News

Egg cuts costs with online Pins

Bill Goodwin

Online bank Egg has said it has made significant savings after becoming the first bank to distribute Pin codes for its credit card customers over the internet.

The bank has rolled out technology to allow customers access to their Pin codes electronically through an encrypted internet gateway at a fraction of the cost of sending them out through the post.

The system, developed by Egg and security supplier SafeNet, has also reduced the risk of fraud from mail interception, a growing problem since the introduction of Pin bank cards.

Egg is saving an estimated 50p for each Pin posted across the internet.

"The savings stem not only from the costs of issuing an initial Pin by post but also from the reduced risks of card and Pin interception," said Tracy Willis, Egg’s head of technology security.

The bank developed a system based on a SafeNet’s Luna SP secure hardware module.

The module plugs into Egg’s network and acts as a secure gateway to link Egg’s customers with an outsourcing company which manages Pins on Egg’s behalf.

Customers type in a secure account number and answer other security questions to authenticate themselves to the service.

The service receives and transmits data from the customer’s PC through an encrypted Secure Sockets Layer internet tunnel. The data is also securely encrypted on Egg’s network.

The hardware security module, which uses a secure cut-down version of Linux to run the Pin application, is sealed from the rest of Egg’s network in a tamper-proof unit.

Egg has designed the system to ensure that hackers can not recover Pins from customers’ browsers.

"The secure tunnel design prevents a number of attacks that could have been performed by internal attackers," said Willis.

Egg worked with SafeNet for over a year to develop the system, which went live last year. It will be offered to other online banks.

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy