A vendor says it is hoping to persuade banks and brokerages to offer customers security tokens embedded within payment cards.
Innovative Card Technologies Inc. of Los Angeles announced a partnership Monday with Activ-Identity Inc., a Fremont, Calif., security vendor, that enables InCard's token card to work with ActivIdentity's 4tress Authentication Server. InCard's technology must be incorporated into software from a company such as ActivIdentity so that a bank's authentication systems can recognize the passwords generated by InCard's tokens.
John A. Ward 3rd, InCard's chairman and chief executive, said such alliances are a key part of his strategy to get his product adopted by financial companies. His cards add security without adding bulk, he said. The one-time-password token technology generates a numerical pass code that quickly expires so it cannot be reused if a criminal manages to steal the number.
Tokens are considered an effective security tool but are generally offered separately as a hardware component, and users have complained that they do not want to keep track of them. Adding token technology to payment cards, which people are already carrying around, resolves this complaint, Mr. Ward said. InCard offers both debit and credit cards with small windows to diplay the passwords.
Mr. Ward said he can also make a card-shaped token that is not linked to any financial account though the concept works best as "a companion card, which could be an ATM card, could be a debit card, tied to an account that has substantial assets in it."
InCard has also received numerous inquiries from brokerages, he said, since a well-publicized data security breach in which customers' brokerage accounts were hijacked to buy little-traded stocks in order to inflate their prices.
"It's very difficult to sell hurricane insurance where there hasn't been a hurricane," he said, but now that brokerages have been hit, many are showing interest.
Ed MacBeth, the senior vice president of marketing and business development for ActivIdentity, said the two companies share a European bank customer, which he did not name but which is already testing the cards.
The card costs more than regular tokens because it is hard to squeeze the token technology onto a payment card. In small volumes, they cost about $30 each, but orders of a million or more reduce the unit price to about $15. Standard tokens generally cost $5 to $10.
Avivah Litan, a vice president and research director at the market research company Gartner Inc., said the technology holds promise because most advances in card security are focused on the point of sale, leaving online transactions vulnerable.
Because the code InCard generates is constantly changing, it resembles the dynamic code Visa and MasterCard create for contactless card transactions. But because it is printed on the card, it can also be used like the card verification value 2, Visa's term for the digits printed on a card that the customer uses only for card-not-present transactions.
"This technology blends the best of dynamic CVV and CVV2," Ms. Litan said.
