Egg shares its PIN security secret

Online bank Egg is making one of its security systems commercially available to rival banks in a move it says will build confidence...

Online bank Egg is making one of its security systems commercially available to rival banks in a move it says will build confidence in online banking.

The system enables Egg's customers to see their PIN numbers through a secure link to their online banking service rather than having to have a new PIN posted to them if they forget it or lose a card.

Paul Hampton, chief security architect at Egg, said the technology, which has been in use since 2004, has had a 100% success rate: no PINs have been stolen since its introduction.

"We all stand and fall by the confidence customers have in online banking and we are offering this to the marketplace because we can benefit from this confidence," Hampton said.

Competitors have attempted to use the same type of system but with less success, he added.

Hampton said that Egg decided to improve how it distributed Pin numbers when Chip and PIN cards were introduced in 2004.

"The process of sending a new PIN via the mail can take up to 10 days and we decided to move away from this because people need their PIN to use the card," he said.

Egg, which has about 3.4 million customers, sends out over 2000 PINs every day through the system. "This is more than we used to send out before the new system because it is easier," Hampton said.

The bank has separated the security servers from its core infrastructure to ensure that internal staff have no access to the PIN numbers.

"This is a highly restricted piece of information and nobody in the bank can access it," Hampton said.

The system uses cryptographic technology from Safenet and delivers PIN numbers to customers through an encryption service on a dedicated server. It will be available to other banks from November.

If a customer wants to know their PIN they can log into their online banking service through a link to the SafeNet secure server. They input the security code on the back of their card and can view the PIN onscreen.

Rene Bastien, product manager at SafeNet, said the system could be used in a number of industries. "It can be used in any industry that has to use secure PINs such as the telecoms industry."

Online fraudsters turn to cards as banks toughen up >>

Read more on IT risk management