Saturday, May 9, 2009

Nothing Phishy About PCI 2.0 Certified "Card Present 2FA"

Attn: Banking Institutions:  The phishing problem can be immediately solved with "Card Present" Two Factor Authentication.  And two of the steps are already in place.

1: Bank issues Card, 
2. Bank Issues PIN, 
3. Bank Issues HomeATM's iSwipe. ($12.00...less in quantity) 

A: Customer Swipes Card
B: Customer Enters PIN. 
C: Log-in authenticated, phishing problem solved. 


The growing popularity and success of Internet banking has brought on unprecedented attacks from gangs of well organized cybercriminals, according to AIB today.

For example, the number of phishing attacks on AIB in April 2009 surpassed the total number experienced in the whole of 2008, it said.

Online banking is growing in Ireland with AIB's Internet Banking service showing continued growth with over 570,000 customers (up 18pc) now regularly banking online. The number of transactions completed online also continues to grow strongly (up 27pc) in 2008.

HomeATM eliminates phishing attacks completely because the user MUST authenticate themselves by 1. swiping their bank issued card and 2. entering their bank issued PIN.  So even if the phisher obtained the Primary Account Number (PAN) and the Personal Identification Number (PIN) they would still be unable to log-in without physically swiping the card.  (Editor's Note:  It is highly unlikely anyone could obtain both the PAN and the PIN, I just use that to demonstrate how secure our 2FA log-in is.  It's not only two-factor-authentication, it's "card present" 2FA.  What the world needs now is "Card Present in a Card Not Present World."  It really is that simple.  See "Something Phishy About Bank's not Using Card Present 2FA"

Reblog this post [with Zemanta]

Disqus for ePayment News