nCipher Helps Combat Phishing Attacks with Chip and PIN

nCiphers payShield hardware security module (HSM) will play a key role in the MasterCard(R) Chip Authentication Programme implemented by Banka Koper in Slovenia to provide stronger authentication for their online banking customers and cardholders performing transactions online, thereby helping to reduce Internet fraud. All of Banka Kopers retail and commercial customers have been issued with MasterCard OneSMART cards, a next generation chip and PIN credit or debit card that contains sophisticated EMV standards-based security technology to enable them to better prove their identity when using their card in non face-to-face environments. When accessing their bank account or shopping online, users will be prompted to authenticate themselves to Banka Koper by inserting their card into the portable reader which is also provided by the bank. After users tap their PIN into the reader the card securely generates a unique, but more importantly dynamic, password which the user then types into the web page when prompted. By entering this one time only password rather than a traditional, static password that may be used for many years and across multiple sites, the impact of that password being compromised is limited to a very short period of time and a specific web connection and the commercial risk is therefore greatly reduced. The combination of using a standard EMV payment chip card such as OneSMART along with the secret PIN results in a strong, two-factor authentication process that deters identity phishing attacks and reduces the fraudulent use of stolen cards. Phishing schemes typically use email or other messages that appear to come from a trusted service provider such as a bank or an online retailer. These messages attempt to lure people to bogus websites, where the victims are asked to enter personal information such as passwords, PIN numbers and credit card numbers. MasterCards Chip Authentication Programme (CAP) counteracts such schemes since there are minimal gains to be made from capturing a password that cannot be used without the chip card being present at the same time. nCiphers payShield is a secure hardware security platform designed for use with MasterCard CAP and that supports the EMV standards. PayShield secures the host side authentication mechanisms on behalf of the card issuer. This enables the issuer to strongly authenticate its customers as they take advantage of services provided by the issuer itself, such as home banking, or services offered by merchants or other third parties who wish to better validate the card and cardholder prior to receiving approval to go ahead with the transaction.