Among my conversations with those outside of the security circle there are many who understand the basic concept of anti-virus and one-time passwords and their benefits.
However the need for passwords is often a challenging one, as the same logins tend to be used for several sites and often need to be reset after a certain period of time. One such authentication process is the ‘Verified by Visa' process that often appears on internet shopping sites after a sale has been approved.
As an internet shopper myself, this extra level of protection is welcome but adds a level of frustration that a password – which I invariably forget - needs to be remembered for that crucial ticket booking or purchase.
So it was with a huge sigh of relief that I was told about the launch of a smartcard that will make this process much easier. With the same design as a credit card and acting in the same manner as two-factor authentication cards from the likes of RSA, CRYPTOCard and VeriSign, the Visa CodeSure card has a chip on the front, while the back has a magnetic strip, numerical buttons and a PIN display.
The instructions tell me to press down the C/M button and then six, choose a PIN number and press OK. A one-time code is then displayed. The only criticism here is that the card is a little flimsy, but pressing the buttons on the card work better when it is placed on a solid surface, such as a desk.
I want to try out the card and do some spending! I decide to buy some CDs from CD Wow, one of the approved vendors in this scheme, and for which I am not registered, and ironically I have to sign up for with a new password. As this card comes pre-loaded with money I make my choice and go to the payment page. I enter the details from this card and am taken to the ‘Verified by Visa' authorisation page.
However, because I have registered the CodeSure card it is different! Rather than asking me for a password which I have invariably forgotten and have to reset, I enter the one-time password from the back of the card – which is activated by me entering a pre-set PIN number.
Entering this gives me a one-time password with which I go through authentication, and from this my order is complete. Thankfully with the card provided there is money pre-loaded, but I assume that you can use the card to authenticate having used another card for payment, or perhaps 'Verified by Visa' will aim to add this technology on to other cards.
Visa claimed that by providing a card with an alpha-numeric display, a 12-button keypad and battery embedded in the card, fraud online will be significantly further reduced, and as the cardholder is required to enter their PIN for each online transaction, the Visa CodeSure card will prevent any unauthorised use.
Having trialled this personally, and despite the return of a faulty card and subsequent first time success with a replacement, I can vouch for the security and practical benefits offered with this. I guess there is a challenge of remembering a PIN number rather than a password, but with stories often covered on passwords written on post it notes, in diaries or reused for ease of remembering them, Visa has gone some way to solving that problem.