Intro

What is EMV?

Certifications

Liability shift

Chip Authentication
   Program

Data strorage
   on Smart Card


Downloads

Basic Options
Related Sites:

For more information, please visit www.vasco.com
www.vasco.com

One Time Passwords:
The password can be used one time only
As the password can only be used one time, the Fraudster cannot use the password again.

Challenge/Response:
First we have to explain the procedure of Challenge/Response:

  • Users signs on with User ID
  • Server/System to present Challenge to User
  • User enters the Challenge into the reader, which generates the Response from the card
  • User enters Response into System
  • User gets authenticated by the System

This is a very complex process for Fraudster:
The Fraudster has to use Username immediately to get the appropriate current Challenge from the Server. So he needs to be connected already to the Server/Website.
Once he receives the Challenge, he needs to present the Challenge to the Customer.
The Customer can then generate a Response to the Challenge
After receiving Response from the Customer, the Fraudster could try to make his fraudulent move.

Not only the Fraudster has now to wait for a User to send Username, but the Fraudster now also needs to interact in the communication between User and Financial Institution passing the Challenge and getting the Response.

Host/website authentication
This solution allows the User to authenticate his Bank, in order to verify the authenticity of the website.

How:
A long password is generated using the reader and the chip card
Only first part is shown to User on the display
The User enters this part into the website of the Bank.
Bank receives Username & first part Password.
The system of the Bank calculates latter part of the Password and prompts it back to the User.
The User enters latter part of the Password into his reader for verification.
If correct the reader will let know the User.

This procedure puts the Customer in control.

Signature Passwords:
A Financial Institution can request a Signature from the Customer for each transaction or for every important transaction.
This Signature contains encrypted data from the transaction. Which can be the Account Number, Receiving Account Number, Amount, Date.

The transaction data cannot be altered, as the Signature password needs to be changed too.

In this case there is no opportunity for Fraudster at all.



For product information, an updated list of supported platforms, demo and/or quotes; contact your local VASCO representative.
VASCO - The Authentication Company
Europe, Middle East, Africa: +32 (0)2 456 9810
United States: +1 508 366 3400,
Asia/Pacific: +65 6323 0906
Australia: +61 2 8920 9666/+61 1800 468 376

Contact Details  / VASCO Worldwide