Slovenia's Banka Koper has become the first bank to go live with MasterCard's two-factor Chip Authentication Programme (CAP), which provides PIN-based verification of cardholders conducting online transactions.
All of the bank's retail and commercial customers have been issued with MasterCard OneSmart chip and PIN cards. When accessing a Web bank account or shopping online, users will be prompted to authenticate themselves by inserting their plastic payment card into a small hand-held portable reader, which generates a one-time-password to be entered on the Web page.
The bank has placed an order with Xiring for more than ten thousand Xi-Sign 4000 smart card readers, bearing the Banka Koper branding. The bank is also using nCipher's hardware security platform, payShield, to authenticate online transactions.
Banka Koper says the combination of the OneSmart card, along with the secret single-use PIN, results in a strong, two-factor authentication process that deters phishing attacks and helps reduces the fraudulent use of stolen cards.
Fikret Ates, VP, chip product management, MasterCard, says: "For a card authentication solution to be truly effective in a non face-to-face environment, it has to offer a high level of security, and be low-cost and consistent across multiple channels. The MasterCard Chip Authentication Programme is designed to address these concerns."
The Mastercard CAP programme is also being tested by Barclays in the UK. The bank has been testing pocket-sized Vasco-based chip card readers with 5000 Barclaycard customers and staff, and is also discussing the possibilty of a national roll out of the system with leading retailers.
Other trials are underway in Brazil with RedeCard, and in Germany with the federal association of co-operative banks.