• Home
• About Gemalto
  • Our Company
  • Corporate Governance
  • Sustainability
  • Investors
  • Partners
  • Office Locations
• Products & Solutions
  • Telecommunications
  • Financial Services & Retail
  • Enterprise
  • Government
  • Transport
  • Training
  • Buy On-Line
• Contact Us
  • Office Locations
  • Jobs/Careers
  • Tech Support
  • Sales/Other
• Media Center
  • Media Contacts
  • Feature articles

Focus

Online Security With Smart Bank Cards

EMV smart cards can be used to secure “Card Not Present” transactions - online and telephone purchases where the card cannot by swiped in a payment terminal. In fact, by making chip cards an active part of the online or phone authorization process, stolen payment card numbers can be made useless to thieves.

There are two ways to accomplish online and telephone transactions with smart bank cards – with an USB reader connected to a PC, which would work much like the POS device in an in-person transaction, or with a One-Time Password (OTP) device.

With the OTP device, end users insert the EMV smart bank card into a small handheld device (with keypad and display) issued by their bank, and enter a PIN. Once the chip confirms the PIN as valid, a one-time password is generated for use on the merchant Web site. The cardholder then enters that number using the keyboard or the phone. With this method, an end user can have the same confidence shopping online and by telephone as when paying with an EMV smart bank card in person.

Caption: EMV cards can generate a unique key for each payment transaction. With one-time password (OTP) readers (left), end users must type the key on the PC keyboard. By using an EMV card and a USB reader, the authorization can be performed online just as it is at a merchant location. Either way, EMV cards can prevent stolen payment card information from being used online.

For issuers and merchants, making the EMV card an active part of online and phone payment authorization would mean stolen account numbers and CVV2s - the printed security number used for online and phone transactions - could no longer be successfully used for fraudulent online “card not present” transactions.

Barclays, a leading bank in the United Kingdom, deployed a product like this called PINsentry in July 2007, which now has more than a million devices in use for online bank account login. The organization has stated publicly that not one PINsentry online customer has suffered fraud since that time. They also reported extremely positive user feedback and customer acceptance. (http://www.computerweekly.com/Articles/2008/07/16/231500/barclays-pinsentry-has-unblemished-fraud-record.htm)

MasterCard and Visa both offer programs to better secure Card-Not-Present purchases. MasterCard created the Chip Authentication Program (CAP), a specification for using EMV smart bank cards for authenticating users and their transactions over the Internet and telephone. Visa has also created a specification for the same applications under the name Dynamic Passcode Authentication (DPA).

See also...

More info on Ezio EMV Authentication Solution

Protect e-banking services using the payment card

Gemalto offers a range of readers for securing online transactions using the smart payment card.
 

Case study: Barclays

United Kingdom: Ezio solution securing nearly 3 millions Barclays online customers.
In 2007, Barclays introduced successfully a secure ebanking solution, called PINsentry to their customers. 

> Read the brochure

Barclays PINsentry
Online Banking Solution

Barclays PINsentry

Barclays’ PINsentry uses dynamic authentication via a CAP reader