Thales announced that SafeSign now supports the use of XIRING Xi-Sign tokens and EMV card readers.
Thales and XIRING are working together to deliver the security benefits of the latest MasterCard CAP (Chip Authentication Program) standard EMV cards.
The MasterCard CAP standard has been put in place to combat the growing threat of transaction fraud conducted when the cardholder is not present, such as the online phishing technique. It allows EMV cards to be used in the authentication process of secure online service provision.
Thales and XIRING enable customers to take advantage of the new EMV CAP standard by using the strong two-factor authentication technique of something you have (EMV card) with something you know (PIN) to identify and authenticate the user. When trying to access a service, customers insert their EMV card into the XIRING unconnected card reader and enter their PIN. They will then be presented with an eight-character code on the display. This one-time code, which changes every time the card is used, is then transmitted to the Thales SafeSign Authentication Server which authenticates the user to permit access.
The same combination of the Thales SafeSign Authentication Server and XIRING card reader can be used to authenticate the transaction itself. When the user performs a transaction, he is presented with a challenge in the form of a numeric code. With the EMV card plugged into the unconnected reader, the user keys the challenge code into the reader and a new one-time passcode is generated in response. This new passcode is then entered by the user into his PC where prompted and transmitted to SafeSign to authenticate the transaction itself.
Paul Meadowcroft, head of transaction security at Thales, stated: “As cardholder-not-present fraud continues to rise, the need to identify remote users and authenticate their transactions is rapidly becoming a top transaction security priority for many organisations. Thales SafeSign Authentication Server supports a wide range of authentication tokens and our ability, with XIRING, to authenticate all EMV cards using the CAP standard provides organisations with the ability to apply strong, two-factor authentication to a range of transactions.”
George Liberman, CEO of XIRING, said: “Thales and XIRING work perfectly together to deliver the benefits of the MasterCard CAP standard. Both the Thales SafeSign Authentication Server and our XIRING card readers are compliant with the MasterCard CAP standard, and both provide real flexibility for users. Our card readers will process all EMV cards and the SafeSign platform from Thales is able to authenticate the transaction, regardless of the level of security used. We are sure that the EMV authentication solution that we now offer will shortly be implemented across a wide number of organisations.”