Special Report: Technical information on card fraud and identity theft protection technologies

image1CardLab Innovation CEO Frank Sandeløv on how more than ten years of research and development within microelectronics for smart cards have led to several technological solutions that can eliminate card fraud and identity theft problems.

CardLab was founded in 2006 and has gradually gained a position as a world-leading technology provider of integrated electronics for intelligent access, payment and ID cards, including embedded fingerprint authentication. We supply technology and card products that enhance card security, reduce fraud and identity theft and save card issuers significant costs by working in the existing infrastructure.

We have developed and patented several technology building blocks for card manufacturers providing cards with a customised security level suited to the customer’s specific needs. Technology development is based in Copenhagen, Denmark, production in China and Thailand in our own and partner factories, making CardLab a ‘one-stop shop’ that can bring a card from idea to full volume production.

Our secure card products can be used within all card business sectors, including financial, access, ID and loyalty cards. They are innovative and based on our experience in making secure card solutions. We have also learned that to make security enhancements acceptable to the user, we need to support established use patterns, making the implementation natural and intuitive.

Maximising security, minimising risk

The R&D activities have led to a number of card products presently entering production, where MuteCard and JammerCard are the low-scale security products and where a jammer incorporated into the card design makes it impossible to communicate with the card unless the owner applies a light tap, disabling the jammer function for a given time. MuteCard is well suited to have in your wallet to protect several cards, whereas the JammerCard is more useful as a visible, wearable ID. The common attribute is that both fully protect against unintentional skimming and the increasing pick-pocketing with false payment applications lifting money from the card without the card owner’s knowledge. With this security solution the convenience of contactless payments can be maintained without risk.

In our product portfolio we also have a much enhanced dynamic dual magstripe solution with electronics inside the card, emulating a normal magstripe signal in such a way that tracks one and two can be read simultaneously. We are able to add to this solution a tokenised one by using the available open standards and reaching the same level of security on transactions as with the Europay, Mastercard and Visa (EMV) chip solution. The key is that we can make every transaction unique, which makes the fraudster’s efforts to skim the magstripe worthless as the same token will not be accepted in the payment system twice.

This effectively eliminates the risk of abuse of copied data as every transaction becomes unique. The solution also forms the basis for another CardLab solution, which is the connected card consisting of a cloud solution, an app on a smartphone, and a connected card communicating with the app via Bluetooth low energy (BLE). The advantages of this solution are manifold and include the ability to save all your cards in the app. In this situation you can leave all your plastic at home as you have all cards inside your app and in the connected card. It helps the customers to redeem the loyalty points, bonuses, etc. they otherwise often lose because cards can be forgotten.

The solution has another big advantage for banks as it can help in fraud detection as the phone can emit its GPS position that can be correlated with the card usage. The phone can also control the use of the card and vice versa. Another big advantage and convenience for the end users is that banks are able to instantly issue a new virtual credit card with this solution and send it to the app, where it then becomes a physical card when loaded on to the connected card and paired with the secret keys that activate it. With this solution, card replacement time is reduced from weeks to minutes with customer satisfaction and huge savings for the banks on issuing cost.

The ultimate security level is reached when all card solutions are combined with a fingerprint sensor, making sure that only the owner can access it. To anybody else it will be a useless piece of plastic.

The future of CardLab

CardLab was awarded a grant from the Danish Market Maturation Fund in 2015 for producing a biometric one-time password (OTP) card for secure e-banking, e-commerce, e-government and similar needs, and we are now starting production and testing of this card with three initial test users. The card will also be able to produce dynamic card verification value (CVV) and, like all of our cards, this is ISO ID1 compliant but can be delivered in other form factors. The card will gradually become available for sale in the third quarter of 2017, eliminating the need to remember PINs.

Recently, CardLab was granted funding under the European Commission’s Horizon 2020 programme, which will allow the fingerprint authentication to gradually be implemented in all card solutions, whether magstripe, EMV chip or a contactless card, so we will be able to provide the ultimate security to all card solutions. The rollout with test users will also begin in the third quarter of 2017, and the first cards will be available on the market later in the year. With this grant we see the foundation for creating card solutions that, with a full ‘system on card’ authentication, eliminate the risk of database hacking as all communication with the backbone system will take place via an encrypted key system.

CardLab will continue to refine these systems to maintain the fight against card fraud and identity theft, enabling people to make secure payments or transactions on the internet as opposed to the situation today. The need to remember multiple passwords will also be removed.

The demand is huge and, together with our partners, we are now preparing to supply secure cards in the amount needed to support a pipeline of more than 100 customers waiting for different products to be available in volume.

Frank Sandeløv