Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leveraging on EMV cards for One-Time-Password authentication

Published byΘέμις Αντωνιάδης Modified over 4 years ago

Similar presentations

Presentation on theme: "Leveraging on EMV cards for One-Time-Password authentication"— Presentation transcript:

1 Leveraging on EMV cards for One-Time-Password authentication
Istvan Botos Business Development Manager CEE Network Identity Solutions 19th September 2006

2 Agenda Online banking market overview
Authentication Solutions based on EMV Smart Card Banking Card (CAP Authentication) Use Case Advantages of use EMV Smart Card for Authentication Introduction of GemAuthenticateTM 19th,September 2006

3 Online Banking Market Overview
19th,September 2006

4 e-Banking Definition Strong user authentication required
Financial Services delivered through Internet and others remote channels Online Banking, Phone Banking / IVR, Mobile Banking e-commerce Scope Retail Banking (B2C) Corporate Banking (B2B) Strong user authentication required 19th,September 2006

5 A Phenomenal Growth (European Market)
Top countries : UK, Germany, Netherlands and Nordic Countries Strong uptake in Southern Countries : France, Italy, Spain, Greece and Turkey 60 million of European currently bank on-line (20% of European population)* * Source: Forrester Research (2003) 19th,September 2006

6 Online Banking – A mass adoption
Top UK Online Banks (Mill.) HBOS : 2 Lloyds TSB : 3,1 RBS : Barclays : 4,5 HSBC : 2,2 Source : Journal du Net Online banking (France) C.Agricole : 2,2 S.Générale : 1,1 BNP : 1,1 BFBP : 0,9 Crédit Lyonnais : 0,8 Source : Benchmark Group 19th,September 2006

7 Market Drivers Operational Cost Savings (transactions)
On-line banking transactions cost is 0.03$ versus ($0.50) for ATM or (1.30 $) for branches * Password Management Costs Savings Forgotten pwd, pwd reset … 10% of customer / month (source HBOS) Customer Acquisition Attract the increasing number of Internet Users Active People (who on-line banking equals gain of time) Customer Retention A rich on-line banking offer improves the stickiness of the bank Decrease Fraud business impacts Brand image Drop in Consumer confidence Costs Barrier to online banking services growth Regulations / Recommendations Standardization Chip Authentication Program (CAP) OATH 3D Secure deployment (e-commerce) *source InfoAmericas 2001 19th,September 2006

8 The challenge - Balancing Convenience, Security & Costs -
Solution should take into account Consumer Market specificities Simple to use Portable – can @cyber café Variety of customer profiles (young's, business man, …) Security level should be adapted according to the associated risks Account Consultation vs. Fund Transfers Transfer Amounts, Transfer Destination (internal, external, abroad) Minimized Total Cost of Ownership Acceptable deployment effort Reusable over others banking channels Solution should fit in a long term strategy 19th,September 2006

9 Authentication Solutions based on EMV Smart Card
19th,September 2006

10 Powerful Concept Leveraging the EMV Cards for OTP authentication
Principle: Use of the EMV Smart Card functionalities to authenticate cardholder The customer uses his own Banking Cards to Log-in to the online banking Perform Transactions such as fund transfer or e-commerce Based on field proven One-Time-Password 2 Factor Authentication Customer needs his Banking Card & his PIN code Something I own (Smart Card) and Something I know (PIN) 19th,September 2006

11 Main advantages High Security Level Reduced cost of ownership
Use Generic Smart Card Reader (no cardholder data) Authentication data are stored in the Smart Card Requires no heavy & expensive PKI infrastructure (certificates, PK application on smart card, etc.) Leverage EMV investment Make use of the EMV application, already available in ROM Works on all range EMV Smart Card Open Solution with Emerging Standard Can be used to secure online payment as well as online banking A growing number of financial institutions are looking for EMV based authentication solutions 19th,September 2006

12 Banking Card (CAP Authentication) Use Case
19th,September 2006

13 OTP Log-in User asks for an OTP by pressing « code »
xxxx PIN ? User asks for an OTP by pressing « code » PIN code is checked locally by the Smart Card The OTP is generated by the card & entered manually by the user no more “static” password 13 19th,September 2006

14 Transactions Signature
Cardholder is requested to confirm his/her funds transfer Cardholder enters his banking EMV Smart Card in the Reader Cardholder press”Sign” on the reader keypad Cardholder enters transaction parameters Challenge, Amount, … Cardholder enters PIN code The EMV Smart Card generates a dynamic, non reusable and unique transaction signature Signature is displayed by the reader Signature provided manually to the application Signature is verified by OTP is verified by GemAuthenticateTM platform 19th,September 2006

