By Maria Bruno-Britz
Security is on everyone's mind these days. And how can't it be, with all the media attention given to various data breaches and phishes over the past year? So it's no surprise to see security technology vendors go on the offensive and introduce new solutions to the problem.For instance, digital security services provider VeriSign just announced a partnership with Innovative Card Technologies in which it plans to design a credit card with a built-in password generator. The premise is that the one-time password would not only increase the safety of online transactions, but it would also be convenient. Banks and e-commerce sites would be outfitted to accept these cards and passwords, according to the company.
Today, in order to provide customers with such a capability, it's often necessary to distribute tokens of some sort that would generate the disposable password. VeriSign, like others in the industry, feels that people just don't want to have to carry around another key fob or card in their wallets. Building the password generator into a Visa- or MasterCard-branded credit card--something people are more likely to keep on their person--is a handy, more secure alternative that's bound to increase adoption, by VeriSign's reasoning.
I can see the company's point of view on this. I'm sure if any one of us looked in our wallets or purses right now, they would be overflowing with plastic of all kinds. Banks are constantly trying to maintain a balance between security and convenience, especially in their retail operations. One would think a solution such as the one proposed by VeriSign would be a good way to meet both requirements. After all, the safest security measures consist of something you have and something you know. For the most part, when it comes time to log in to an online banking site or e-merchant's site, the security is solely based on something we know. Having a physical mechanism in one's possession in addition to procedures that are already in place, argue experts, is probably one of the best ways to secure electronic transactions. Sure, someone can highjack your user name and static password, but it will be useless without the second factor of dynamic, hardware-based authentication, and vice versa.
Whether consumers will adopt this new card remains to be seen. First, however, VeriSign has to convince financial institutions that this hybrid card is a good idea. As with any hardware-based security deployment, there is always some cost involved. Will the VeriSign cards be cost prohibitive given the numbers of customers banks would need to outfit with the cards? After all, this is not your average credit or debit card. One would think the company is taking this into consideration as it further develops its plans. Also, the initiative would be limited to those banks and online merchants that are in the VeriSign network. Many good ideas have been stifled by such exclusivity with regard to who will accept the new protocol. Will this be the case with the VeriSign card or will the vendor's idea be so compelling that banks and merchants will flock to join the network in droves?
Whatever the outcome, there's no doubt that more can be done to keep people's transactions and personal data safe. Don't expect chip cards to appear in the U.S. any time soon. But perhaps something such as this password-generating card might do the trick. Experts say Americans don't want to be forced to carry around any more plastic trinkets than they must. However, the security problem isn't going to get better any time soon. Eventually, we're going to reach a point where people in this country are in fact willing to give up a measure of convenience for peace of mind.