VeriSign wants passwords displayed on cards

Disposable passwords are to be displayed on US credit cards, but the UK is sticking to PIN verification

Disposable passwords could be displayed on credit cards in the future. Instead of having security key fobs to authorise credit card payments (a scheme launched by Barclays last month), disposable passwords could be displayed on the card, said digital security services firm VeriSign .

Using a credit card displaying a disposable password to do your online banking, for example, would require you to type in your regular username and password, along with a six-digit code that appears on the card's display window.

The code constantly changes, so you would need to have the card in front of you to access the account.

Two-factor approach

This two-factor approach is much safer and easier for users, who won't have to search for their security key fobs to do online banking, according to VeriSign.

By requiring a second code that is tied to a device or a card in the user's possession, an online account remains protected even if the regular password is compromised. If a customer loses the device or card, someone would still need to know the username and password to log on.

The technology behind disposable passwords could be squeezed into the corner of a regular credit or debit card, VeriSign said. Codes can be shared between participating banks and retailers so users won't have to carry multiple cards or devices.

"Having the technology built into cards consumers already carry removes the barrier of having to carry a small device that generates passwords on the fly," Fran Rosch, vice president for authentication services at VeriSign, told the Associated Press news agency.

Chip and Pin

But the UK trade association for card payments APACS stressed that the UK chip-and-pin system has added benefits compared to the VeriSign scheme.

"In the US, cards don't have the chip-and-pin technology so adding a mix of dynamic and static passwords makes perfect sense for US consumers," said Sandra Quinn, director of communications at APACS.

"However, the method of disposable passwords does not verify that the card is being used by the genuine customer in the same way entering a pin code does. Bank account login details can be obtained by hackers and with a credit card in their hand displaying a password, there's not stopping them from going off using the card for fraudulent activities," Quinn said.

VeriSign is expected to sign a deal with Innovative Card Technologies today to equip US banks and e-commerce websites with cards that work with its password system. But it looks like the UK will stick to the tried and tested chip-and-pin system for the foreseeable future.