NEWS Barclaycard has issued 5,000 of its UK customers with credit and debit card readers designed to help cut fraud and reduce exposure to phishing attacks.
The card readers, first reported on silicon.com last year, contain a numerical keypad and a small display. They can read the cards using chip and PIN technology that is currently being rolled out on credit and debit cards to replace signatures.
To purchase an item from a website supporting the new system, users type in their credit or debit card details as usual, and are then prompted for a special password that has to be generated by the card reader.
Users can generate the password by inserting their card into the reader and typing in their usual PIN. This authorises the reader to generate and display the passwords so users don't have to send personal PINs over the internet or use it when making telephone mail order purchase.
While the industry accepts such innovation will not eliminate fraud or phishing attacks Ron Carter, payments product manager at security software specialists nCipher, said the system ensures customers can shop online with more confidence.
"This raises the bar significantly" for the fraudsters he said.
nCipher, Barclaycard's technology partner on the card reader project, estimates that between 35 and 40 per cent of all credit card losses result from transactions where the cardholder is not present. The card reader has been designed specifically to reduce these losses.
Andrew Kellett, senior research analyst at Butler Group, said as the whole country moves to chip and PIN cards, this system will provide greater security, especially for regular online shoppers.
"It is something that will have a great deal of appeal to regular internet purchasers. The main benefit is that you never type in your PIN," said Kellett.
Dave Taylor, senior product manager at Barclaycard, said he hopes the new system will open ecommerce to users who were previously put off because of security concerns.
"Allowing for the secure authentication of our cardholders from wherever they happen to be breaks down critical barriers to ecommerce, making the shopping experience both more secure and convenient for consumers," Taylor said.
Munir Kotadia writes for ZDNet UK
Comments
There are 3 comments. Join the discussion
1. anonymous
Am I missing something here? I have never been asked to type my PIN into a web page and never would either. Surely this is against all bank advice!
2. Tim Molloy
I was wondering how Tesco pay at pump fuel purchase can be secure, as you do not have to sign or enter a PIN number. The insertion of a valid credit card into the fuel pump is sufficient.
3. Ruprecht
I would guess that Tesco take the risk (hence a limit of 30 quid) of a 'cardholder not present' transaction...