About The Blog

Debate at the intersection of business, technology and culture in the world of digital money, both commercial and government, a blog born from the Digital Money Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« 2.5D Secure | Main | Skynet merchant services »

It was 20 years ago today, again

By Dave Birch posted Nov 12 2008 at 11:36 AM

[Dave Birch] You've probably already read about Visa Europe's new trial with "PIN cards".

The Visa PIN card features an alpha-numeric display and a 12-button keypad built into the back of a conventional credit, debit or prepaid card. The card, developed using technology from Australia-based Emue technologies, promises a three-year battery life, overcoming a potential stumbling block to such schemes in the past.

[From Finextra: Four banks to trial Visa PIN code cards]

I was playing around with one of these cards a few weeks ago, and I can tell you that they are as far as I can tell exactly the same thickness as "normal" chip cards and fit in a wallet properly (a key factor, if you ask me). Could I imagine using them? Yes, and clearly people at MBNA in the UK, Cornèr Bank in Switzerland, Cal in Israel and IW Bank in Italy are assuming that their customers will think the same, since each is to begin pilots of the PIN card in the next few months.

The cards contain two microprocessors, one of them containing the standard EMV application to support "chip and PIN" transactions, the other implementing a one-time-password (OTP) application that takes in the PIN from a keypad on the cards itself and presents the OTP on the screen that is also built in to the card itself. Thus, you can use the card to provide 2FA through the 3DS interface: instead of registering a password and then trying to remember it, you use the OTP from the card.

This isn't a perfectly secure solution -- it doesn't defend against certain kinds of man-in-the-middle attacks -- but it's certainly considerably more secure than using phisable passwords. If the banks could offer the OTP infrastructure as a cost-effective option to third parties (including their own internet banking services), it would be even better, as I'd much rather log on to the Inland Revenue and Barclays internet banking using a debit card that worked this way than passwords buried and at the bottom of draws or dongles that I always forget!

Take a look at this picture I put together...

It was 20 years ago today (v2)

It's always helpful to understand more about the context for technology innovation in the payments world. As the picture shows, it's taken a couple of decades for the payment card with keyboard and screen to go from the early prototypes (hampered by the limited processing power available for the chips -- no cryptographic co-processor or anything like that -- and most of all by the very limited battery life) to a pilot that has a chance of entering the mainstream.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c4fd753ef010535e8d33b970b

Listed below are links to weblogs that reference It was 20 years ago today, again:

Comments

Hi Andrew,

I'm drawing a blank on this, can you re-send the e-mail please.

Cheers,
Dave.

Hi Dave,

I'm emailing you in regards to an email I sent to you last month about a partnership, have you had a chance to think about it?

If you have any questions or would more information, please advise me and we can go from there.

Kind Regards,
Andrew Knight

The comments to this entry are closed.