Ordinary Chip and PIN (CAP) card readers are “optimized to fail," according to a recent report from Cambridge University. The authors find “numerous weaknesses" that may even expose customers to physical harm.
Ove Wedsjö, CEO at Todos agrees. "This report vindicates our approach," he says. "When it comes to eBanking and eCommerce, our technology is standards-compliant but easier to use and more secure."
GOTHENBURG, SWEDEN - 17 MARCH 2009 - Todos is a global provider of security solutions for eBanking and eCommerce. With more than 100 bank clients worldwide, the company enhances ordinary CAP standards using a unique technology called Dynamic Signatures (DS).
DS lets banks use a standard challenge and response for the vast majority of low-risk transactions such as low-value purchases or moving money between a customer's accounts. However, it automatically detects higher-risk transactions and increases the end-user's participation before allowing them. This means that users find Todos devices easier to use and, at the same time, they get increased security when it matters most.
Todos's advanced devices increase end-user awareness and act-of-will by adding more context to each transaction. This approach helps to defeat the advanced online fraud, including such as Man-in-the-Middle and Man-in-the-Browser attacks.
Todos's DS concept is already in use in Germany as part of the HHD 1.3 standard (recommended by the report) and it has been adopted by leading banks including Nordea and ABN AMRO.
"This is a rare example of a security solution that is popular with banks and their customers," says Wedsjö. "Dynamic Signatures is the best way to address the concerns raised by the Cambridge University report and the most secure way of enhancing standard CAP readers."
Todos Data System AB (Todos) designs, develops, delivers and supports user-friendly, secure and cost-efficient security solutions for eBanking and eCommerce. With over 16 million products delivered worldwide, Todos has established itself as a leading provider of strong authentication to more than 100 international financial institutions located in more than 30 countries.
Notes for editors: Dynamic Signatures enables risk-based authentication for eBanking, and provides strong authentication in a bank's MasterCard SecureCode and Verified by VISA program when shopping online using 3D-Secure eCommerce. It enhances MasterCard Chip Authentication Program (CAP) and VISA dynamic passcode authentication by balancing risk and usability dynamically. The Cambridge Report: "Optimised to Fail: Card Readers for Online Banking, Financial Cryptography and Data Security '09", Drimer Saar, Steven J. Murdoch, and Ross Anderson, February 2009, http://fc09.ifca.ai/papers/58_Optimized_to_fail.pdf