ATM Direct Scores First EFT Network for Web-Based PIN Debit
In a development that could lead to the first significant use of PIN debit for Internet transactions, the ACCEL/Exchange electronic funds transfer network has agreed to handle PIN-secured debit card transactions processed by ATM Direct, a unit of San Francisco-based Pay By Touch Inc.
The network, which is based in Bellevue, Wash., and links 3,500 financial institutions and 80 million cards, is the first ATM network recruited by ATM Direct to handle transactions generated by its technology, which allows consumers to use their ATM cards and PINs to buy merchandise and services online.
The agreement between ACCEL/Exchange and ATM Direct comes nearly six months after the network, a unit of Milwaukee-based processor Fiserv Inc., first indicated it was planning to run a pilot of the Irving, Texas-based company’s system (Digital Transactions News, Dec. 16, 2005).
“We are pleased to participate in the introduction of an exciting value-add payment service like Internet PIN debit because of the potential it has to offer,” said Mike Williams, senior vice president of Fiserv EFT, in a statement.
ATM Direct says its system offers online merchants transactions at lower pricing than card-not-present credit card rates while also guaranteeing payment. For consumers, the company says, it offers higher security for Web purchases. The joint announcement from the two parties does not say when transactions will start flowing.
ATM Direct has also been in discussions with online merchants and service providers about accepting payments through its system. An unnamed merchant in Dallas was expected to be the first site operational on the system in 2006, Robert Ziegler, senior vice president and general manager at ATM Direct, told Digital Transactions News in December, though that merchant has not yet been announced. (It's JPaul Companies)
Up to now, EFT networks have been loath to allow PINs to be used on the Internet, fearing the potential for fraud. Only in the past couple of years have they allowed so-called PIN-less debit transactions, in which consumers can pay bills to a limited range of organizations using their PIN debit accounts but without entering a PIN.
ATM Direct’s system works by downloading digitally unique code to the consumer's desktop, setting up a process of multifactor authentication in which the company can authenticate the consumer by recognizing the code and by means of technology such as geo-location. The company also sweeps the consumer’s PC for keyloggers and other trojans.
When the consumer is ready to buy and ATM Direct is satisfied the PC is secure, the system presents on the screen a keypad for PIN entry. The pad is called a floating PIN pad because a different numerical configuration is presented each time. This process disables the computer keyboard, allowing entry only by mouse click. Once PIN entry is complete, ATM Direct returns a signed token to the merchant, asking if the merchant wants to go forward with authorization.
If so, it creates a transaction message, including a PIN block with PINs encrypted at two-key triple DES, to go to the relevant EFT network for authorization and settlement at the issuing bank. In this sense, it operates as if it were another processor hooked into the EFT network’s switch.