A unique credit card with a very small display and button issuing one-time passwords has been developed by two security companies. And today they are trying to sell this idea to credit card issuers. The price per card depends on volume purchased and ranges from $10 to $30, which is higher than usual card.
Retailers are recklessly making efforts to improve POS security; therefore the concept of the card is actual and timely. The firms have invented special authentication code that couldn't be stolen from some database of retailers. It is only in theory, but sounds attractively!
"I think, this formfactor is more convenient and can be used in multiple channels -- point-of-sale, ATM, voice and web. Most of the data stolen from breaches would be rendered useless unless the thief stole the actual card. Work has to be done to upgrade the payment/ATM/VRU and Web systems to accept this form factor and one-time-passwords but those costs are less than the costs of security upgrades today," said Gartner security analyst Avivah Litan.
Verisign and Innovative Card Technologies announced that they are going "to integrate the security of a one-time password token into a card the size of a standard credit card. At the push of a button on the back of the card, an integrated display shows a password that changes with every transaction. During an online transaction, this number is entered into a user interface with other information (PIN and login name) for multifactor authentication". The most alluring part of their statement is formfactor of their credit card, but two firms are also selling their device in other size, principally pocket-sized security devices, which is, perhaps, really convenient.
“Many banks are very cautious when they start changing”, said Verisign VP Fran Rosch. So, whether the credit companies will agree to offer such formfactors or not, nobody knows for sure yet.