Download Visa Dynamic Passcode Reader

page
1
page
2
page
3
page
4
Document related concepts
no text concepts found
Transcript 
Dynamic Passcode Authentication
Overview Guide
enables
Chip and PIN security
Dynamic passcode reader
Bank authentication service
Dynamic passcod
Visa cards are used in all payment environments: point-of-sale (POS), via the Internet, by mail or by
telephone. No other payment mechanism offers such flexibility, ease of use and convenience.
Visa cards are well suited to the Internet, offering consumers the same familiarity, convenience and trust
they are used to when purchasing face-to-face. Usage of Visa cards via the Internet continues to grow at a
higher rate than face-to-face sales. As additional levels of security are introduced via chip and PIN,
fraudsters are focussing more closely on the card-not-present (CNP) environment. It is therefore essential
that consumer confidence in this environment is not eroded. To this end, Visa is working closely with its
member banks to understand the implications of introducing additional levels of security. One of these
areas is dynamic passcode authentication.
provides
additional
security for:
de authentication
e-banking
What is dynamic passcode authentication?
Dynamic passcode authentication enables the added security
that chip and PIN introduces, to be used in the CNP
environment. It provides an additional layer of security that
has been designed to guard against online fraud. Like chip and
PIN in the face-to-face environment, dynamic passcode
authentication enables a form of two-factor authentication.
These two factors are:
1) Something the consumer has, ‘a card’
2) Something the consumer knows, ‘a PIN’
For CNP transactions such as online banking and shopping,
dynamic passcode authentication validates the cardholder’s
identity and physical presence of their card through the
combination of a Visa chip card and a corresponding pocketsized card reader provided by their issuer. Based on the chip
and PIN cryptographic algorithms, these generate a unique
numeric passcode that provides verifiable proof of the
cardholder identity. With additional data entry the passcode
can also serve as a digital signature for the transaction.
The reader itself is not ‘intelligent’ – it simply enables a user
interface to the authentication application contained in the chip
on the card.
How would a transaction using dynamic passcode
authentication feel?
Dynamic passcode authentication enables cardholders to use
the added security that their chip and PIN card offers, in
conjunction with a pocket-sized reader, to create a one-time
passcode each time they make a CNP transaction. The
cardholder would insert their Visa card into a handheld reader
and enter their PIN, thereby validating their identity. If the PIN
was valid, the reader would respond by displaying a unique
numeric passcode. The cardholder would enter this passcode
when prompted by the online banking website or at the
Verified by Visa authentication page in order to complete
their transaction.
e-commerce
Card Not Present Environment
Telephone Order
The one-time dynamic passcode is an alternative to static
passwords commonly used today in online banking or when
making purchases over the Internet. Because the one-time
dynamic passcode is useless in subsequent transactions,
dynamic passcode authentication extends protection against
online fraudsters and phishing attacks. It also leverages Visa
member banks’ investment in chip card technology and
consumers’ familiarity with chip and PIN.
Visa card issuers with smart card programmes could
implement dynamic passcode authentication on their online
banking sites and Verified by Visa authentication page to
further enhance fraud protection.
Potential benefits
Cardholders:
• A tangible security device increases confidence in
remote transactions
• Reduces the hassle associated with forgotten or
stolen passwords
Merchants:
• The baseline infrastructure for securing online purchases
through Verified by Visa means that merchants could get full
benefit from dynamic passcode authentication by simply
participating in the Verified by Visa programme
• Potentially the same solution as that for e-commerce can
be used for telephone order transactions
Member banks:
• Provides a form of strong authentication in the
CNP environment
• Helps counter spoofing and phishing attacks that
target passwords
• Leverages chip card investment
Optionally, the cardholder could also be prompted to enter a
challenge number that had previously been sent to them by
their bank, providing an even stronger level of authentication.
In either case, because the reader is completely offline and
has no Internet connectivity itself, it is largely protected from
compromise by hackers, thereby mitigating many of the risks
associated with open networks.
