Content deleted Content added
→Users: removed reference to Canada, b/c it was not about CAP, but chip rollout generally. unknown which banks in Canada will rollout chip. |
m correct trivial typo |
||
Line 6:
==Operating principle==
The CAP specification supports several authentication methods. The user first inserts their smartcard into the CAP reader and enables it by entering the PIN. A button is then pressed to select the transaction type:
*'''Identify:''' Without requiring any further input, the CAP reader interacts with the smartcard to produce a decimal [[one-time password]], which can be used, for example, to log
*'''Response:''' This mode implements [[challenge-response authentication]], where the bank's website asks the customer to enter a "challenge" number into the CAP reader, and then copy the "response" number displayed by the CAP reader into the web site.
*'''Sign:''' This mode is an extension of the previous, where not only a random "challenge" value, but also crucial transaction details such as the transferred value, the currency, and recipient's account number have to be typed into the CAP reader.
| |||