Fraudsters are increasingly trying to commit crime to reflect the way we behave – as we shop more online or by phone, the fraudster is increasingly targeting those areas.
To protect you the retailer, and of course your customers, and to help drive the use of these ‘distance-selling’ channels, APACS is working closely with banks, card schemes and systems vendors on a range of initiatives to ensure that the person making a ‘card-not-present’ payment is the genuine cardholder. A remote card authentication system is one key initiative being considered within the next generation of solutions.
How does the remote card authentication work?
A remote card system enables two-factor authentication, which uses something a cardholder has and something a cardholder knows. There are a number of different solutions to implement such a system.
One solution is for a cardholder to insert their chip and PIN card (i.e. something the cardholder has) into a hand-held card reader provided by their bank, and entering their PIN (i.e. something the cardholder knows). On validating the PIN entered, the reader generates a one-time only passcode, which the cardholder provides to the retailer for authentication with the cardholder’s bank.
The card reader uses the security features built into the chip on the card and is never connected to the internet.
This solution leverages customers’ familiarity with chip and PIN in the ‘card-present’ environment as well as building upon the current technology implemented by both the banking and retailing industries.
Last updated: October 2007 - watch this space for the latest updates on the trial.
 |
