New two-factor authentication scheme launched

A new system to provide an alternative to chip and PIN and other two-factor authentication schemes has been launched today.

GrIDsure relies on the human ability to recognise patterns to offer a viable alternative to token or card reader-based schemes offered by security vendors like RSA and recently launched by banks, like HSBC and Barclays to combat a rise in card not present (CNP) fraud following last year's introduction of Chip and PIN to cut card fraud at the point of sale.

GrIDsure, a UK company, says its system can be used anywhere a PIN, password, passcode device or smart card is normally used, without having to carry extra hardware. And it is touting it as a more secure, yet more simple way for card users to prove they are they are the rightful card holder, whether buying online, at a shop till or cash point.

Users create a simple pattern by choosing a set number of squares on a grid, in a shape of their choice - such as an 'L', square or tick. A grid filled with random numbers is presented to the payee at authentication time for them to provide a unique, one-time passcode to authorise a transaction.

Stephen Howes, co-founder of GrIDsure told IT PRO the company was working with PriceWaterhouseCoopers to approach card issuers and third-party security and payment vendors, as well as organisations, to implement the system as part of existing authentication procedures.

Howes also said it was a viable alternative to the current 3D authentication protocols used by card issuers and retailers for online transactions through schemes such as Verified By Visa and MasterCard SecureCode. "GrIDsure is more effective because users don't have to remember lots of PINs or passwords or need extra hardware to authenticate payments," he said.

GrIDsure claims its approach is nearly 40 times more secure than Chip and PIN and, being non-language dependent, it can be used by those with low literacy rates or disabilities.

It has been developed over the past two years using mathematical and consumer usability studies carried out by Cambridge University and University College London (UCL) academics.

Professor Angela Sasse, UCL professor of Human-Centred Technology said: "Having looked at many mechanisms which have been proposed in recent years to overcome users' problems with PINs and passwords, this is the first one that has the potential to offer good usability and increased security at the same time."

The company said early adopting customers also point to the system's broad range of authentication applications outside of verifying transactions.

Howes said Abbey College in Cambridgeshire and South Lakeland District Council, Cumbria are piloting its use to authenticate children logging onto computerised systems or citizens accessing secure online public sector services respectively.

Email to a friend

Print this page