Online bank Egg has said it has made significant savings
after becoming the first bank to distribute Pin codes for its
credit card customers over the internet.
The bank has rolled out technology to allow customers access to
their Pin codes electronically through an encrypted internet
gateway at a fraction of the cost of sending them out through the
post.
The system, developed by Egg and security supplier SafeNet, has
also reduced the risk of fraud from mail interception, a growing
problem since the introduction of Pin bank cards.
Egg is saving an estimated 50p for each Pin posted across the
internet.
"The savings stem not only from the costs of issuing an initial
Pin by post but also from the reduced risks of card and Pin
interception," said Tracy Willis, Egg’s head of technology
security.
The bank developed a system based on a SafeNet’s Luna SP secure
hardware module.
The module plugs into Egg’s network and acts as a secure gateway
to link Egg’s customers with an outsourcing company which manages
Pins on Egg’s behalf.
Customers type in a secure account number and answer other
security questions to authenticate themselves to the service.
The service receives and transmits data from the customer’s PC
through an encrypted Secure Sockets Layer internet tunnel. The data
is also securely encrypted on Egg’s network.
The hardware security module, which uses a secure cut-down
version of Linux to run the Pin application, is sealed from the
rest of Egg’s network in a tamper-proof unit.
Egg has designed the system to ensure that hackers can not
recover Pins from customers’ browsers.
"The secure tunnel design prevents a number of attacks that
could have been performed by internal attackers," said Willis.
Egg worked with SafeNet for over a year to develop the system,
which went live last year. It will be offered to other online
banks.