[Dave Birch] You’ve probably already read about Visa Europe’s new trial with “PIN cards”.

The Visa PIN card features an alpha-numeric display and a 12-button keypad built into the back of a conventional credit, debit or prepaid card. The card, developed using technology from Australia-based Emue technologies, promises a three-year battery life, overcoming a potential stumbling block to such schemes in the past.

[From Finextra: Four banks to trial Visa PIN code cards]

I was playing around with one of these cards a few weeks ago, and I can tell you that they are as far as I can tell exactly the same thickness as “normal” chip cards and fit in a wallet properly (a key factor, if you ask me). Could I imagine using them? Yes, and clearly people at MBNA in the UK, Cornèr Bank in Switzerland, Cal in Israel and IW Bank in Italy are assuming that their customers will think the same, since each is to begin pilots of the PIN card in the next few months.

The cards contain two microprocessors, one of them containing the standard EMV application to support “chip and PIN” transactions, the other implementing a one-time-password (OTP) application that takes in the PIN from a keypad on the cards itself and presents the OTP on the screen that is also built in to the card itself. Thus, you can use the card to provide 2FA through the 3DS interface: instead of registering a password and then trying to remember it, you use the OTP from the card.

This isn’t a perfectly secure solution — it doesn’t defend against certain kinds of man-in-the-middle attacks — but it’s certainly considerably more secure than using phisable passwords. If the banks could offer the OTP infrastructure as a cost-effective option to third parties (including their own internet banking services), it would be even better, as I’d much rather log on to the Inland Revenue and Barclays internet banking using a debit card that worked this way than passwords buried and at the bottom of draws or dongles that I always forget!

Take a look at this picture I put together…

It was 20 years ago today (v2)

It’s always helpful to understand more about the context for technology innovation in the payments world. As the picture shows, it’s taken a couple of decades for the payment card with keyboard and screen to go from the early prototypes (hampered by the limited processing power available for the chips — no cryptographic co-processor or anything like that — and most of all by the very limited battery life) to a pilot that has a chance of entering the mainstream.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

2 comments

  1. Hi Dave,
    I’m emailing you in regards to an email I sent to you last month about a partnership, have you had a chance to think about it?
    If you have any questions or would more information, please advise me and we can go from there.
    Kind Regards,
    Andrew Knight

Leave a Reply to Andrew Knight Cancel reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: