A Finextra member 22 July, 2013, 13:53 0 likes

Chip & Pin for online => OBePs!

why bothering with new devices while you have an already secure two factor autentication method, issued by a trusted source (your bank!) that is hard to beat?

A Finextra member 22 July, 2013, 14:03 0 likes

Gemalto (one of the top suppliers of such devices) could have extended the use of bank dongles to e-comm, but I don't think they can do that without the banks' consent - which would take years to get... (Not to mention the cost of signing up e-merchants who only recently went through 3D integration...)

Companies such as Accertify address online fraud in a much more efficient way.

A Finextra member 23 July, 2013, 11:55 0 likes

Let me try to help with a few additional contributions.

To most online merchants a difference of 0.5% is dramatic. The online world is cut-throat and comparison technology has brought margins way down. To a merchant making a slim net profit this change can make all the difference between business and no business.

Of course the benefits to the merchant go well beyond the 'rate' and include all of the reductions Chip&PIN brings to fraud processing and of course chargeback protection. A real win for the merchant from the simple addition of the Chip&PIN acceptance mark on their check-out page and redirect to HomePay.

The assumption about manual entry of details via PC is wrong. HomePay works using standard Chip&PIN from the home with a small certified device - just the same as in a physical shop or at an ATM. Just put in your card, confirm with your PIN and done, end-to-end cryptography, fully EMV / PCI-PTS compliant. The acquirer, schemes and issuer see a standard Chip&PIN transaction.

Simple for the merchant, simple & familiar to the consumer and runs over the existing global Chip&PIN infrastructure deployed by the banks and payment schemes.

EMV has embedded cryptography that HomePay extends with additional protection between the device and HomePay host. The issuer sees the EMV transaction and the card generated cryptogram - take a look at the EMVCo site for a quick tutorial and specifications.

The HomePay device can be used in the home, on the move or in small retail outlets.

Why bother? Just ask anyone subjected to online fraud or account takeover. I expect you will find the reversal of transactions only a small part of the long term pain.

Why bother? Because once I have a HomePay I can make and take transactions, top up my smart utility meter, top-up my mobile/pay-as-you-go card/accounts etc whenever I want - with the same EMV cryptographic protection.

Why bother? Because once I have a HomePay I can authenticate (1) my card and (2) myself to any remote service such as sign-on to my bank, my gaming provider (KYC regulations), central or local government services and more.

Why bother? No wallets / passwords / secret phases / places / dates / pets etc. - all I need is the same card and PIN that I use every day. Simple, safe and secure.

Last but not least - each HomePay is cryptographically authenticated before any of the above starts. See the recent ground-breaking announcement of passing Common Criteria Certification - first in its category.

Now do you want one.....?

Chris Jarman

chris.jarman@electrans.com

A Finextra member 23 July, 2013, 14:45 0 likes

I agree with you, Chris. The benefits and reasons are all there. Compelling, valid, real. Yet... https://www.finextra.com/blogs/fullblog.aspx?blogid=7955