nCipher helps combat phishing attacks with Chip and PIN
May 24, 2005 Comments (0)
All of Banka Koper's retail and commercial customers have been issued with MasterCard OneSMART cards, a next generation chip and PIN credit or debit card that contains sophisticated EMV standards-based security technology to better prove their identity in non face-to-face transactions. When accessing their bank account or shopping online, users will be prompted to authenticate themselves to Banka Koper by inserting their card into a portable reader also provided by the bank. After users enter their PIN the card securely generates a unique, but more importantly dynamic, password which the user then types into the web page. By entering this 'one time only' password rather than a traditional, static password that may be used for many years and across multiple sites, the impact of that password being compromised is limited to a very short period of time and a specific web connection and the commercial risk is therefore greatly reduced.
The combination of using a standard EMV payment chip card such as OneSMART along with the secret PIN results in a strong, two-factor authentication process that deters identity phishing attacks and reduces the fraudulent use of stolen cards. Phishing schemes typically use email or other messages that appear to come from a trusted service provider such as a bank or an online retailer. These messages attempt to lure people to bogus websites, where the victims are asked to enter personal information such as passwords, PIN numbers and credit card numbers. MasterCard's Chip Authentication Programme (CAP) counteracts such schemes since there are minimal gains to be made from capturing a password that cannot be used without the chip card being present at the same time.
nCipher's payShield(tm) is a secure hardware security platform designed for use with MasterCard CAP and that supports the EMV standards. PayShield secures the host side authentication mechanisms on behalf of the card issuer. This enables the issuer to strongly authenticate its customers as they take advantage of services provided by the issuer itself, such as home banking, or services offered by merchants or other third parties who wish to better validate the card and cardholder prior to receiving approval to go ahead with the transaction.
"For a card authentication solution to be truly effective in a non face-to-face environment, it has to offer a high level of security, and be low-cost and consistent across multiple channels. The MasterCard Chip Authentication Programme is designed to address these concerns. nCipher's payShield plays an important role in the MasterCard CAP programme enabling us to offer an online experience that is both safer and fast and can help issuing banks greatly reduce the effects of phishing attacks and online credit card fraud " said Fikret Ates, Vice President, Chip Product Management at MasterCard International.
"Banka Koper is particularly proud to be one of the very first MasterCard OneSmart deployments and so offering our customers the highest levels of security and authentication when accessing banking services online," says Gojmir Nabergoj, Smart Card Migration Manager at Banka Koper. "nCipher has offered us huge support in setting up this project and their payShield HSM provides a flexible platform for delivery of this and future authentication requirements."
"Minimising the exposure of sensitive customer information such as card numbers and PINs to both internal and external threats is a critical requirement of a highly secure online payment solution. We are excited to be able to work with MasterCard and Banka Koper to provide a solution that delivers the level of security demanded by MasterCard International and its member banks in their efforts to reduce financial risk and build confidence for online customers," said Ron Carter, Payments Product Manager at nCipher.