Join the Community

23,359

Expert opinions

42,495

Total members

346

New members (last 30 days)

192

New opinions (last 30 days)

29,101

Total comments

Join Sign in

Technology can solve this issue for the benefit of consumers

24 February 2009 Be the first to comment

Retired member

A relevant solution to solve this issue is to add an extra layer of security avoiding the capability to "repay" with the same data (card details - static information).

Would you accept a system where, by simply collecting your physical address (for ex. with YellowPages), someone is able to enter your home. This is quite the same by authorising a transaction based only on valid "card details" (identification information). A key to lock this system is missing!

In Europe, a one-time password solution using the chip of the already deployed banking cards, is gaining strong momentum. It replaces static-based methods (low security login-password for accessing online banking services; 'plastic' card details only to pay). This solution, named 'Home Chip and PIN' in the UK is also largely deployed in Scandinavia, Benelux, Switzerland, Eastern Europe and is beginning to roll-out in France and Italy (named 'Vericode').

By requesting a chip card-based strong authentication to allow a transaction (for example in the 3D-Secure architecture / Verified by Visa / MasterCard SecureCode), any stolen database information will become unuseful without a fresh One-Time signature and so, future heartland-like breaches will not force issuer to re-issue cards.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

3781

Report

Channels

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Join group

206 opinions 63 members 18 February 2025

Comments: (1)

A Finextra member

02 March 2009

"any stolen database information will become unuseful without a fresh One-Time signature and so, future heartland-like breaches will not force issuer to re-issue cards."

Not quite.

A fraudster posing as a man-in-the-middle can pretend to be an online merchant, get your card number, exp date, cvv, pop-up the verified by visa stub, get your verified by visa password and even the OTP (if you're using an OTP) AND replay all these with a legitimate merchant.

Authentication of the online merchant or online bank (actually the commercial site) must also be done in order to ensure that the consumer is giving his card data (and OTP) to a legitimate commercial site.

Report

More expert opinions

Steve Wilcockson Technical Product Marketing at Quantexa