Revision as of 09:54, 5 August 2017 edit InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,679,309 edits Rescuing 3 sources and tagging 0 as dead. #IABot (v1.5beta) ← Previous edit		Revision as of 07:51, 10 August 2017 edit undo Jon Kolbert (talk \| contribs) Extended confirmed users, Page movers, File movers, IP block exemptions, New page reviewers, Rollbackers, Template editors 140,312 edits m updated reference link from using http to https Next edit →
Line 1: [[image:Barclays pinsentry.jpg\|thumb\|right\|250px\|A Gemalto EZIO CAP device with Barclays PINsentry styling]] The '''Chip Authentication Program''' (CAP) is a [[MasterCard]] initiative and technical specification for using [[EMV]] banking [[smartcards]] for [[authentication\|authenticating]] users and transactions in online and telephone banking. It was also adopted by [[Visa (company)\|Visa]] as '''Dynamic Passcode Authentication''' (DPA).<ref>[http://www.visaeurope.com/aboutvisa/products/dynamicpasscode.jsp Dynamic passcode authentication] {{webarchive\|url=https://web.archive.org/web/20081119231409/http://www.visaeurope.com/aboutvisa/products/dynamicpasscode.jsp \|date=2008-11-19 }}, VISA Europe</ref> The CAP specification defines a handheld device (''CAP reader'') with a smartcard slot, a numeric keypad, and a display capable of displaying at least 12 characters (e.g., a [[starburst display]]). Banking customers who have been issued a CAP reader by their bank can insert their [[Chip and PIN]] ([[EMV]]) card into the CAP reader in order to participate in one of several supported [[authentication protocol]]s. CAP is a form of [[two-factor authentication]] as both a smartcard and a valid PIN must be present for a transaction to succeed. Banks hope that the system will reduce the risk of unsuspecting customers entering their details into fraudulent websites after reading so-called [[phishing]] emails.<ref>~~http~~https://www.theregister.co.uk/2007/04/18/pinsentry/</ref> ==Operating principle== Line 60: *[[Nationwide Building Society\|Nationwide]] The CAP readers of Barclays, Lloyds TSB, Nationwide, NatWest, Co-operative Bank/Smile and RBS are all intercompatible. [[Barclays]] began issuing CAP readers (called ''PINsentry'') in 2007.<ref>{{cite web\|url=http://www.barclays.co.uk/pinsentry/\|title=Barclays PINsentry\|archiveurl=https://web.archive.org/web/20100127090309/http://www.barclays.co.uk/pinsentry/\|archivedate=27 January 2010\|deadurl=yes\|df=}}</ref><ref>[~~http~~https://www.theregister.co.uk/2006/08/09/barclays_launches_cardreaders/ Barclays to launch two-factor authentication], The Register, 2006-08-09.</ref> Their online-banking website uses the ''identify'' mode for login verification and the ''sign'' mode for transaction verification. The ''respond'' mode is used as part of the new PingIt Mobile Payment application for authenticating the account details. The device is also now used in branches, replacing traditional chip and pin devices in order to further prevent attempted fraud. Bank cards issued by [[HBOS]] are technically compatible with the system, though HBOS has not (yet) introduced CAP readers for use with their online banking.<ref name="cambridge" />

Chip Authentication Program: Difference between revisions