Consumer ATM/debit cards can be used on the Internet with transaction authentication and security comparable to point-of-sale purchases. These are the findings from a pilot run by Nacha, The Electronic Payments Association.
The Internet Secure ATM Payments (ISAP) pilot involved participants acting as consumers to make purchases at a Web site using ATM/debit cards. Instead of using a personal identification number (PIN), the participants digitally signed an electronic payment request.
The encrypted payment request was then sent through the STAR electronic payments network and the consumer's account was debited in real time. Digital signatures were substituted for PIN numbers in 598 successful transactions.
According to Elliott McEntee, president and chief executive officer of Nacha, digital signature technology can be used to secure transactions because the signature is transported through an electronic funds transfer (EFT) network and validated by the issuing bank.
During the pilot, the digitally signed transactions were validated 100 per cent of the time and the average response time for authorising a transaction was six to eight seconds. Approved transactions and denials were successfully returned to the merchant.
In addition to successful transaction processing, the pilot withstood attempts to compromise security and fraud.
The ISAP model is an open, interoperable architecture that is solution neutral. Because transaction security and authentication are comparable to PIN-based debits at the point-of-sale, Internet merchants are provided with equivalent transactions that are more difficult to repudiate.