One-time password generator squeezed onto bank card
01 May 2007 | 14156 views | 0
Digital security firm VeriSign is expected to announce a deal today with InCard Technologies to create bank cards that incorporate its password system, according to an AP report.
One-time password generators have traditionally been provided as a separate hardware device, such as a key chain device or token, to give customers better security through two-factor authentication.
InCard Technologies has developed a product it calls ICT DisplayCard. It features a screen on the front of the card, which is powered by an integrated battery, circuit, and switch. This screen displays a one-time password to verify the presence of the card during online transactions or data systems login. This means that the customer is logging on with both something they physically have (the password generator) and something they know (their password) - hence two factor authentication. This increases security if a PIN is compromised or the password generator/card is lost.
Earlier this month Innovative Card Technologies announced that Meritz Securities of Korea is the first financial institution to pilot the product, and is using the ICT DisplayCard to authenticate online trading and ATM transactions. The company has also recently signed a reseller agreement with US digital authentication company ActivIdentity.
A deal with VeriSign would greatly expand the card company's distribution. VeriSign already has agreements with eBay, PayPal Yahoo and Charles Schwab to issue password-generating devices.
Fran Rosch, vice president for authentication services at VeriSign, told AP that banks and merchants participating in VeriSign's password network can share codes, so consumers wouldn't have to carry multiple cards and devices or even one of each. He also said that he expects to announce a major bank using the new cards in May and those would be compatible with services currently using other devices.