it observer – ncipher helps combat phishing attacks with chip and pi

By | May 20, 2005

Banka Koper deploys nCipher payShield as part of MasterCard’s Chip Authentication Program (CAP) to give customers a simple and secure means for online banking and credit card authentication

Cambridge UK — 19 May, 2005

nCipher plc (LSE: NCH), a leading provider of IT cryptographic security solutions, today announced that their payShield™ hardware security module (HSM) will play a key role in the MasterCard® Chip Authentication Programme™ implemented by Banka Koper in Slovenia to provide stronger authentication for their online banking customers and cardholders performing transactions online, thereby helping to reduce Internet fraud.

All of Banka Koper´s retail and commercial customers have been issued with MasterCard OneSMART® cards, a next generation chip and PIN credit or debit card that contains sophisticated EMV standards-based security technology to enable them to better prove their identity when using their card in non face-to-face environments. When accessing their bank account or shopping online, users will be prompted to authenticate themselves to Banka Koper by inserting their card into the portable reader which is also provided by the bank. After users tap their PIN into the reader the card securely generates a unique, but more importantly dynamic, password which the user then types into the web page when prompted. By entering this ´one time only´ password rather than a traditional, static password that may be used for many years and across multiple sites, the impact of that password being compromised is limited to a very short period of time and a specific web connection and the commercial risk is therefore greatly reduced.

The combination of using a standard EMV payment chip card such as OneSMART along with the secret PIN results in a strong, two-factor authentication process that deters identity phishing attacks and reduces the fraudulent use of stolen cards. Phishing schemes typically use email or other messages that appear to come from a trusted service provider such as a bank or an online retailer. These messages attempt to lure people to bogus websites, where the victims are asked to enter personal information such as passwords, PIN numbers and credit card numbers. MasterCard’s Chip Authentication Programme (CAP) counteracts such schemes since there are minimal gains to be made from capturing a password that cannot be used without the chip card being present at the same time.

nCipher´s payShield™ is a secure hardware security platform designed for use with MasterCard CAP and that supports the EMV standards. PayShield secures the host side authentication mechanisms on behalf of the card issuer. This enables the issuer to strongly authenticate its customers as they take advantage of services provided by the issuer itself, such as home banking, or services offered by merchants or other third parties who wish to better validate the card and cardholder prior to receiving approval to go ahead with the transaction.

“For a card authentication solution to be truly effective in a non face-to-face environment, it has to offer a high level of security, and be low-cost and consistent across multiple channels. The MasterCard Chip Authentication Programme is designed to address these concerns. nCipher’s payShield plays an important role in the MasterCard CAP programme enabling us to offer an online experience that is both safer and fast and can therefore helps issuing banks greatly reduce the effects of phishing attacks and online credit card fraud” said Fikret Ates, Vice President, Chip Product Management at MasterCard International.

“Banka Koper is particularly proud to be one of the very first MasterCard OneSmart deployments and so offering our customers the highest levels of security and authentication when accessing banking services online” says Gojmir Nabergoj, Smart Card Migration Manager at Banka Koper. “nCipher has offered us huge support in setting up this project and their payShield HSM provides a flexible platform for delivery of this and future authentication requirements.”

“Minimising the exposure of sensitive customer information such as card numbers and PINs to both internal and external threats is a critical requirement of a highly secure online payment solution. We are excited to be able to work with MasterCard and Banka Koper to provide a solution that delivers the level of security demanded by MasterCard International and its member banks in their efforts to reduce financial risk and build confidence for online customers,” said Ron Carter, Payments Product Manager at nCipher.

Editorial note

CAP is a natural extension to an EMV Chip infrastructure, enabling members to leverage their existing investment to address the issue of payment security and convenience across different virtual payment channels. CAP can turn a Card Not Present (CNP) transaction into a Card Present Transaction, reducing chargeback costs and fraud due to CNP, and has the potential to significantly increase card payment volumes from e-commerce and services offered through secure remote banking.

CAP is part of the OneSMART™ MasterCard® program, which provides customers with instant access to an assortment of value-added applications and support services that strengthen the business case for chip migration. Beyond CAP, MasterCard offers OneSMART™ Pre-Authorized, for driving more transactions from cash to card, and OneSMART™ PayPass™, a contactless payment program. The OneSMART™ MasterCard program also includes a range of pre-configured smart card packages that help MasterCard´s customers get to market fast.

About MasterCard International

MasterCard International is a leading global payments solutions company that provides a broad variety of innovative services in support of our global members´ credit, deposit access, electronic cash, business-to-business and related payment programs. MasterCard International manages a family of well-known, widely accepted payment card brands including MasterCard®, Maestro® and Cirrus® and serves financial institutions, consumers and businesses in over 210 countries and territories. The MasterCard award-winning Priceless® advertising campaign is now seen in 97countries and in 47 languages, giving the MasterCard brand a truly global reach and scope. For more information go to

About Banka Koper

This year Banka Koper is celebrating the 50th anniversary of its foundation. Started as a small regional bank, today Banka Koper is a universal bank headquartered in the South West of Slovenia. It has a very strong regional presence and is expanding nationally. Its location at the gateway to Central and Eastern Europe, close to neighbouring countries with diverse cultures, in a rapidly growing economy, has meant that an innovative and proactive response to change is a strategic imperative for the bank. It launched the first Slovenian payment card, Activa, in 1992, which is now one of the strongest payment systems in Slovenia and has attracted a further seven participating banks. In 2002 Sanpaolo IMI Group of Turin, Italy, acquired over 62% of the share capital of Banka Koper from previous shareholders, thus securing for Banka Koper a long term stability for its organic growth in its traditional territory, and giving it also access to new international markets. For more information go to

About nCipher

nCipher is a leading provider of cryptographic security, enabling our customers to meet the challenges of verifying identity, protecting data and complying with security regulations. nCipher´s solutions provide a unified approach to cryptographic management providing strict access controls and high assurance trusted processing, overcoming traditional issues of scalability, performance and weak platform security. The world´s leading organizations work with nCipher to protect security critical systems such as web site infrastructure, online banking and payment processing networks, PKI, web services, databases and digital rights management schemes.

Leave a Reply