SecureKey gives banks a marketable shot at keeping payment revenue from customers who both use cards and say, PayPal-ACH: "There are a limited number of sites that customers will trust to hold all of their payment details," says Greg Wolfond, SecureKey's CEO.
SecureKey works by turning consumers' PCs into tap-and-pay terminals, giving customers a USB device they plug into their PCs and tap with their bank cards. Tapping the card automatically fills in billing info and address data fields on Web shopping sites on which consumers are not already registered or haven't saved card details. The tap sends a one-time dynamic code generated from a combination of the card's cryptographic key, a random terminal number produced by the USB token, and a transaction counter in the card. The one-time code travels over a secure connection to the card issuer or payment network for authorization. "Eventually you won't need a token," says Greg Wolfond, SecureKey's CEO. "We're working on building the technology directly into phones and PCs."
