The major payment card players were out in force at the Cartes annual trade show, showing off their latest password generators for conducting online transactions, most thin enough to fit in a wallet. Writer Wendy Atkins.

Cartes, the annual cards trade show in Paris, can always be relied on to train a spotlight on some interesting industry developments – and this year was no exception. While many firms were keen to promote their involvement in yet more contactless payment pilots – that did not always appear particularly different from some of those announced 12 months ago – the developments that caught the attention were in the slightly less sexy area of online banking and payments, where fraud migration and consumer concerns about making payments in the digital world remain a challenge.

Several companies have made progress with Chip Authentication Program (CAP) strong authentication solutions for online banking and eCommerce. For instance ­Xiring highlighted its new 3.5-millimetre-thick XiSign 4900 bank card reader, which it claims is the slimmest available. The firm adds that a user can easily slip it into their wallet and carry it easily wherever they go.

Gemalto unveiled its Ezio Optical reader, an optical authentication device designed to fit in a wallet along with a banking card for online transactions. An optical sensor captures the data users would normally enter from a keypad to carry out and sign online transactions. The device seems pretty user-friendly. Cardholders present the device in front of their PC screen and the data needed for authentication and signature generation is instantly read. No software needs to be installed to use the device.

“The product has generated some strong leads, and we expect to deliver it to customers early next year,” a Gemalto spokesperson told The Banker. Its launch followed hot on the heels of the company’s October unveiling of the Ezio Thin Reader, a miniature authentication device that can be used for one-time passwords (OTPs).

From eBanking to eCommerce

Visa also revealed some of its developments in the OTP area. Although it continues to demonstrate Dynamic Password Authentication, whereby a chip card and a small handheld card reader are used together to generate an OTP, its latest development could well be welcomed by the millions of frequent travellers who are not keen on the idea of carrying a cumbersome bankcard reader. It takes the form of a standard Visa chip card with an eight-digit alphanumeric display and a 12-button keypad, enabling users to create one-time passwords on the card without needing to carry a reader. Over the next few months it is scheduled to be piloted by several European banks, including MBNA in the UK, Cornèr Bank (Switzerland), Cal (Israel) and IW Bank (Italy).

“The card has a built-in battery with a three-year lifespan and is fully compliant with Verified by Visa,” explains Sandra Alzetta, senior vice-president and head of innovation at Visa Europe. “In addition to removing the need for a separate device – such as a card reader – this could also accelerate the adoption of Verified by Visa. Because a dynamic passcode is generated using the cardholder’s existing PIN, there is no need to register for, or remember, a dedicated Verified by Visa passcode. And because the PIN itself is never transmitted and the passcode is only valid for a single transaction, it reduces the risk of phishing attacks or of keystroke logging.”

MasterCard has opted for a different approach to the online payments problem. “We looked at solutions based on an OTP on the card and believe we have a more practical solution,” says Luke Olbrich, senior business leader, SEPA Debit Solutions, Debit Centre of Excellence, MasterCard Worldwide.

“We’ve gone for the CAP reader because most Europeans have it already and know how it works. Banks can leverage their investments in chip technology and do not need to re-educate consumers, so it can be easily integrated into eCommerce and eTransactions.

“Although CAP solutions have traditionally been used for simple eBanking transactions, customers of KBC and Fortis in Belgium, Nordea in Sweden and Bank Koper in Slovenia are now extending their use of CAP from eBanking to eCommerce.

“Customers wishing to make a purchase online insert their card into the reader and enter its four-digit PIN. If the PIN is correct, the card generates a unique eight-digit number – also known as the SecureCode – which the customer can see on the device’s display.

“By entering this dynamic SecureCode in place of a static password in the SecureCode window, the transaction can then be validated and the payment made.”

In addition to the CAP reader, MasterCard has unveiled the Advance Registration Program. It says this is designed to help improve the speed and convenience of using Maestro debit cards while maintaining their security and allowing eCommerce merchants to reach a largely untapped audience by accelerating and streamlining payments.

Mr Olbrich says: “KRC Research reveals that, in the UK, about 40% of internet transactions are on debit cards.” MasterCard recently informed its membership that key e-commerce merchants, including i-Tunes and Amazon, have joined the programme.

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter