According to Sony Japan, the company has just sold its five millionth USB RFID dongle for home computers… the USB gadgets can be used in multiple ways. The most common involves swiping an IC-chipped phone or credit card to pay for purchases made online. The advantage lies in encryption applied to the card number before it is transmitted – a valuable safety net in these days of endless data breaches.
Other uses for the technology – terminals are already built into all Japanese Sony Vaios, by the way – include encrypting files on the PC, authenticating users for access to secure parts of a network and even acting as a screensaver lock. The most prosaic FeliCa application is, however, considerably more useful than any of those. Instead of using a ticket machine in a train station, travellers with IC passes can add cash to or renew their validity from the comfort of their desk using the PaSoRi, something we can expect to see in the West soon.[From Personal RFID terminals go big in Japan | News | TechRadar.com]
So when you want to buy something online with your DoCoMo phone, you just touch the phone to your dongle. That’s it. Since I have a brand-spanking new Barclaycard with Visa PayWave on board, what’s the barrier to a dongle to go with it? I’ve got my calculator-thingy from Barclays, and that works really well for using my bank account, but it doesn’t help me with payments at all. There are millions of these things being issued in the U.K…
Nationwide Building Society has contracted with French vendor Xiring for the provision of over one million handheld authentication devices which it will begin rolling out to its online retail banking customers this spring.[From Finextra: Nationwide to dish out Xiring smart card readers]
You’d think we’d at least be able to use them in 3D Secure, if nowhere else. I hate to be a big whinger, but isn’t this just another example of the silo mentality at work, where the guys in charge of home banking are nothing to do with the payment guys.
Both MasterCard and Visa have programmes to use the handheld readers for 2FA in 3D Secure transactions (the CAP and DPA programmes) but as far as I know none of my bank issuers offer them as services. Perhaps it’s too late now? The natural way forward would seem, to me, to integrate the mobile phone into the transaction loop rather than require special-purpose hardware. In the not-too-distant future I will have a phone that can interface to my Barclays OnePulse card, so I won’t need another dongle. Since the CAP and DFA implementations depend on the cryptography in the secure chip on the EMV card and do not need any security in the device, it should be easy to implement the software in the mobile handset.
Except that you’re not supposed to enter PINs into a mobile phone keypad because it’s not seen as being a secure PED (PIN entry device). However, since Monetise have managed to persuade VocaLink to let them enter ATM PINs into the phone (hence the Monilink joint venture), so there ought to be a way of making this all work for payment transactions as well.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]