MagTek Launches a Company to Pursue Online Authentication

In a move aimed at addressing widespread fears about e-commerce security, MagTek Inc. has launched a company to commercialize its card-based authentication technology and leverage it for both online and point-of-sale transactions. Magensa LLC, a subsidiary of the Carson, Calif., maker of check scanners and card-terminal components, officially began operation last week with a goal of putting 10 million miniaturized, keychain-ready card readers into consumers' pockets within two years. The readers will link via USB connections to personal computers for authentication to online-banking and Internet retailer sites. Although Magensa is selling the technology as a way for banks to meet stringent new federal guidelines for online authentication, the company hopes it will ultimately lead to widespread use at the physical point of sale, where it could ensure against card skimming and counterfeiting. And, for transactions at merchant Web sites, it hopes its system will provide the basis for creation of a new class of interchange by the bank card networks that would provide even more retailer-favorable rates than card-present pricing. “It's a different class of transactions,” says Annemarie Hart, who is chief executive of MagTek and holds the same title at Magensa. “It would be beyond card-present because the risk is less.” Magensa's product is based on a token-authentication technology called MagnePrint, to which MagTek holds the license and which the company has been selling for several years as a measure against card fraud. MagnePrint generates a score indicating the likelihood that a given card is genuine, relying on the unique pattern of particles making up the card's magnetic stripe. No two mag stripes are exactly identical, making it close to impossible for a counterfeiter to copy the mag stripe of a stolen or skimmed card. Magensa's keychain readers, which are equipped with MagnePrint reader heads, allow a consumer to swipe a card at a PC to authenticate himself to an online-banking site before, say, paying a bill or transferring funds. “Where the user name and password aren't adequate, what's the most compelling thing out there?you already have 10 of them in your pocket,” says Hart. “Challenge questions are an improvement, but we believe the consumer's going to want something stronger.” Magensa's readers encrypt the mag-stripe pattern and track data, using triple-DES and a unique key with each transaction, before they enter the PC's operating system. From there, they flow to the e-commerce site, which verifies the user name and password and passes the data on to Magensa's servers for decryption and scoring. Magensa then sends an authentication message to the bank's servers. Magensa–which Hart says is derived from magnetics, encryption, and strong authentication?won its first contract last week at the Bank Administration Institute's Retail Delivery System trade show in Las Vegas. Now the fledgling company hopes to use a keychain-reader base ultimately to bring MagnePrint technology to the point of sale. As merchants replace POS terminals, Hart hopes to get them to install machines with MagnePrint readers, working through its supplier relationships with major terminal makers. By then, she says, enough consumers will have used the system online to allow the company to build a database of MagnePrint records sufficient to attract retailer interest. She also says the system can lead to a near-elimination of chargebacks in online purchases, which should allow the card companies to create interchange rates for MagnePrint-authenticated transactions that would be lower even than card-present rates. For now, the company is focused on attacking the issue of two-factor authentication, or supplying a second piece of identification for e-ecommerce beyond user name and password. Each keychain reader costs $10 to $25 in commercial volumes, depending on quantity, which may cause financial institutions to limit them to high-net-worth customers to start with. At the same time, Magensa's fee to the bank is $6 to $24 per reader on the system, depending on the number of customers. Hart argues her goal of 10 million keychain readers in two years is attainable, given that there are currently 50 million online-banking users, a number that, she points out, will continue to grow.