27 July 2016
Find out more

Visa CodeSure gets commercial green light

02 June 2010  |  15387 views  |  4 Visa in-built OTP card

Following a string of bank pilots, Visa Europe has commercially launched its CodeSure system, which comprises a card with a display for generating one-time codes to authenticate online transactions.

The Visa card features an alpha-numeric display and a 12-button keypad built into the back of a conventional credit, debit or prepaid card. The card, developed using technology from Australia-based Emue technologies, promises a three-year battery life, overcoming a potential stumbling block to such schemes in the past.

To validate a transaction when shopping on the Web or logging in to an online banking service, the cardholder activates the authentication process by pressing the "Verified by Visa" option button on the card's keypad.

When prompted, they then enter their PIN into the keypad embedded in the card which prompts a unique one-time-passcode to appears on the display, which is then used to authenticate the transaction.

Since 2009 eight banks in countries throughout Europe, including the UK, Italy, and Germany, have piloted the system, with 86% of participants reassured about security. Most cardholders - 70% - also say they would use their cards for card-not-present transactions more often.

Sandra Alzetta, head, innovation, Visa Europe, says: "The banks and their cardholder trials have shown an appetite for innovation and the broadening of a payment card's use. This exclusive Visa solution is an extremely convenient way to bring a similar level of security to payments online as we now enjoy on the high street with chip and PIN."

Visa Europe has approved the technology for PIN generated one-time-passcodes for Verified by Visa payments at participating merchants globally, PIN-generated one-time passcode for online and telephone banking access, transaction signing for online e-banking services and access to third party services such as corporate virtual private networks.

Comments: (4)

A Finextra member
A Finextra member | 02 June, 2010, 11:52

So ...

When do we think we are going to see the Amazon trial?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
David Divitt
David Divitt - VocaLink - London | 02 June, 2010, 14:03

Visa's CodeSecure initiative is a good one that finally makes multi-factor card security realistic and convenient for customers; removing the need to carry around another device. For online merchants the use of the card to generate a OTP (one-time password) will remove the main obstacle to VbV, which is the challenge of remembering yet another infrequently-used password which, in turn, risks the retailer losing sales at the final stages of checkout.

For online banking, however, Visa CodeSecure does not eliminate the problem of more sophisticated attacks such as man-in-the-middle or man-in-the-browser where fraudsters can manipulate a legitimate online banking session to redirect funds to their own accounts. Banks must ensure they take full advantage of the technologies offered in these solutions, such as signing transactions and educating their customers as to what to expect when using the new cards online, since fraudsters can socially manipulate customers into inputting false data to allow fraudulent transactions to be placed. Banks must also ensure they have a robust fraud detection solution in place to allow customer behaviour profiling and monitoring as well as real time prevention to take full advantage of these strategies.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 03 June, 2010, 01:51

I concur with David Divitt. "Banks must ensure they take full advantage of the technologies offered in these solutions, such as signing transactions". Until now, most "signing" using CAP readers and the like has been mickey mouse.  A proper long term solution will sign the entire data payload between browser and server, and will need to use connected smartcard readers at the customer end.  These have been a long time coming, but thanks to the rise in non banking smartcards like US PIV ID cards, we're seeing more laptops feature integrated card readers (like the Dell e series).  The beauty of the connected reader is that it provides a sensationally easy to use, ATM/POS-like customer experience for online shopping and banking alike.  I appreciate there is anxiety about Man-in-the-Browser malware being able to co-opt the card, but these attacks can be mitigated by WYSIWYS tools in the chip.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ben Smyth
Ben Smyth - University of Birmingham - UK | 03 June, 2010, 09:47

``This exclusive Visa solution is an extremely convenient way to bring a similar level of security to payments online as we now enjoy on the high street with chip and PIN." -- Sandra Alzetta, Visa

Surely this technology also has the capability to eliminate the need for ``high street chip and PIN [terminals]"?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Visa invests in authentication outfit Emue

Visa invests in authentication outfit Emue

18 November 2009  |  6821 views  |  0 comments
VeriSign ships OTP generator iPhone app

VeriSign ships OTP generator iPhone app

01 April 2009  |  14048 views  |  2 comments
Four banks to trial Visa PIN code cards

Four banks to trial Visa PIN code cards

10 November 2008  |  15986 views  |  0 comments
One-time password generator squeezed onto bank card

One-time password generator squeezed onto bank card

01 May 2007  |  13375 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comVisit www.abe-eba.euFind out more

Top topics

Most viewed Most shared
satelliteContactless Bitcoin startup Plutus Tap &am...
9391 views comments | 9 tweets | 4 linkedin
MasterCard agrees £700m VocaLink acquisitionMasterCard agrees £700m VocaLink acqu...
9274 views 14 comments | 32 tweets | 38 linkedin
Apps crush internet for UK banking loginsApps crush internet for UK banking logins
7887 views comments | 18 tweets | 25 linkedin
hands typing furiouslyHow machine learning can cut costs on tran...
5968 views 0 | 9 tweets | 3 linkedin
Thomson Reuters and Imperial College form fintech and regtech research partnershipThomson Reuters and Imperial College form...
5927 views comments | 29 tweets | 16 linkedin

Featured job


Brussels (Belgium) or Paris (France)

Find your next job