What about SSL (Secure Socket Layer)?
ATMobility^TM does not replace SSL, it adds Two Factor Authentication to it. SSL quite effectively protects communication against eavesdropping, from point to point. However SSL does not provide user authentication and it does not protect local keyboard entry.

Two Factor Authentication means:

• Knowing something, in this case the PIN code
• Having something, in this case ATMobility^TM card

With the ATMobility^TM platform, access to both is required for a successful authentication.

An Internet search for 'key logger' will show many programs that secretly record key strokes on a PC keyboard. These stealthy programs are (known as “Trojan Horses”), log and store all keystrokes including passwords regardless of the SSL connection. Many of these programs either send their trapped secrets out to a predetermined collection point or provide remote access to the logged data.

ATMobility^TM does not prevent key logging, but as it uses a one time access code and SSL for connection protection, any logged data will not contain a valid access code for a new session. The PIN code for the card is not entered on the PC, and physical access to the ATMobility^TM card is required for authentication.

What about ATM security?
Many banks and credit unions are experiencing attacks on card integrity at ATM installations (example). ATMobility^TM protects the card issuer against fraudulent ATM installations and modifications, customer password sniffing on ATM data connections and “shoulder surfing” of card PIN’s. Financial institutions can eliminate these types of attacks by having their server require the ATMobility^TM challenge and response session at the ATM. The sniffing of an actual PIN will do no good when trying to clone a card, the secret key in the chip prevents card cloning and server spoofing. This process assures that a valid card is present. An added bonus is that all transactions are electronically signed.