By Tim Ferguson, 15 February 2007 16:10
NEWS
A new payments system aimed at reducing 'card not present' fraud is to be trialled by UK payments association Apacs.
Apacs has developed the system, which uses a handheld card reader, from the global standard created by card companies MasterCard and Visa. It is designed for online and telephone transactions which are potentially vulnerable to fraud because they can be carried out with card details only - and do not require a PIN or signature.
To make a purchase with the system, customers first insert their card into a small handheld reader and enter their pin number. This generates an eight digit number - valid for one transaction - which customers enter online or give to a phone operator to secure the payment.
An Apacs spokesman said the organisation was working towards a trial later in the year and discussions about which banks will be taking part are ongoing.
Postcards from the bleeding edge
Read the latest missive from tech guru and silicon.com columnist, Peter Cochrane, as he blogs from around the world.
He said: "[The card reader system] will definitely help in the battle against card not present fraud."
Several UK banks have already trialled the technology. A Barclaycard spokesman said: "Barclaycard has tested [the system] and we were encouraged by the initial results and we're in a period of further testing."
He added the system will also be rolled out to select customers later in the year.
Lloyds-TSB has been testing a number-generating key fob to make transactions more secure but is also looking at the card reader system.
A Lloyds-TSB spokesman said: "We'll be moving in that direction."
Comments
There are 5 comments. Join the discussion
1. Charles Smith
These handheld card readers will be the mugger's dream come true. Now when they steal your bank cards they can demand the pin numbers and check them on the spot.
2. anonymous
This system may offer increased security, but it also requires new devices to be carried and a new process to gate transactions... it will result in reduced sales for merchants as customers will enage is less impluse purchases...
Further, the solution does not provide any protection from identity fraud... There has to be a simpler way to provide protection from fraud...
3. Stephen Meredith
The only thing that this system will prove is that a valid card is being used to make the transaction. It does not prove that the person who has the card at the time is the person it belongs to or is authorised to use it.
If the person was asked to return only part of the one time number based on a secret algorithm only the card owner knows it could signficantly improve the authentication process.
On a more basic point - will the bank be issuing all their customers with a card reader? Sounds like a very expensive solution to me.
4. Simon Allen
I was involved in the trials of the original card-swipe telephones introduced in the UK in 1983. I was the telecomms manager at Harvey Nichols for an onsite trial of 20 units with AmEx and Barcalycard.
This is another waste of time. If the merchant chooses not to follow the basic procedures:
To check full address with card company.
To request the printed card code.
To NOT send goods to any address OTHER than the registered address.
To get an autorisation code for even the smallest transaction.
Does not monitor the way their staff handle their customers information.
... then it doesn't matter what gizmos are invented!!!!
5. Faisal R. Danka, MBA, CISA, CISM, CISSP, PRINCE2
Two factor authentication is what it is, card reader just sounds like another overly-complicated product. A fob like RSA token (which most of us are use to to get remote access) should be adequate enough.
Key is to authenticate via what you know (card number) and what you have (number-generating fob). I do not see this card reader, adding any additional layer of authentication on top. Maybe in a few years, we could also see authentication by who/what you are (biometrics) *though still too early to speculate*.