CAMBRIDGE, U.K. -- nCipher plc (LSE: NCH), a global leader in protecting critical enterprise data, announces that its payShield hardware security module (HSM) has been deployed at the core of a new telephone and internet banking system in Croatia. Privredna Banka Zagreb (PBZ), one of the largest financial institutions in the Republic of Croatia and member of Intesa Sanpaolo group, one of the largest financial groups in Europe, recently launched one of the first MasterCard® Chip Authentication Programme (CAP) services in south east Europe. The solution provides stronger authentication for customers performing transactions online or over the telephone in a drive to reduce fraud.
As one of the first banks in Croatia to move from magnetic stripe cards to EMV chip cards, PBZ recognized the added security offered by CAP authentication along with the lower costs for CAP readers and logistics compared with other token-based solutions. When accessing their bank account either online or over the telephone, users will be prompted to authenticate themselves to PBZ by inserting their EMV chip card into a portable reader provided by the bank and entering their personal identification number (PIN). The card reader then displays a unique dynamic or one time only password which the user then enters onto the web site when prompted. The combination of using a standard EMV payment chip card together with a PIN results in a strong, two-factor authentication process that will reduce the fraudulent use of stolen cards and protect against the weaknesses of simple user ID and password-based authentication. In addition PBZ cardholders can also use the same card for ATM and point of sale transactions.
PBZ expects to have over 40,000 retail customers using CAP authentication by the end of 2007, including both new customers and those migrated from existing token-based authentication. This number is expected to increase significantly as from now on PBZ will only offer CAP authentication to their retail customers. Two-factor authentication is already the de-facto standard for direct banking services in Croatia, with token-based authentication for retail, and PKI and smartcard authentication for corporate e-banking.