Monday, June 28, 2010

Submit an Idea to the National Strategy for Trusted Identities in Cyberspace

Agreed

1vote
Rank45
Idea#169
This idea is active.
SECURITY »

Authenticate Outside the Browser Space with Card Reader



Which section of the strategy are you posting about?: 

Security and Encryption
I suggest that banks issue personal card readers with PIN Pads (PCI 2.1 certified of course) which enable users to swipe their card and enter their PIN in a secure environment "outside the browser space."
If we stop "typing" our sensitive data (usernames, passwords, credit/debit card numbers) into the inherently dangerous browser space, and start swiping so that the data is 3DES DUKPT end-to-end-encrypted, we solve myriad problems. For example, "phishing" would be virtually eliminated because there would be nothing to "phish phor."
For more info on a "low cost" PCI 2.1 Certified PIN Enttry Device designed specifically for e-Commerce use, visit http://PINDebit.blogspot.com or http://ePaymentNews.blogspot.com
The plan is to issue a smart identity card anyway, so how is is going to be "read" without a card reader? In Europe, almost 30% of online banking customers use a card reader to log-in and Kaspersky Labs has called for the mass adoption of peripheral card readers and implied that banks could be huge drivers of this technology.
We don't write our credit/debit card numbers down on a piece of paper and leave it at the retailers POS, we swipe our cards and enter our PINs. Why should it be any different for the web? Again, the root of the problem is that we are typing sensitive data into an insecure browser making it easy for the bad guys to steal our credentials via keylogging or infecting our PC with malware. Common sense says "stop typing and start swiping. If someone's going to "swipe" your card data shouldn't it be you instead of the bad guys?
Comment

Submitted by You 40 minutes ago

Attachments



Enhanced by Zemanta

Disqus for ePayment News