Blog article
See all stories »

Chip-n-PIN online - is there a business case for it...

Secure Electrans are on a mission to combat e-comm fraud. The concept is simple - give consumers a free PIN pad for home use, so that every e-comm transaction can be done with the same level of security as in a physical store, and participating merchants can benefit from "a dramatically reduced fee."

The difference between "cardholder not present" and "chip & PIN" rates is less than 0.5%, so I wouldn't call that "dramatic". Also, I am surprised that card schemes would class transactions where card details are entered manually - via a conventional PC - as "chip & PIN"... If card details are sent from HomePay securely over the Internet (some pictures do show HomePay with USB connector), why cannot the same - low-cost, I guess - device be used in physical stores?

Also, why would consumers bother with HomePay? If there is a fraud, I can simply call my bank, tell them so and get a full refund. If merchants have to offer a discount or other incentive to make consumers use HomePay, doesn't that defeat the object of cost reduction?

Last but not least, if I were a fraudster, what would stop me from sending out thousands of similar (but bugged) terminals to consumers to collect their card and PIN details?..



Comments: (4)

A Finextra member
A Finextra member 22 July, 2013, 13:53Be the first to give this comment the thumbs up 0 likes

Chip & Pin for online => OBePs!


why bothering with new devices while you have an already secure two factor autentication method, issued by a trusted source (your bank!) that is hard to beat?

A Finextra member
A Finextra member 22 July, 2013, 14:03Be the first to give this comment the thumbs up 0 likes

Gemalto (one of the top suppliers of such devices) could have extended the use of bank dongles to e-comm, but I don't think they can do that without the banks' consent - which would take years to get... (Not to mention the cost of signing up e-merchants who only recently went through 3D integration...)

Companies such as Accertify address online fraud in a much more efficient way.

A Finextra member
A Finextra member 23 July, 2013, 11:55Be the first to give this comment the thumbs up 0 likes

Let me try to help with a few additional contributions.

To most online merchants a difference of 0.5% is dramatic. The online world is cut-throat and comparison technology has brought margins way down. To a merchant making a slim net profit this change can make all the difference between business and no business.

Of course the benefits to the merchant go well beyond the 'rate' and include all of the reductions Chip&PIN brings to fraud processing and of course chargeback protection. A real win for the merchant from the simple addition of the Chip&PIN acceptance mark on their check-out page and redirect to HomePay.

The assumption about manual entry of details via PC is wrong. HomePay works using standard Chip&PIN from the home with a small certified device - just the same as in a physical shop or at an ATM. Just put in your card, confirm with your PIN and done, end-to-end cryptography, fully EMV / PCI-PTS compliant. The acquirer, schemes and issuer see a standard Chip&PIN transaction.

Simple for the merchant, simple & familiar to the consumer and runs over the existing global Chip&PIN infrastructure deployed by the banks and payment schemes.

EMV has embedded cryptography that HomePay extends with additional protection between the device and HomePay host. The issuer sees the EMV transaction and the card generated cryptogram - take a look at the EMVCo site for a quick tutorial and specifications.

The HomePay device can be used in the home, on the move or in small retail outlets.

Why bother? Just ask anyone subjected to online fraud or account takeover. I expect you will find the reversal of transactions only a small part of the long term pain.

Why bother? Because once I have a HomePay I can make and take transactions, top up my smart utility meter, top-up my mobile/pay-as-you-go card/accounts etc whenever I want - with the same EMV cryptographic protection.

Why bother? Because once I have a HomePay I can authenticate (1) my card and (2) myself to any remote service such as sign-on to my bank, my gaming provider (KYC regulations), central or local government services and more.

Why bother? No wallets / passwords / secret phases / places / dates / pets etc. - all I need is the same card and PIN that I use every day. Simple, safe and secure.

Last but not least - each HomePay is cryptographically authenticated before any of the above starts. See the recent ground-breaking announcement of passing Common Criteria Certification - first in its category.

Now do you want one.....?

Chris Jarman

A Finextra member
A Finextra member 23 July, 2013, 14:45Be the first to give this comment the thumbs up 0 likes

I agree with you, Chris. The benefits and reasons are all there. Compelling, valid, real. Yet...

Member since




More from member

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all

Now hiring