In association with heise online

17 June 2008, 12:01

Visa plans credit card with onboard TAN generation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Visa is working on a new generation of microprocessor-controlled credit cards that can generate one-time passcodes. The cards, developed in collaboration with Emue Technologies of Australia, will be equipped with a display and keypad in addition to the chip. The onboard battery will have an estimated life of three years.

The on-board microprocessor is intended to add a layer of security to credit card transactions. When the card's personal identification number (PIN) is entered, a unique transaction number (TAN) up to eight digits long is generated and displayed. The TAN is then used to confirm a single payment transaction. The card, called the Visa PIN Card, is described by Visa as a "milestone in fraud prevention". It will be particularly useful for card not present transactions, such as when shopping online or placing orders by telephone. Currently, card not present fraud is the largest single source of loss to the industry, but a stolen Visa PIN Card will be useless to a fraudster without the correct PIN. If the PIN can be recorded surreptitiously, the card will prove no more secure than its predecessors. Instead of cloning the card, the fraudster would then merely need to steal it.

Artist's impression of a Visa PIN Card
Zoom Artist's impression of a Visa PIN Card
The two firms haven't revealed many technical details, but the card could be based on an existing Emue product called PASS, which is described as relying on a central authentication server and requiring synchronisation, similar to the mechanism used by RSA's SecurID system. The primary innovation would therefore seem to be getting the technology small and robust enough to fit into a credit card form factor. The card shown in Emue's promotional videos is flexible and does not seem to be much thicker than a conventional credit card.

As well as online shopping, the card is designed to confirm whether a caller claiming to be from the user's bank is genuine. The caller has to provide a code that the customer enters on the PIN card. If the code is legitimate, the card confirms the event.

Online shops and other companies involved in mail-order sales will probably have to change their systems to support these new cards. At present, it does not seem clear what incentive they will have to do so. Visa says that consumers will enjoy greater security and will spend more money online and on the telephone.

No release date has been announced for these cards into the consumer marketplace, nor have costs been hinted at. However pilot projects, which have not been described in detail, are apparently imminent. (Daniel AJ Sokolov) /


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit