Finovate: Privacy is dead, long live the PIN
Passwords are nice, but PINs can be far easier to remember. We take a look at four companies trying to take PINs online.
What's something we often use for security in the real world but not online? PIN codes. We use them at stores, banks, and ATMs, so why not use them online? For one, a QWERTY keyboard lets you create a much stronger, and often easier-to-remember password than you could with numerical digits. But PINs are still a password and can be just as good with the right precautions.
Some companies are using PIN codes to add an extra layer of security on top of what sites already offers. Here are four companies at the FinovateStartup conference doing just that.
Aradiom's SolidPass system combines a PIN and a mobile token system, where you've provisioned your phone as yet another way to secure your identity. You can enter your PIN as usual, but you need to have the mobile application running to verify that you're making a purchase. When the system verifies you through the PIN and the software app, it lets you in. This system also works on sites, so if you have something securely locked down by password, you can also require that users validate their credentials on their handsets as well.
MoBank. This U.K.-based company acts as a gatekeeper for your financial information for use on mobile commerce sites. You give it all your credentials in return for a way to use a single, secure log-in across multiple vendors. It forgoes the usual password system in place of a financial PIN that you enter at the time of the transaction. It's also smart enough to jumble up the way the PIN pad looks between transactions so malicious third-party tools can't grab your information with repeated viewings.
Online sellers can add the system to their sites, and in return the company has an app that put all those shops in one place, letting users search and purchase items they want to buy. It's only available in the U.K. for now, but co-founder and CEO Dominic Keen says it's coming to the U.S. in a few months.
HomeATM.net is ATM hardware for the Web. It's a physical piece of hardware you have to lug around with you. You securely enter your PIN or swipe your debit card to use for P2P money exchanges and purchases on commerce sites.
The payoff is that, unlike money-transfer systems that go off the credit and check system (which can take up to three days to clear), the money gets transferred immediately. All the while your data isn't compromised by things like keyloggers or screen-grabbing tools. The only downside is that you and the person you're sending the money to need to have the hardware.
Acculynk PIN is an additional layer of security applied to online purchases. If you're using a debit card it checks to see if it can be verified by PIN. Instead of entering the security code to confirm (which is on the physical card), you need to enter a PIN. It uses the same PIN code that's on your card and lets you enter it with a number pad that changes between presses for security's sake. In a way it's part PIN, part captcha.