. There’s also the potential for electronic document signing which has strong appeal to financial institutions, particularly those without a large branch network.

Whether consumers will fork out the money required to purchase a reader will depend largely on the cost and the number of services they can gain more convenient access to as a result.

4336

Channels

Security

Group

Online Banking
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (1)

Stephen Wilson
Stephen Wilson - Lockstep Consulting - Sydney 01 May, 2008, 07:49Be the first to give this comment the thumbs up 0 likes

The appearance of connected smartcard readers on the UK market is very interesting. Are they being aimed at Chip and PIN usage online? 

To date, AFAIK the only online Chip and PIN applications have used un-connected smartcard readers, to generate OTPs for Internet banking. But the connected reader is hugely more powerful, for it allows digital signatures. 

To date I reckon thinking about digital signatures has tended to be a bit wooden, being overly preoccupied with "non repudiation".  But that's not the be all and end all. A digital signature is actually more complex than a handwritten 'legal' autograph; it allows all sorts of digital attributes to be baked into online transactions -- like credit card numbers, scheme membership, account numbers, qualifications, government IDs, whatever is relevant to a transaction, even personal properties like age or nationality as might be notarised by a trusted third party.

And thanks to PKI, digital signatures plus attributes can be processed in 'open' settings (and even offline!). In contrast, OTPs and all conventional two factor authenticators only work in closed 'hub and spoke' environments. 

So, for instance, an OTP generated by a Chip and PIN card and an un-connected reader is good for accessing my Internet bank account, but it cannot be recognised by anyone else, notably web merchants. However, my smartcard in a connected reader can allow me to send a notarised (digitally signed) copy of my credit card details to any merchant, to stop CNP fraud. 

In effect, a connected smartcard reader together with PKI could help make Card Not Present transactions over the Internet look much more like Card Present. 

Cheers,

Stephen Wilson.

 

Report abuse
Join the discussion
Blog group founder

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

See all
Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more