Thales News Release

Thales Extends Support To MasterCard Advanced Authentication For Chip

August 27, 2009

New Solution Secures Online Transactions Executed With New and Existing EMV Cards

Thales, leader in information systems and communications security, announces that SafeSign, the company’s identity management and authentication solution, has successfully completed MasterCard evaluation for its Advanced Authentication for Chip. MasterCard Advanced Authentication for Chip is the latest extension to EMV, the international card-based authentication solution. Building on their long-standing relationship, Thales and MasterCard continue to work together to help banks fight online fraud and ensure maximum consumer confidence in online transactions by supporting both newly issued and existing EMV cards.

MasterCard Advanced Authentication for Chip allows two-factor authentication on EMV cards already issued that do not necessarily have offline PIN capabilities or have not been personalized according to the MasterCard Chip Authentication Program™ (CAP). This allows issuers to provide strong authentication to their cardholders without the need to re-issue their cards. This solution has been driven by regional demand, especially from the Asia Pacific Region and Latin America, where there are hundreds of millions of cardholders who need to be able to use their existing EMV cards to protect their online transactions. Thales has long supported MasterCard CAP with its SafeSign, HSM 8000 and payShield solutions.

According to Art Kranzley, Chief Emerging Technology Officer at MasterCard, “Today, consumers still don’t feel safe when buying online or using e-banking facilities which is why it is important that we create the conditions needed for banks to be able to allay these fears. Thales and MasterCard have already delivered strong authentication solutions in the past, now with Advanced Authentication we are best placed to support banks in continuing fighting Card Not Present fraud and building confidence for online customers.”

The new Advanced Authentication for Chip is operated by the cardholder inserting an EMV card into a Personal Card Reader (PCR). Once inserted, the PCR will perform specific card checks. If the card does not support offline PIN, the Advanced Authentication for Chip reader provides the option for a one-time password (OTP), challenge and response (C/R) or transaction data signing (TDS) which can be used for online user authentication and transaction signing. Otherwise the cardholder will first be prompted to introduce the PIN. This also means that Advanced Authentication for Chip is compatible with MasterCard CAP. SafeSign verifies and validates the OTP, C/R and TDS in order to effectively authenticate the user and provide additional security for online transactions.

“Thales has collaborated extensively with MasterCard to provide user authentication solutions and online transaction signing for CAP. We have now added support for EMV cards that have been issued without CAP personalization or an offline PIN”, says Franck Greverie, Vice President, Managing Director for the information security activities of Thales. “Our support for Advanced Authentication for Chip demonstrates our continued commitment to work with MasterCard to enable our customers to make online and Card Not Present transactions safer for EMV card holders and dramatically reduce fraud.”

SafeSign is Thales’s identity management and authentication solution that helps protect financial institutions and their customers against online fraud, enabling them to concentrate on delivering new products and services. Unlike other solutions, SafeSign supports a wide range of authentication technology including EMV/CAP, OATH tokens, mobile phones, smartcards and digital signature technologies. This approach allows SafeSign customers to maintain maximum flexibility in the selection of authentication that they deploy to meet their current and future needs.