A password for your credit cards

["Richard M. Smith" <rms () computerbytesman com>]

A password for your credit cards 

By Joris Evers
 
<http://news.com.com/A+password+for+your+credit+cards/2100-1029_3-6101121.ht
ml>
http://news.com.com/A+password+for+your+credit+cards/2100-1029_3-6101121.htm
l 

Story last modified Wed Aug 02 04:45:10 PDT 2006 

 
 
<http://adlog.com.com/adlog/i/r=6465&s=677715&t=2006.08.02.13.17.50&o=1009:1
029:&h=cn&p=2&b=5&l=en_US&site=3&pt=2102&nd=1029&pid=&cid=6101121&pp=100&rqi
d=01c18-ad-e744C8DA46242C2B7/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.
gif> 

As banks face an end-of-year deadline to strengthen online authentication,
one company believes it holds the right card to customer security--a
one-time-password. 

Los Angeles-based
<http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.incardtech.com%2F&siteId=3
&oId=2102-1029_3-6101121&ontId=1009&lop=nl.ex> Innovative Card Technologies,
or InCard, has found a way to build a display, battery and
password-generating chip into a card, such as a credit card. The technology
competes with tokens, such as those sold by RSA Security, Vasco and
VeriSign. 

 <http://news.com.com/2300-1029_3-6101043-1.html> credit card 

"We took a form factor that was awkward and fat and miniaturized it," Alan
Finkelstein, InCard's chief executive officer, said in an interview. "The
current tokens are clumsy and can only do one thing well, issue the one-time
password. Our card can be your credit card, your employee ID card and give
you access to buildings." 

Just like the tokens, the card, called a DisplayCard, generates passwords
that can be used to validate online logins or transactions, for example when
banking online. The cards offer an extra level of security, in addition to
the
<http://news.com.com/Finding+a+replacement+for+passwords/2100-1029_3-5586249
.html?tag=nl> traditional login name and password. Some banks, such as
online broker ETrade Financial, have provided high-net customers with tokens
for some time. 

The InCard product comes as financial services companies are under
increasing pressure
<http://news.com.com/RSA+to+test+new+Web+authentication+service/2100-1029_3-
5895471.html?tag=nl> to improve the security of online transactions. The
Federal Financial Institutions Examination Council
<http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.ffiec.gov%2Fpress%2Fpr1012
05.htm&siteId=3&oId=/RSA+to+test+new+Web+authentication+service/2100-1029_3-
5895471.html&ontId=1009&lop=nl.ex> recommended last October that banks
introduce multiple-factor authentication by the end of 2006. 

It took InCard four years to develop the card, Finkelstein said. The company
combined technology from a Taiwanese display maker, a U.S. battery
manufacturer and a French security team, he said. A Swiss partner,
<http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.idee-dailleurs.ch%2Fnagrai
d%2F&siteId=3&oId=/RSA+to+test+new+Web+authentication+service/2100-1029_3-58
95471.html&ontId=1009&lop=nl.ex> NagraID, owns the rights to the process to
combine the pieces and actually manufacture the technical innards of the
card. 

The biggest development challenges were the ability to bend the card, power
consumption and thickness, Finkelstein said. The result is a card that's as
thin and flexible as a regular credit card and is guaranteed to work for
three years and 16,000 uses. "Which is about 15 times a day, seven days a
week," Finkelstein said. 

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.