VeriSign builds security token into bank cards

Stephen Withers
Wednesday, 02 May 2007 13:20

Your IT - Home IT

Some banks are trying to improve online security by issuing customers with tokens that generate one-time passwords, but that's just another thing you have to carry around. VeriSign thinks it has found the answer: build the token into an otherwise normal credit or debit card.

The idea is that the token generates a password that changes with every transaction, so that even if a miscreant obtains a user ID and password, they are useless without the token.

VeriSign has teamed with Innovative Card Technologies to build this style of authentication into a card. It would be used with the VeriSign Identity Protection service to reduce the risk of fraudulent online or phone-based transactions.

For example, it could be used by banks to help protect their Internet banking services, or by businesses such as PayPal that accept large numbers of online card transactions.

"For businesses to inoculate themselves against online fraud, they must make it convenient for consumers to authenticate their identity with every transaction," said Fran Rosch, vice president, authentication services, VeriSign.  "Integrating the ICT DisplayCard with VIP gives our customers more protection than ever, and illustrates VeriSign’s commitment to offering the latest methods of authentication in form factors that accommodate the way consumers live."

However, this type of two-factor authentication is not a complete answer to securing online accounts against phishing, as it is vulnerable to automated man-in-the-middle attacks. The bogus site can intercept the user ID, password and one-time password, and then quickly use these credentials to carry out a fraudulent transaction.

InCard Technologies’ Chairman and CEO John Ward III added "We look forward to providing VeriSign’s clients with an additional layer of strong authentication in the best possible form factor for one-time passcode generation – a card that fits in a wallet."

No indication was given of the relative cost of existing tokens and the new cards, and no customers were announced.