Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:18 AM
BS&T Staff
BS&T Staff
Connect Directly

VASCO Adds Strong Host Authentication to DIGIPASS Pin Pads

The one-time password technology is intended to prevent man-in-the-middle attacks and other identity theft attempts.

Software security provider VASCO Data Security International, which specializes in authentication products, will integrate strong host authentication into its DIGIPASS 250, 260 and 270 pin-pad authenticators (which already offer two-factor authentication and e-signature capability) to be available in the third quarter of 2009. According to a release from the company, the strong host authentication offers an enhanced one-time password (OTP) solution that, combined with e-signature, provides an effective tool against identity theft and man-in-the-middle attacks.

By using strong host authentication, end users can ensure the bank or organization to which they are connecting is actively involved in the communication process. The solution also offers banks and other organizations the ability to recognize attempts or instances of online identity theft in real time. According to the Oakbrook Terrace, Ill.-based firm, strong host authentication makes it more difficult for hackers to intercept end-user credentials without first contacting the bank or other organization real-time and attempting to obtain user credentials on a one-to-one basis.

When fully implemented, according to the company, the strong host authentication process will begin when customers provide their claimed identity, using their username, to the secure Web site they wish to access. The bank's server will then provide users with a time-based host one-time password (OTP unique for end users' DIGIPASS authenticator and is only valid for a limited time. Customers will enter the host OTP on their DIGIPASS authenticator, which, after verifying the host OTP, will generate a user OTP that customers will use to log on to the application. If the host-OTP verification fails, however, the DIGIPASS will refuse to generate a user OTP.

"Online fraud constantly evolves; as a result our R&D team continuously looks at developing new technologies and products which make existing security solutions even stronger and even more effective in combating new fraud schemes. Our patent pending strong host authentication is the result of our ongoing investment in new technologies," noted Jan Valcke, president and COO at VASCO Data Security, in the release.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.