Security Considerations
.

.

backThe PC Pay® system was designed with security being the highest priority concern. Many software-centric solutions were explored to use a PC as a terminal to conduct secure transactions; however, for any software-only system that was created, a breach has always quickly been discovered. Please read our webpage "Why Hardware Encryption is Important"

Innovonics realized early on the only truly secure solution to transform a PC into a secure terminal was with a hardware-based solution where the confidential data could be encrypted in a very secure device. The creation of the PC Pay device was the solution as it provided exceptionally secure hardware encryption and also provided a very easy installation solution over installing a hardware device to a serial port or other port that is likely already used.

The PC Pay® device has multiple layers of physical and logical protection to prevent hackers from gaining access to confidential data such as encryption keys or the "clear-text" PIN. Click here to find out what happens if the unit is opened.

Some Bankers have acknowledged their awareness of the risk that exists using current approaches that do not include a secure hardware device.   For example, a security officer at one of the top 50 banks in America said they want to use our PC Pay® device for home banking via the internet, and without it their bank "has a less than robust security solution and could only offer very limited banking operations."  Another security officer at one of the largest banks in the world said "the PC Pay solution is the only real secure way to offer online authentication for their bank and without it he will will not sleep well at night."  These types of comments are echoed from technologists at many banks nationally and internationally.  Nevertheless, many programs are proceeding in institutions using security regarded as inadequate by the bank's own security officers.....at least until an intelligent Worm or Trojan Horse attack changes how business is done today.

A smart card is a great method to help positively identify an individual to allow secure access to an account or hold electronic cash. However, smart card readers need to have a PIN-pad to control access to smart cards so valuable and confidential information in the smart card does not get accessed without the user's knowledge by a program residing in a PC. The PC Pay device provides a PIN-pad for this needed additional security.

The perception of inadequate security is also a major problem . What percentage of the market will use home banking and shop from home via the Internet with their PC if they believe that security is inadequate for account access and transaction purposes?  Sure, after the entered credit card number gets encrypted in the PC it may be safe from the hackers, but what happens if a virus intercepts the credit card number as it enters the PC?

Software encryption in the user's PC is a common approach being proposed today for eCommerce that can be used to even create new bank accounts for Internet transactions. These approaches can have weaknesses. Also, with enough motivation encryption in the PC is subject to assault and penetration on a mass scale which is unacceptable for conducting secure transactions such as home banking. The PC Pay device uses encryption and encryption key management that is used in most ATM network transactions millions of times per today.  The PC Pay device was the first device in the world to be used for Internet online debit transactions in 1998.   Encryption needs to take place in a secure hardware device and not an open architecture PC that was designed to make it easy to add software which could mean potentially a virus or worm with intelligence to capture your credit card number and post it to a hacker on the other side of the world.

The PC Pay® device is the solution to the problem presented above as the confidential information is encrypted in a very secure device before it ever reaches the PC. The PC Pay device was designed to be as secure as an ATM. In fact it has the features of an ATM including the ability to read the magnetic stripe information for credit or debit cards and the ability to enter a PIN and have the PIN (always) and magnetic stripe (dash 108 units) information encrypted securely in the PC Pay® device. This security concept of requiring possession of a card and knowledge of a PIN is already being used millions of times a day securely at ATMs worldwide.  Why?   Because it works great!!!

Forward For more information...

What if the PC Pay device is opened?
Specifications of the PC Pay device
Security Specifications
Navigation graphics - see links below
Visit Innovonics Inc.
Security Menu

Security Considerations | What if it is opened?

PC Pay Homepage

Overview of the system | Usage | Security Considerations | Press releases and articles
Contact Us! | Take a QuickTour | Download Software
Request Information about PC Pay

Site Administration:

Other Languages | Innovonics Online Main Menu | Site Map and HELP!
Comments or Suggestions | Submit a Problem Report

Administered by: webmaster@innovonics.com

HELP!

copyright