Times are getting hard for anyone trying to get away with online fraud. That’s because Siemens, in cooperation with a partner company, has developed an Internet ID card the size of an ATM card that enables users to provide authentication prior to a bank transaction, using a fingerprint and an integrated key. The ID card doesn’t require any additional software or hardware, so it is safe from attacks and can be used on any computer. The solution is slated for market launch in the summer of 2008 at the earliest.
Hackers obtain a wealth of account details using phishing websites, and they caused damage amounting to at least €14 million in Germany last year, according to the Federal Criminal Police Office (BKA). The bank card-sized Internet ID card from Siemens IT Solutions and Services and Swiss company AXSionics is designed to make this form of fraud a thing of the past.
The ID card is equipped with a fingerprint scanner and six optical sensors. Initially, the user identifies himself or herself using the fingerprint. The bank’s website then sends a flicker code, which the sensors of the ID card register and decrypt. In the process, the monitor displays six rapidly flashing fields that alternate between black and white.
The flicker code contains the details of the funds transfer previously submitted to the bank and the associated transaction number (TAN). Using an integrated cryptographic key, the ID card decrypts the code and displays the deciphered information on its small screen. The user checks to make sure the transaction data is complete and finally confirms the transfer by entering the TAN currently displayed. Neither software nor hardware is required for the Internet ID card, which means the Internet user can safely conduct banking business worldwide without a separate TAN list.
The customer scans several fingers onto the Internet ID card, to be used later for identification. This also involves selecting an emergency finger: a customer forced to transfer funds under duress, for example, can set off an alarm at the bank by scanning this finger. The transaction is conducted on the computer monitor to fool the offender, but the bank does not actually complete the request.
Online banking is just one of many possible applications, though. For users who enjoy activities ranging from online auctions to downloading music, the ID card has 128 keys and in theory can be used for a corresponding number of different online service providers.
Explore further: A teaching moment in the Ashley Madison hack