• Reduces costs associated with forgotten passwords for
online banking
• Could simplify the enrolment process for Verified by Visa,
since cardholders would not need to register a Verified by
Visa password
Visa Europe is currently working with members to validate:
the specifications. This approach would offer the greatest
economies of scale, an important consideration if moving to
mass issuance. Visa can provide the requisite specifications
and card personalisation parameters for enabling a Visa card
to interact with standard readers. Visa can also provide a list of
vendors who provide suitable readers. This information is
available to Visa member banks upon request.
• Implications for merchants of using this technology across
a number of CNP channels
Future roadmap
Where are we?
Visa Europe has demonstration kits (for both e-commerce and
telephone order) and a case study that are available for members.
It can also supply the associated technical specification.
• Cardholder impacts and usability across a number of
CNP channels
• Member impact from use across a number of CNP channels
• Receptiveness of different markets to use dynamic passcode
authentication across the payment card arena, as opposed to
the online banking/current account environment
What are the member implementation options
Implementing dynamic passcode authentication is entirely an
issuer decision, although in a number of markets we expect
issuers will collaborate at a domestic level to agree on a
national roll-out thereby potentially reducing costs and
encouraging consumer adoption. Once a decision is made,
implementation is a relatively simple process, as the core EMV
chip infrastructure is already in place.
The essential requirement is personalisation of the
authentication application in the card to match the banks
back-end authentication service – although it is technically
possible to utilise existing cards in the market. Standardised
card readers are available that will work with all cards meeting
The initial issuer motivation for implementing dynamic
passcode authentication is most likely to be as a way to secure
their current account environment from phishing and related
fraud. Since it is the Visa debit product that it typically
associated with current accounts, Visa debit cardholders are
likely to be the first to receive dynamic passcode authentication
enabled cards and associated readers.
Verified by Visa transactions for increased security in the
e-commerce environment would be facilitated by the fact that
the underlying infrastructure has been designed to
accommodate dynamic passcode authentication. Therefore,
issuers are also likely to extend dynamic passcode
authentication to Visa credit cards as well.
In the future and using Verified by Visa as the platform, it
could be possible to utilise dynamic passcode authentication
in the telephone order environment.
Ultimately dynamic passcode authentication may provide the
consumer with a single unified payment experience.
Regardless of whether they are paying in the face-to-face or
CNP environments they will know that they are protected by
chip and PIN technology.
Next steps
Visa can provide active support to members seeking to further
understand or to rollout a dynamic passcode authentication
service. For further information, please contact:
Dipak Chotai
Tel: +44 (0)20 7795 5039
Email: [email protected]
John Griffiths
Tel: +44 (0)20 7795 5281
Email: [email protected]
© Visa Europe 2006
XXXX-XXXX-X-XX-XX
Related documents
Visa International Operating Regulations
Visa International Operating Regulations
Computing Science - Newcastle University
Computing Science - Newcastle University
certification report - Organismo de Certificación
certification report - Organismo de Certificación
mBanking 365 Solutions
mBanking 365 Solutions
FOR IMMEDIATE RELEASE
FOR IMMEDIATE RELEASE
OMNIKEY® 3621 PIN Pad Reader
OMNIKEY® 3621 PIN Pad Reader
Soft Error Mitigation Techniques For Future Chip Multiprocessors
Soft Error Mitigation Techniques For Future Chip Multiprocessors
ethnic business in whose name? translocal belongings and
ethnic business in whose name? translocal belongings and
mobile financial services
mobile financial services
1 - http://snmp.adventnet.com/ AdventNet SNMP API 4
1 - http://snmp.adventnet.com/ AdventNet SNMP API 4
How Vulnerable Are We to Scams?
How Vulnerable Are We to Scams?
January 2017 - Golden Plains Credit Union
January 2017 - Golden Plains Credit Union
Proxy server
Proxy server
OMNIKEY® 3621 PIN Pad Reader
OMNIKEY® 3621 PIN Pad Reader
2 2014 Global Automotive Consumer Study
2 2014 Global Automotive Consumer Study
슬라이드 1
슬라이드 1
iCLASS SE® U90 Long Range Reader
iCLASS SE® U90 Long Range Reader