Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Cryptocard launches combined 2FA and payment card

Canadian security company Cryptocard is to launch a combined payment card and one-time-password generator to secure online banking log-in and protect against card-not-present fraud.

See article

Hybrid cards perhaps less than the sum of their parts

The real issue in the new crop of hybrid cards that combine Chip & PIN with One Time Password generators is whether they represent a long term strategic advance, or are more about shorter term convenience.  Convenience is important, but we need to have a long term plan.  Do the hybrids do anything more than do away with a key fob, by integrating OTP with the plastic card? I guess if you have two credit cards and two OTPs, it's good to dispense with the fobs, so it's clear to the customer which OTP goes with which account.  But does the display and keypad impact the robustness of the card?

[BTW does the OTP in these hybrids leverage the crypto in the EMV chip, ala CAP, or do they simply use an independent circuit to generate the passcode?]

All OTP authentication -- whether it's by key fob or hybrid card -- has to be processed via an additional server.  This delays end-to-end payment validation, and adds to the overall system complexity and cost.  It's also more difficult to scale to multiple merchants because the authentication is fundamentally centralised.  I worry that these centralised authentication services aren't so robust, scalable and cost efficient in the long term.


Stephen Wilson, Lockstep.



Comments: (0)

Now hiring