- Abdullah Al-Shamim
In the wake of ongoing digital revolution over the past few years, among many initiatives, the increasing adoption of online identity, the race to a cashless society, relentless efforts to convert traditional services to digital, and so forth are not only bringing the consumers ease and comfort of accessing the services through digital inclusion, but also posing more and more threats as a large number of frauds is being committed, and this is putting the consumers in a substantially vulnerable and challenged position, at the same time keeping the service provides on a constant edge to combat the invisible attackers.
In a recent global study, it has been identified that more than 90% businesses suffered from some form of hacking in the last 12 months. Though the Small to Medium sized Businesses (SMB) may not be the primary target of the attackers, however, due to the provocative low hanging fruit, such businesses are the 67% of all victims, making them the sweet spot for the cyber criminals. The alarming part of such attacks is that most of these go unnoticed for months due to relaxed security practices.Meanwhile, the attackers continue with causing business disruption, lost assets including intellectual property, lost time and productivity, damage to brand and what nots.
That is the main driving factor for the adoption of Second Factor Authentication (2FA) technology to outsmart the attackers. 2FA is an extra layer of security that incorporates “something you have” (e.g. a One-Time Password card or any other token) and “something you are” (e.g. any biometric) on top of the usual “something you know” (e.g. a PIN or password), making the users’ identity authentication of their online accounts altogether way more secure, and at the same time harder for the attackers to get access to those.
On the online payment front, even the adoption of EMV technology has not been able to put a stop to the fraud. Every year it is causing billons of dollars in damage all over the world. For the Card Present (CP) transactions, EMV technology guarantees the highest level of security by executing cryptographic operations inside the chip of the card. However, for Card Not Present (CNP) transactions, a cardholder usually needs to enter the card information (cardholder name, card number, expiry date) and the Cardholder Verification Value or “CVV” (a fixed 3-digit number printed on back of the card) on the payment gateway page in order to make an online transaction. Since this CVV is fixed, if it is compromised, fraudulent transactions can be made using that card information. To overcome this, many service providers already introduced a security code sent to the consumer via SMS which in addition to the card information ensures the secure online transaction.
However, that causes a sense of dependency and discomfort because the SMS may be delayed, the phone needs to be switched on, the SMS may not be received while traveling abroad if the roaming is not enabled, and so forth. So, to ensure a seamless experience for the consumers, a dCVV (Dynamic Cardholder Verification Value) card can be the ultimate go-to solution. It is simply like any regular card, but on the back, there is an e-ink display that shows the dCVV. This dCVV is also a 3-digit number. However, in contrary to a CVV, a dCVV changes at a regular interval. So, to the cardholders, there is no change in terms of look and usage of the card, except for a dCVV changes at a set interval. For the online merchants too, there is no change in terms of their existing online transaction setup. Moreover, even if an attacker gets one dCVV, no significant harm can be made because of the continuously changing nature of the dCVV. It brings a fluid and seamless experience for the consumes and the merchants, but it does that without disrupting any existing setup of both the consumers and merchants. The banks and service providers need an initial setup of the validation system.
Kona Software Lab Limited, the Bangladesh office of the South Korean payment and security industry pioneer Kona I Co., Ltd., has the full portfolio of the electronic cards (OTP, dCVV, Fingerprint) along with the backend validation system for the banks and other service providers. The company is working closely with different financial and non-financial institutions to make the payment and security industry in Bangladesh more comprehensive.
The author is the Senior Manager, Research and Development; EMV Specialist and Consultant at Kona Software Lab Limited