About 500 Deloitte employees are testing a corporate Visa Barclaycard that generates one-time passwords that in addition to its use for payments can be used to securely, and remotely, access the company's IT systems. The cards have keypads and LCD screens embedded on the back. Users must enter their PIN into the keypad, which prompts the card to produce a one-time use passcode that can be used to authorize access to Deloitte’s virtual private network (VPN).
One of Deloitte’s goals is to eliminate the separate OTP tokens that are currently used to enable remote access. Simon Owen, a senior partner at Deloitte, says the card should save up to 65 percent per user over the token-based system. The card was developed using technology from Emue, an Australian card technology firm. There’s also a transaction security play, as Deloitte will be testing a system that allows the OTPs to be submitted during a transaction, compatible with Verified by Visa, and providing a shield against “card not present” (CNP) fraud and identity theft. The Association for Payment Clearing Services says CNP fraud totaled about $500 million in 2008, an increase of 13 percent over the previous year.