New Card Introduced for Financial Institution Authentication Use

New Card Introduced for Financial Institution Authentication Use
In what is being described as a “wow” product in the growing line of multi factor authentication products being developed to meet increased regulation for stronger authentication, VeriSign Inc., announced its partnership with Innovative Card Technologies, Inc., the developer of the ICT DisplayCard, to launch credit and debit cards that generate six digit, one-time use passwords as a form of online authentication. The new card was unveiled last week.

“What we’re seeing with the growing press coverage and awareness of identity theft, consumers are beginning to ask their financial institutions, or their health care, or any other site or business that holds the consumer’s sensitive data, what is being done to protect that information?” said Fran Rosch, Vice President of authentication solutions at VeriSign, Inc.

The card is being tested at several international banks, including a bank in Korea, Meritz Securities. According to John A. Ward III, Chairman and CEO of Innovative Card Technologies, the Korean banking industry is a good start for the card. Korean regulators have taken a very strong stand on authentication for online banking, and they’re even more stringent than the banking regulators in the U.S. “The Korean equivalent of the FFIEC is much more stringent, and the Korean online banking segment has a higher percentage of users compared to the 63 million online banking customers in the U.S., Korea has 33 million online banking customers,” Ward said.

Ward said two major markets the card will be ideal for are in the enterprise management sector, for companies that have secure networks, and the financial services industry, including banks, credit unions and brokerage firms.

“Banks and other companies have wrestled with this need for stronger authentication. Because of the challenges presented by consumers didn’t want just a device for security only, like a token, they were looking for something that was embedded in something they use, that they carry already, such as a credit card or a mobile phone,” Rosch noted, adding, “As this card takes off, I think we’ll see a proliferation of this extra level of security for the consumer end. It’s easier to deliver one card with everything on it instead of carrying something else to validate your sign in.”

“Most people don’t embrace a token or key fob. They’re clumsy and people leave them at the office or misplace them,” Ward said. While there are an estimated 45 million token passcode generators being used in companies, the use and acceptance of tokens isn’t as easily transferred to consumer use.

The other market segment targeted is online private banking, small business, middle market and securities trading. “Because these areas have sizeable transactions anywhere from a couple hundred to several thousand dollar transactions, the need for security is greater,” Ward noted. And the initial cost of the new card, $12, would not be a turnoff. “The account profitability is such that a $12 fee, or even a minimal charge of $1 or $2 per account, or even they gave you a card, is negligible compared to the profit they make off of these market segments,” he explained. Compared to the average cost to make a credit card (35 cents), Ward noted in the short term, “The cost is high, but will go down over time, when the product matures. However, this card could be viewed as a companion card; it could be an ATM card, or a debit or credit card.”

When Ward showed a prototype of the card to a group of investment bankers, (who are known not to be easily impressed), “Their reaction was ‘Wow.’ They could not believe that you could get a two factor authentication in the form and size of a credit card. They were shocked,” Ward said.

The other element of this solution that makes it attractive is VeriSign’s network, where a consumer could, eventually with one credential, sign in with that one card and access a broad set of websites, Rosch explained.

“If your bank or credit union issued you a card with one of these one time passwords embedded into it, you could not only do transactions with your bank or credit union, but also shop and do business at e-Bay or Pay Pal and also protect your accounts there, or any other company that is a member of VeriSign’s Identity Protection (VIP) network,” Rosch said. While the international banks VeriSign has talked with are cautious about revealing their plans, Rosch said there has been a lot of interest in the U.S. market.

In 2006 many large companies looked at solutions for customers, and they piloted token solutions, “e-Bay, Pay Pal, e-Trade, and others came out with some type of token solution, and they’re increasing it into the wider market,” Rosch said, and added, “In 2007 I think we’ll see a lot of firms piloting this card, and in 2008, we will see mass distribution of it.”

The lifetime of the card is expected to be the three-year life of the battery (which incidentally is the same lifetime as most regular credit cards.) The size of the card is the same as a regular ATM or credit card, but the card has an ultra-thin battery inside that will generate the six digit code when a button is pressed on the front of the card.

The cards would also help consumers protect personal and account information and would enable the financial institution to double check the user’s identity. If a keylogger was on the computer being used for the online transaction, the account user name, static password and then the randomly generated number would be of no use to a hacker, as any future transactions on the account would require a new generated passcode that the hacker would not be able to get. The only way the account could be compromised would be if the card was physically stolen and the thief had the user name, static password, and the card.

It's the benefit of two-factor authentication, plus it doesn’t include the token factor, Ward noted. The cards, according to VeriSign, have been certified through Visa and MasterCard, so any bank with a relationship with them can buy into these cards and pass them out to users. Ward concluded, “Multi factor authentication is great, but you also want your customer to be comfortable with it. They already use credit cards, and you as a bank don’t want to have to issue another piece for the customer to be required to use.”


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.