For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
Secure Electrans are on a mission to combat
e-comm fraud. The concept is simple - give consumers a free PIN pad for home use, so that every e-comm transaction can be done with the same level of security as in a physical store, and participating merchants can benefit from "a dramatically reduced
The difference between "cardholder not present" and "chip & PIN" rates is less than 0.5%, so I wouldn't call that "dramatic". Also, I am surprised that card
schemes would class transactions where card details are entered manually - via a conventional PC - as "chip & PIN"... If card details are sent from HomePay securely over the Internet (some pictures do show HomePay with USB connector), why cannot the same -
low-cost, I guess - device be used in physical stores?
Also, why would consumers bother with HomePay? If there is a fraud, I can simply call my bank, tell them so and get a full refund. If merchants have to offer a discount or other incentive to make consumers use HomePay, doesn't that defeat the object of cost
Last but not least, if I were a fraudster, what would stop me from sending out thousands of similar (but bugged) terminals to consumers to collect their card and PIN details?..
Chip & Pin for online => OBePs!
why bothering with new devices while you have an already secure two factor autentication method, issued by a trusted source (your bank!) that is hard to beat?
Gemalto (one of the top suppliers of such devices) could have extended the use of bank dongles to e-comm, but I don't think they can do that without the banks' consent - which would take years to get... (Not to mention the cost of signing up e-merchants
who only recently went through 3D integration...)
Companies such as Accertify address online fraud in a much more efficient way.
Let me try to help with a few additional contributions.
To most online merchants a difference of 0.5% is dramatic. The online world is cut-throat and comparison technology has brought margins way down. To a merchant making a slim net profit this change can make all the difference between business and no business.
Of course the benefits to the merchant go well beyond the 'rate' and include all of the reductions Chip&PIN brings to fraud processing and of course chargeback protection. A real win for the merchant from the simple addition of the Chip&PIN acceptance mark
on their check-out page and redirect to HomePay.
The assumption about manual entry of details via PC is wrong. HomePay works using standard Chip&PIN from the home with a small certified device - just the same as in a physical shop or at an ATM. Just put in your card, confirm with your PIN and done, end-to-end
cryptography, fully EMV / PCI-PTS compliant. The acquirer, schemes and issuer see a standard Chip&PIN transaction.
Simple for the merchant, simple & familiar to the consumer and runs over the existing global Chip&PIN infrastructure deployed by the banks and payment schemes.
EMV has embedded cryptography that HomePay extends with additional protection between the device and HomePay host. The issuer sees the EMV transaction and the card generated cryptogram - take a look at the EMVCo site for a quick tutorial and specifications.
The HomePay device can be used in the home, on the move or in small retail outlets.
Why bother? Just ask anyone subjected to online fraud or account takeover. I expect you will find the reversal of transactions only a small part of the long term pain.
Why bother? Because once I have a HomePay I can make and take transactions, top up my smart utility meter, top-up my mobile/pay-as-you-go card/accounts etc whenever I want - with the same EMV cryptographic protection.
Why bother? Because once I have a HomePay I can authenticate (1) my card and (2) myself to any remote service such as sign-on to my bank, my gaming provider (KYC regulations), central or local government services and more.
Why bother? No wallets / passwords / secret phases / places / dates / pets etc. - all I need is the same card and PIN that I use every day. Simple, safe and secure.
Last but not least - each HomePay is cryptographically authenticated before any of the above starts. See the recent ground-breaking announcement of passing Common Criteria Certification - first in its category.
Now do you want one.....?
I agree with you, Chris. The benefits and reasons are all there. Compelling, valid, real. Yet... http://www.finextra.com/Community/FullBlog.aspx?blogid=7955
19 Mar 2009
This post is from a series of posts in the group:
A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.