Sweden-based Nordea Bank intends to begin distributing smart card readers to up to 1.1 million customers in the fall, Ingemar Borelius, head of the bank's Swedish Internet-banking service, told Card Technology’s sister publication CardLine Global Edition. According to Borelius, the new devices, which include PIN pads, will take over for a less-advanced reader used by about 40,000 of the bank’s customers. Both types of readers are made Sweden's Todos Data System.
Customers will be able to use the readers to log onto Nordea's Internet-banking site and, eventually, to access governmental services over the Web. Currently, Borelius noted, most of the bank's Internet-banking customers access accounts either by inserting a payment card into a reader and typing their PIN on the computer keyboard, or by entering a single-use password after scratching off a scratch card. The new system will be easier to use and will offer greater security, he said. Because customers do not enter a PIN via the computer keyboard, a Trojan virus couldn’t retrieve it, even if the virus had infected the hard drive, said Borelius. In addition, Swedish government agencies are likely to develop Internet security standards that require citizens to use a reader with a separate PIN pad to access government services over the Internet.
The lower-end readers Nordea customers now use reportedly also must be connected to their PCs. Some other banks in the Nordic region also use connected readers. Many other banks in Europe, however, are issuing handheld readers to their customers or plan to do so. These readers do not have to be physically linked to the PC.
Apparently, Nordea is putting a separate electronic ID application onto its banking cards. Those cards already comply with the international EMV standard. That application would support a public key infrastructure, or PKI, a high-end technology for authenticating users and signing documents.
Sweden’s EMV cards already carry more powerful chips to support more secure payment transactions at the point-of-sale. These transactions comply with the dynamic data authentication option within the EMV standard. This extra power would be needed for the PKI-based authentication to the Nordea’s home-banking site and for e-government services. Todos said the bank also could use the readers to secure online shopping. Borelius said Nordea might introduce the new readers to its customers in other countries in the region.
Unlike Nordea, several banks, including those in the United Kingdom, are eschewing readers that connect to PCs. Instead, they are using less-expensive handheld readers into which customers insert their EMV cards. These cards, especially in the United Kingdom, don’t yet support DDA-level security. The readers, however, are less of a hassle for customers to set up, without the need for them to install any software on their computers. And the British banks have stated no plans to use the authentication system for allowing customers to access government services online. In any case, the UK banking customers are not being issued digital certificates, which are part of a PKI and would be needed to log onto government Web sites for secure transactions.
The Nordic region is different, and banks in Sweden and elsewhere are even planning to put PKI certificates onto SIM cards their customers would insert into their mobile phones. This would allow the subscribers to do super-secure banking, file taxes or apply for loans–all from their handsets.
Why a subscriber would want to apply for a loan on his mobile is a question the banks have yet to answer.
Quelle/Source: Card Technology, 11.06.2007
