All Top Banking

SafeTPIN Side Effects

Posted by John B. Frank Saturday, April 25, 2009

Here's yet "another" reason why banks should utilize HomeATM's SafeTPIN for authentication. 

SafeTPIN securely authenticates the user by allowing them to swipe their bank issued card and enter their bank issued PIN.  No data other than the information contained on the magnetic stripe is collected so the privacy issue being discussed below is moot.  End result? 

Fraud elimination, consumer privacy protection AND it enables the online banking customer to securely pay bills, transfer money and conduct safe eCommerce transactions, all with 2FA, 3DES end to end encryption and DUKPT key management. 


CAUTION: If your financial institution employs a "Username:/Password" style authentication,
side effects from using our 2FA (two factor authentication) PCI 2.0 certified SafeTPIN PED may include: enhanced image for the bank, elimination of the threat of a cloned website, DNS attacks, malicious code, malware, keylogging, click jacking, worms and zombies.  Be aware that Cloned cards won't work in our SafeTPIN and phishing attacks are useless.  Pregnable transactions should not use SafeTPIN.  Please consult with your technician!      

Device identification in online banking is privacy threat, expert says | Security - CNET News

SAN FRANCISCO--A widely used technology to authenticate users when they log in for online banking may help reduce fraud, but it does so at the expense of consumer privacy, a civil liberties attorney said during a panel at the RSA security conference on Thursday.


When logging into bank Web sites, users are typically asked for their user name and password. But that's not all that is happening. Behind the scenes, the server is taking measures to identify the device being used in an attempt to verify that the person logging in is the person whose account is being accessed under the assumption that most people use the same computer for banking.

Wachovia, which recently merged with Wells Fargo, tags the consumer's computer with a unique identifier, said Chris Mathes, an information technology specialist in online customer protection at the bank.

The technology not only can be used to allow legitimate customers into Web sites, but also to block computers that have been targeted as "bad actors," said Todd Inskeep, a senior vice president for the Center for the Future of Banking at Bank of America.

Even though none of the information gathered during a log-in is personally identifiable, the bank shouldn't have to collect regular data on when, how often and from where a consumer accesses a bank account, said Jennifer Granick of the Electronic Frontier Foundation. Such information can be compiled with other more sensitive information to create profiles and cross referenced to learn more about consumers, she said.

For instance, the bank could learn who a consumer's roommate is if the same computer is used regularly to access different accounts, Granick said. Consumers also could be deemed suspicious for breaking with their patterns on deposits or withdrawals or the information could be sold to advertisers, she added.

Continue Reading at CNET





Reblog this post [with Zemanta]

3 comments

  1. Anonymous Says:
  2. "Be aware that Cloned cards won't work in our SafeTPIN" - can you expand on how "Cloned cards" won't work?

     
  3. Try entering a PIN with a cloned card. If it's not PIN Debit, try swiping it and see if it get's authenticated. You'll wind up in jail. That's why.

    Questions anyone?

     
  4. Ooops...! Clarification. You'll wind up on PROBATION. There's only jail time if you use a water gun to rob a bank of $2000. Steal $200,000 online and you get probation.

    In all seriousness, there's 3 reason a cloned card won't work: However, those three reasons are moot unless you swipe the card. Since cloned cards are "typed" instead of "swiped" I don't need to get into them...however:

    Swipe the card and:

    1. We authenticate the card
    2. We authenticate the merchant where the card is used
    3. We authenticate the bank the card is drawn on.

    I

     

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio