HomeATM ePayment Solutions, which offers a system that lets people make online purchases with PIN debit cards, is now promoting its technology for remittances and online banking.
The Montreal company said last month that its SafeTPIN device meets the Payment Card Industry data security standard, and Ken Mages, HomeATM's chairman and chief executive, said last week that his company had signed a deal with a foreign remittance company that plans to distribute 250,000 of the devices to U.S. consumers, who could use them to send money to their home countries. He would not name the remittance company or say where it is based.
"Once those units are out there, they do us a lot of good because they can be used for any merchant who wants to use our payment method," Mages said.
The SafeTPIN devices incorporate both a card reader and PIN pad; they plug into a computer's USB port.
Participating Web sites prompt users s to swipe their debit cards and enter their PIN to complete the transaction.
John B. Frank, HomeATM's executive adviser, said the PCI certification could make online merchants more willing to accept the device since HomeATM would be liable for any breach linked to a SafeTPIN.
The device is also easy to use in sending remittances, he said.
A dedicated Web site prompts the sender to enter his name and e-mail address, the recipient's name and e-mail address and the amount. The sender also selects a security question, the answer to which is known by both parties.
The sender then swipes his or her card and enters the PIN to complete the transaction. (Senders can also use credit cards by using the same PIN that they already use for automated teller machine withdrawals.)
Both the sender and recipient receive a confirmation by e-mail. To claim the money, the recipient visits the Web site, answers the security question and swipes his or her debit card through a SafeTPIN device and enters a PIN. The funds are instantly transferred to the recipient's checking account.
"It's user-friendly," Frank said. "Consumers know how to go to a retailer, swipe their card and enter a PIN."
Mages said his company has not yet set a price for the SafeTPIN devices; he expects merchants and banks to take the lead in distributing them to consumers.
HomeATM will also offer the device to banks as a tool to authenticate online banking customers.
SafeTPIN is more secure than the user name-password combination widely used today, Mages said. "If someone puts malware on your computer and they are keylogging the strokes or they phished you to a third party, they are going to be able to read your bank account."
Paul Turgeon, a senior consultant at the research firm Payments and Processing Consultants, in Chicago, said the consumers' online banking passwords can be hacked but that a hardware device offers strong security.
Turgeon formerly worked at Metavante Technologies Inc.'s NYCE Payments Network LLC debit unit, where he helped develop a similar card reader for consumers, SafeDebit.
He said HomeATM's device is a "reasonably affordable and very good" product but that the technology is not an issue. Merchants and banks that would consider offering the devices to consumers need to believe it is worth the investment.
Merchants will wonder "how many consumers is it going to get for me," he said, and banks will ask "what is the interchange rate." Any kind of Internet PIN-debit product will face challenges until something can "get enough mass to get both parties interested."
Turgeon also said the Federal Financial Institutions Examination Council has required two-factor authorization for online banking for some time "and no one I know is doing it very well."
