The Star Network today introduced Star CertiFlash, a new PIN debit application that advances point-of-sale (POS) security using one-time card number technology.
The STAR CertiFlash technology is programmed onto a contactless chip embedded within a payment device. For each transaction, the chip encrypts and transmits a card number that is good for only a single use.
STAR is one of the nation's leading EFT networks with more than 2 million retail and ATM locations, and a First Data company. First Data is a global leader in electronic commerce and payment processing.
In addition to the one-time card number, a STAR CertiFlash transaction is protected by additional security measures designed to greatly reduce exposure to transaction data compromise. By using multiple security layers, STAR CertiFlash can help further reduce fraud on transactions performed at the point of sale.
New security features of STAR CertiFlash
• With patent-pending one-time card number technology, the consumer's real account information is not used in the payment transaction, and so would not be available via STAR CertiFlash transactions to criminals hacking into a merchant's system.
• Skimming - intercepting card data between the card and the reader - would retrieve the one-time card number and not the real card information. Fraudulent white plastic or card-not-present transactions attempted with a skimmed STAR CertiFlash one-time card number will be declined due to the advanced STAR CertiFlash security layers.
• STAR also translates the one-time card number back to the real card number using a hardware-protected cryptographic process, to send to the issuer for authorization.
"STAR CertiFlash is exactly the type of innovation we were anticipating when we chose to participate in the STAR Network, and we are watching its development with interest," said Steve Karp, senior vice president, Enterprise Payments Strategy at SunTrust. "STAR's focus on advancing payment security continues to set new standards and move the industry forward for the benefit of consumers, merchants, and financial institutions alike."
STAR CertiFlash will be made available to all STAR member financial institutions, which can then offer advanced convenience and security to their customers and members on a variety of payment devices currently available - such as debit cards, prepaid cards, payment fobs and payment stickers - as well as in future mobile applications.
Data breach incidents continue to be a growing source of losses. According to the 2009 U.S. Cost of a Data Breach Study, conducted by Ponemon Institute and published in January 2010, the average total per-incident cost of data breaches reported in 2009 was $6.75 million, compared to an average per-incident cost of $6.65 million in 2008.
"The promise of chip-based contactless technology to reduce fraud has not been fully realized in the U.S., but STAR CertiFlash alleviates the PCI compliance concerns with one-time account number generation," said Julie Saville, vice president, Product Management, for the STAR Network. "By introducing STAR CertiFlash, STAR demonstrates its commitment to developing meaningful innovation that brings value to our members and to the payments industry through heightened security, increases in transaction volume and penetration of the cash payment market. It is our hope to help accelerate contactless adoption while providing secure technology and increased choice that consumers can feel confident about using."