DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
July 10, 2008
Barriers to overcome in 2FA credit cards
Credit cards able to generate one-time PIN (OTP) could offer better security for users, but the technology first needs to overcome some barriers in order to gain mainstream acceptance.
Last month, Emue Technologies said it is embedding OTP-enabled microprocessors into EMV (Europay-Mastercard Visa)-compliant cards. Visa is reported to be trialing one of the cards.
According to Ronnie Ng, Symantec's Singapore systems engineering manager, credit cards with in-built tokens can address risks associated with the three-digit card verification value (CVV) when it is stolen and used illegally--thereby, reducing the risk of card-not-present (CNP) fraud. CNP transactions are made via mail, telephone or the Internet, where no signatures are required and merchants assume some 90 percent liability in cases of fraud.
"The CVV is the security number stated at the back of a credit card and always remains the same, making it easier for the number to be detected and misused," Ng explained in an e-mail interview. "However, the one-time password generated on the credit card will constantly change, so someone can only use the PIN if they have the card in their possession."
Abhishek Kumar, senior research analyst at IDC's Financial Insights, said embedding two-factor authentication (2FA) is a "good security option" for Web transactions such as online shopping. However, he said there are several factors that impact the success of the technology.
Cost, for one, is a significant barrier.
Kumar said: "EMV cards are already a big cost concern for banks as they are, on average, three times the cost of the normal magnetic stripe cards. For banks looking to implement EMV--mostly to prevent card cloning activities--the costs of implementing both a 2FA, and EMV solution may be too high to bear."
In addition, Kumar noted that hardware tokens as a second authentication factor are regarded by financial institutions as an expensive investment.
"Banks may also be unwilling to pay for the additional cost per [credit] card if they have already made the investment in 2FA tokens, especially since 2FA credit cards are not a regulatory requirement," he said.
Emue Technologies' CEO Brendan McKeegan acknowledged, in an e-mail interview, that the OTP credit cards are more expensive but did not indicate by how much. However, he said some financial institutions still find the technology a viable option.
The total cost of ownership when compared to having separate tokens and credit cards is in some cases more favorable, McKeegan pointed out. "Banks also see our product as an opportunity to gain market share."
IDC's Kumar noted that another concern is the shelf-life of these 2FA cards. "Ideally, they should last as long as normal magnetic stripe credit cards, which I believe is roughly four to five years," he said.
Kumar and Symantec's Ng also warned that 2FA credit cards remain susceptible to security risks, such as "man-in-the-middle" attacks.
Ng pointed out that even with an enhanced level of technology, there "will always be a certain amount of risk".
Another security concern is that hackers will find a way to capture the user's PIN number on the card, making it easy to access the accounts of stolen cards," he said.
No plans for Asia, yet
According to Emue Technologies' McKeegan, the company is currently working with banks in Australia and Europe, but has "not formally engaged with Asian banks".
Kumar said OTP credit cards are "definitely an option for Asia's banks", but may not be relevant in all markets.
"Emerging economies such as Vietnam, may not find this solution as relevant due to the [current] relatively low level of online shopping and transactions," the analyst said.
Visa declined comment for the story.
Source: ZDNet Asia
All news for August, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