15 Secure Transactions Transaction parameters Transaction Signature xxxx
PIN ? 32500 239 Transaction Signature Parameters are defined by the banks Can be : a challenge, the transaction amount, destination account, etc …. Man-in-the-middle attacks – use transaction parameters with the destination account 19th,September 2006

16 Advantages of use EMV Smart Card for Authentication
19th,September 2006

17 Standard and Endorsed Solution Available for both MasterCard & Visa cards
Based on MasterCard Chip Authentication Program (CAP) Specifications finalized in 2004 Endorsed by an increasing number of bank associations GIE Cartes Bancaires APACS (UK) Interpay (The Netherlands) Allow interoperability Cards & readers from different vendors can be mixed 19th,September 2006

18 Key Advantages No impact on the customer culture – so high adoption rate As easy as getting cash or make payment at Point of Sales No more password to remember Work whenever and wherever needed Reader extremely simple to use Life time ~5 years (+ replaceable batteries) Minimal deployment effort Deployment process already in place Reuse of Card lost/stolen process Authentication data Loaded during banking card manufacturing Could be done for the entire portfolio 19th,September 2006

19 Introduction of GemAuthenticateTM
19th,September 2006

20 GemAuthenticate Overview Strong Authentication Solution for Banks
Online Banking Phone Banking IVR Strong User Authentication Solution Online Payment (3D Secure) Any E-services A multi-devices and standard user authentication solution for retail & corporate banking 22 19th,September 2006

21 Support of large choice of tokens Fitting to your business requirements
19th,September 2006

22 Gemalto, Your Best Partner
Flexible & Standard Solution Provider Multiple authentication methods – allow customer segmentation & smooth migration towards higher security scheme Broad Form Factors Compliancy with market standards (CAP, OATH, PKI) Supply chain Readers/Tokens mass personalization & fulfillment Customization capabilities 19th,September 2006

23 Thank You ! 19th,September 2006

Download ppt "Leveraging on EMV cards for One-Time-Password authentication"

Similar presentations

Achieving online trust through Mutual Authentication.

Achieving online trust through Mutual Authentication.
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
Management information systems

Management information systems
Vice President, e-Business Development Dubai United Nations Conference on Trade & Development Conference on Electronic Commerce.

Vice President, e-Business Development Dubai United Nations Conference on Trade & Development Conference on Electronic Commerce.
EMV solution for Romania 22. February 2005

EMV solution for Romania 22. February 2005
The Impact of technology on the delivery of financial services Advancement in technology have had a profound effect on the delivery of financial services.

The Impact of technology on the delivery of financial services Advancement in technology have had a profound effect on the delivery of financial services.
Electronic Commerce Semester 1 Term 1 Lecture 22.

Electronic Commerce Semester 1 Term 1 Lecture 22.
TEMENOS ROMANIA March 18, 2003 Every time a step ahead.

TEMENOS ROMANIA March 18, 2003 Every time a step ahead.
Focus on Asia Workshop All Roads Lead to China. Travel Payments Direct  Founded in February 2013 by a core group of payments professionals possessing.

Focus on Asia Workshop All Roads Lead to China. Travel Payments Direct  Founded in February 2013 by a core group of payments professionals possessing.
April 11 Enhanced Payments using EMV MasterCard’s solutions.

April 11 Enhanced Payments using EMV MasterCard’s solutions.
The Value-Added Card With A Competitive Edge Wista ™ : Your money, your way ®

The Value-Added Card With A Competitive Edge Wista ™ : Your money, your way ®
Emerging Technologies

Emerging Technologies
Travillon Consultants

Travillon Consultants
Mr. Stasa – Willoughby-Eastlake City Schools ©. Essential Question #8  In your opinion, how has technology improved and/or damaged the banking industry?

Mr. Stasa – Willoughby-Eastlake City Schools ©. Essential Question #8  In your opinion, how has technology improved and/or damaged the banking industry?
Credit Card & Merchant Businesses Nicholas L.A. Kennett General Manager Cards & Financing Products November 2001 Credit Card & Merchant Businesses Nicholas.

Credit Card & Merchant Businesses Nicholas L.A. Kennett General Manager Cards & Financing Products November 2001 Credit Card & Merchant Businesses Nicholas.
De Nederlandsche Bank Eurosysteem Card Payments and Internet Banking Thijs Kettenis 2nd Conference of the Macedonian Financial Sector on Payments and Securities.

De Nederlandsche Bank Eurosysteem Card Payments and Internet Banking Thijs Kettenis 2nd Conference of the Macedonian Financial Sector on Payments and Securities.
UniCredit Group at glance

UniCredit Group at glance
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
Group Presentation Group 2 Manchester Business School www.mbs.ac.uk IS Strategy and Enterprise Systems.

Group Presentation Group 2 Manchester Business School IS Strategy and Enterprise Systems.
Electronic Payment Systems

Electronic Payment Systems

Similar presentations

Ads by Google