Point of Pay


Why PoP?

The PoP solution

User Benefits

Merchant Benefits

Financial Institution Benefits

Internet Security Issues

Internet banking and e-commerce are concepts which have the potential to provide quick, easy and otherwise totally convenient shopping and banking experiences for any internet user. The use of this technology makes life easier for banks and merchants as well, reducing costs and reaching a wider customer base.


However, up until now, the use of credit and debit cards over the internet has made customers nervous. And rightfully so, as the criminal element who see internet transactions as an opportunity for fraud is ever increasing, particularly in the form of identity theft. For many of these criminals, the internet is merely a new way to enter the banking system and is seen as an easy target.


Through the use of 'phishing' or 'pharming' - two techniques designed to steal identity of bank customers, the criminal convinces the user that he/she is interacting with a bank's website - the number of customers willing to bank via the internet has been greatly reduced. Also common is the 'man-in-the-middle' attack, where an attacker intercepts the information sent to and from the bank.


Likewise, in e-commerce, customer confidence and business profits are constantly undermined by payment fraud. The rate of fraud for internet purchases, after all, is up to 22 times that of transactions where the card is present. This fraud often results in chargebacks (credit to the cardholder because they claim they did not make the transaction.) The burden of paying for these chargebacks usually falls onto the merchant.


Current Solutions

For internet banking:


Electronic 'Token' one-time password generators


  • Devices which generate a password that is changed periodically.

PROBLEMS: Regardless of how frequently the user's password is changed, the password can still be easily intercepted and the cardholders identity stolen. Time variable passwords merely mean the attacker must use the password as soon as it is received.


SMS password delivery


  • The user is sent a new password for each banking session they perform.

PROBLEMS: This system is still vulnerable to "man-in-the-middle" and "hijacking" attacks. Also, by delivering the password via SMS, the bank gives up control of the user's authentication message to a third party thus inviting identity theft. The bank has no further influence on how the message is encrypted (if at all), where it is stored, and how many places it could be intercepted and read.


For e-commerce:


Check Codes


  • An additional code that is not encoded onto the magnetic stripe of the payment card.

PROBLEMS: Check codes such as CVV can easily be intercepted manually by any person in possession of the card. Additionally, the growth in identity fraud since the inception of check codes clearly indicates that fraudsters are seeking new ways to capture the cardholder address information.


Proprietary authentication solutions


  • Verify by Visa' and 'MasterCard SecureCode'.
  • Universal Cardholder Authentication Field (provides a standardised location and messaging format for the delivery of cardholder authentication information).

PROBLEMS: As these solutions are essentially password based, they suffer from many of the same problems currently faced by the internet banking systems of today. They are vulnerable to 'pharming', 'man-in-the-middle' and session 'hijacking' attacks and therefore of identity theft.