Computerworld

Online banking device reads information from a screen

Card reader could relieve some of the frustration in completing online banking transactions in Germany, Gemalto says

As German banks layer more security into their online banking procedures, security vendor Gemalto has launched a device it says makes completing transactions easier.

Gemalto's Ezio Optical Reader is designed to read transaction information displayed on a computer screen, which is then verified by a user and then used to compute a one-time password, said Eckardt Mohr, sales manager of e-banking solutions for Germany.

German banks have undertaken complex security measures in order to cut down on online banking fraud. German banks started to fortify their online security by issuing their customers a list of TANs (transaction authentication numbers), which are random digits requested of a bank customer during an online transaction.

A TAN is a one-time password. When the banks started using them, they would request any TAN from the list to complete the transaction, but eventually changed that routine to request a specific TAN, called an indexed TAN or iTAN, from the list as a further security measure. Another variation used by banks is issuing mTANs, or passcodes sent to a person's mobile phone.

Other banks in the U.S. and Europe have different implementations using one-time passwords, including issuing their customers a token that generates a password, which is a sequence of numbers that is only good for a short period of time.

In Europe, some banks issue card readers that verify a microchip present in a payment card -- a feature that's not used in U.S. payment cards -- in order to generate the one-time password.

German banks have done that as well and taken it a step further. Some are now requiring that users enter bits of the transaction data into the one-time password generator to create the code, which then must be entered onto the banking Web application.

But the system is time consuming and frustrating for customers, Mohr said. Customers have to take the extra step of entering the requested transaction information into the one-time password generator, then taking that number and entering back into the banking Web application.

Gemalto's Ezio Optical Reader will automatically read the transaction information needed to create the one-time password when it is held about two to three centimeters from the PC's screen, Mohr said. The device also authenticates the person's payment card.

Gemalto says the reader will fit in a wallet along with a person's cards. It's 0.4 cm thick, weighs 22 grams and measures 79 x 57 mm.

Mohr said Gemalto is now approaching German banks to see if they're interested in the product. It will be up to the banks to decide whether they want to charge customers for the device or, as in the case with other tokens and card readers, provide it for free.