Although payment cards sometimes create a little bit of a mess in the purse people really enjoy using them in their shopping experience. Moreover our demand for the card to complete fast transactions anywhere and anytime often conflicts with our desire for security and information transparency. Today most payment transaction and security providers already address these user preferences, but the climax of recent technological development is in contactless payment, card consolidation function and one time authentication codes.
Payment and identity protection technology provider ScramCard has invented a new payment device allowing consolidation of multiple payment cards and devices in a single secure solution with the function of dynamic PIN codes. Simon Hewitt, Founder of ScramCard met with Financial IT to discuss the latest innovations in the sphere of EMV security and contactless payments.
“So the balance you have to strike in the banking sector right now is convenience which is very often achieved at the expense of security. Or if you look at security it’s very often at the expense of convenience,” comments Hewitt. “And trying to find that balance in the middle is very difficult. ScramCard has therefore worked hard to provide a secure solution that’s also desirable and convenient.
Banks often have to deal with the difficult dynamic of either convenience OR security. While attempting to increase expenditure through convenience you are also regulated to drive security, making the product more cumbersome for consumers. So we are trying to achieve this balance.”
The common, and truly unique, feature of all ScramCard devices is the replacement of all static verification data (such as the PIN and CVV2 for example) with PIN generated one-time codes.
Users apply these different one-time passcodes to communicate their security information at point-of-sale terminals, ATMs, online and over the phone, while contactless payment capabilities are not activated unless the PIN input to the card has been validated first. Enhanced authentication and validation methods lie in the heart of all ScramCard devices.
These methods, in brief, include;
- Union and Wallet devices feature specially designed EMV multi-account personalization capabilities with consolidation of disparate payment cards and multiple MasterCards on top of secure TAP & PAY functionality and dynamic code functionality for all online and remote payment activity. Aimed at prestige brands and banks looking to differentiate their card offerings
- Pinnacle - combines payment security and authentication methods for better financial control and identity protection within a targeted credit, debit or prepaid card replacement.
- Token, an enterprise authentication solution that relieves the burden of authentication processing by consolidating multiple devices into one. Token is complemented with BYPASS, a mobile-based authentication app that runs on Apple and Android platforms.
All ScramCard’s are unique in form in that they are only 0.76mm thick and are equipped with a battery, a 12 button touch keypad and 9-digit eInk display. This jewel – like device is able to process 10,000 transactions or up to nine transactions per day over a three-year period. It is actually exactly the same size and thickness as the credit or debit card you carry in your pocket or purse today.
“We integrated the ScramCard technology to within something that is incredibly thin and readily accepted. A payment card. When we show our device to individuals there is an element of surprise in how we have managed to put technology into something so small. I think you hit the nail on a head when the consumers desire it and use it. We minimize the re-inventing of the wheel in terms of how the solution works. We’ve avoided the need for anyone to have to make a change, such as implementing new software at the POS terminal or change the ATM. There is fundamentally no change for the merchant experience at the Point of Sale or ATM.
All the change comes from the actual interaction with the card through those particular channels. We offer a ubiquitous solution, which having partnered with MasterCard makes it acceptable pretty much by 97% of merchants around the world.”
“What we do in our product is we actually link multiple cards all within one EMV chip,” continues Hewitt. Right now we are looking to launch a number of interesting and prestigious brand partners - we have the ability to issue the plastic and manufacture it with our own PIN so our partners don’t necessarily have to be banks.
And by taking it away from the banks we are giving top of wallets to a number of prestige retail brands. Very often retail brands understand the value of dataflow in card processing. If you look at a retail brand they can very clearly identify that consumers have affinity with a particular card product, they tend to be shopping with it. ScramCard approaches its partners with a value proposition to provide brand expertise, data analytics and security in a different way.”
In discussing world payment and security trends, Hewitt draws attention to Australia which is embracing contactless payments with open arms together, with higher contactless fraud as an ensuing consequence.
“Australia has embraced contactless payments quite significantly, to the point of extending the cap to$100 per transaction - and that’s pretty high. As a result contactless fraud is actually a serious problem within the Australian market. If you look at the UK market, they have just recently increased the limit of contactless payments to £30. Within our product contactless does not function – all transactions require the customer enters the PIN to the card, due to security However, if you put the validated PIN into the card we can then activate contactless payments. Currently within the banking sector convenience is very much what’s driving the growth of contactless and mobile payments. Yet to mitigate security banks have to limit the value to which they allow transactions to be processed.”
To make sure payment devices are not just easy to use but also secure and reliable ScramCard follows globally recognized industry compliance standards:
“From the encryption and client-based OTP (one time pad) perspective we support ISO 256 52. With regards to OTP we comply with industry wide encryption standards. Our solutions generate OTP by automating PIN by each individual use of a product. The OTPs are simply based on the purpose of use. If you are at the Point of Sale or ATM we generate a four digit PIN, if it is a transaction online we generate a three digit, or, if you are logging onto internet banking the program can generate 8 digit PIN. So the responses derived by the same PIN but it’s all PIN based. The validation we do at the back end is based on the PIN you put to the card and the code generates as a result. In terms of EMV chip incorporation it is certified by MasterCard. We also comply with PCI standards in terms of payment processing. All the card data is tokenized. Our partners who we are working with Tuxedo Money Solutions are also PCI compliant.”