[Infowarrior] - VeriSign to offer passwords on bank card

Richard Forno rforno at infowarrior.org
Tue May 1 12:33:12 UTC 2007 

http://news.yahoo.com/s/ap/20070501/ap_on_hi_te/verisign_disposable_password
s

VeriSign to offer passwords on bank card

By ANICK JESDANUN, AP Internet Writer Tue May 1, 12:34 AM ET

NEW YORK - A leading provider of digital-security services wants to make
disposable passwords easier for consumers to accept by squeezing the
technology into the corner of a regular credit or ATM card.

Fran Rosch, vice president for authentication services at VeriSign Inc.,
said the one-time passwords haven't taken off in the United States partly
because consumers need to carry a small device that generates passwords on
the fly. That barrier is removed, he said, by having the technology built
into cards consumers already carry.

VeriSign was expected to announce a deal Tuesday with Innovative Card
Technologies Inc. to outfit banks and e-commerce sites with cards that work
with VeriSign's password system.

With the card, consumers logging on to an online bank account, for instance,
would type in their regular username and password, along with a six-digit
code that appears on the card's display window. That code constantly
changes, meaning the customer needs to have possession of the card to access
the account.

Security companies like VeriSign and EMC Corp.'s RSA Security Inc. have been
promoting one-time passwords and other "two-factor" authentication systems
to combat "phishing" and other scams aimed at tricking users into revealing
sensitive data like passwords.

By requiring a second code that is tied to a device or a card in the user's
possession, an online account remains protected even if the regular password
is compromised. If a customer loses the device or card, someone would still
need to know the username and password to log on.

Banks and merchants participating in VeriSign's password network can share
codes, so consumers wouldn't have to carry multiple cards and devices or
even one of each.

VeriSign said it expects to announce a major bank using its cards in May,
and those would be compatible with services currently using devices. The
company already has agreements with eBay Inc, eBay's PayPal service, Yahoo
Inc. (Nasdaq:YHOO - news) and Charles Schwab Corp. to issue
password-generating devices that use Verisign's technology.

More information about the Infowarrior mailing list