Deloitte banking on PIN sharp security

A bank card that allows workers to securely access company IT systems from outside the office is being trialled in the UK.

Up to 1,000 staff at Deloitte and Visa will be given new Barclaycard Corporate Visa cards, revealed by silicon.com last year, which generate one-time-use passcodes that allow remote access to the company IT system over a virtual private network (VPN).

The card has an embedded keypad and LCD screen, to allow users to enter their PIN and generate the passcode, which is then authenticated by the VPN.

The three-month pilot began last month and is aimed at demonstrating how much businesses could save by using the cards instead of investing in separate tokens to generate passcodes.

Simon Owen, who leads the information and technology risk practice at Deloitte, told silicon.com: "It allows you to combine the savings of not having to produce and distribute a separate dongle device with the security and convenience of having this in a credit card."

The two-factor authentication technology was developed by Barclaycard in conjunction with EMUE Technologies.

Deloitte used to rely on a separate dongle to generate a passcode but its 10,000 staff now use a mobile phone applet based on EMUE technology to authenticate access to systems via VPN. The applet works in the same way as the card, generating a one-time passcode after the employee enters their PIN.

"We believe that the EMUE technology offers 60 per cent cost savings over traditional security technology such as the dongle offerings," Owen said.

The card can still be used for authenticating ATM and Chip and PIN transactions and is swipe-card-reader compatible.

The passcode technology can also provide remote authentication to combat card not present (CNP) fraud and identity theft associated with online banking, internet shopping and telephone authentication.

CNP fraud using stolen UK cards cost £328.4m last year, accounting for more than half - 54 per cent - of all card losses.

Owen said: "EMUE is designed to stop CNP fraud that many banks say are hurting them at the moment."

Consumers could also use the technology to avoid being scammed by phone calls or emails, inputting an EMUE code into their card from the caller or the email to authenticate the correspondence.