An article relating to this blog post on Finextra:
Cryptocard launches combined 2FA and payment card
Canadian security company Cryptocard is to launch a combined payment card and one-time-password generator to secure online banking log-in and protect against card-not-present fraud.
The real issue in the new crop of hybrid cards that combine Chip & PIN with One Time Password generators is whether they represent a long term strategic advance, or are more about shorter term convenience. Convenience is important, but we need to have a
long term plan. Do the hybrids do anything more than do away with a key fob, by integrating OTP with the plastic card? I guess if you have two credit cards and two OTPs, it's good to dispense with the fobs, so it's clear to the customer which OTP goes with
which account. But does the display and keypad impact the robustness of the card?
[BTW does the OTP in these hybrids leverage the crypto in the EMV chip, ala CAP, or do they simply use an independent circuit to generate the passcode?]
All OTP authentication -- whether it's by key fob or hybrid card -- has to be processed via an additional server. This delays end-to-end payment validation, and adds to the overall system complexity and cost. It's also more difficult to scale to multiple
merchants because the authentication is fundamentally centralised. I worry that these centralised authentication services aren't so robust, scalable and cost efficient in the long term.