SCM’s Mobile e20 Reader is Certified for the MasterCard OneSMART™ Authentication Program

SCM’s Mobile e20 Reader is Certified for the MasterCard OneSMART™ Authentication Program

CeBIT, Hanover, Germany, March 11, 2005–SCM Microsystems, Inc. (Nasdaq: SCMM, Prime Standard: SMY), a leading provider of solutions that open the Digital World, today announced that SCM’s e20 personal smart card reader for financial applications, has been certified by MasterCard International. The e20 reader was successfully tested against the MasterCard OneSMART™ Chip Authentication Program’s (CAP) 2004 specifications and was the first such device to achieve this milestone. The approval makes it possible for financial institutions and other card issuers to use SCM

The OneSMART MasterCard Chip Authentication Program is a smart card-based authentication program that is a part of the MasterCard SecureCode™ solution. It can be used to increase security for Internet banking and other applications requiring strong cardholder authentication.

SCM is demonstrating the online security capabilities of its e20 mobile reader at CeBIT in hall 17, booth A01(47) from March 10th to March 16th 2005.

“The global migration to smart card technology is perhaps the most important change to the card payments industry since its inception,” said Robert Schneider, chief executive officer of SCM Microsystems. “At the same time, an even bigger change is taking place in the world around us–the emergence of ecommerce. SCM teamed up with MasterCard to bring the power of smart card security into the virtual world with our handheld authentication device. The result is an easy to use, but effective solution for ecommerce and online banking that helps mitigate the risks that phishing and keylogging programs present to password-based security.”

“The MasterCard OneSMART™ Chip Authentication Program leverages the EMVTM infrastructure and extends it into online transactions. By using smart card readers, such as SCM’s e20, the MasterCard program enables highly secure chip-based authentication of cardholders for e-payment and e-banking channels. The online applications use MasterCard M/Chip™, which supports credit and debit payments for chip,” said Dr. Toni Merschen, Senior Vice President, Chip Center of Excellence, MasterCard International.

The same approach can be used to secure mail order and telephone order (MOTO) payments and online banking transactions. The card reader also allows cardholders to view a log of their last ten transactions. The solution is aimed primarily at security-conscious, technology-aware consumers–an important and growing segment.

How the e20 Works

Functionally, the e20 is a battery-operated smart card reading device with a display and keypad for entering PIN codes and other numeric data. After a cardholder enters his or her PIN, the device generates a one-time valid password or Transaction Authentication Number that the cardholder uses for the authentication of online transactions such as ecommerce or ebanking.

One option for achieving an even higher level of security is the challenge response capability. This feature allows an application to create a random challenge specific to that transaction. The user enters the challenge into the e20 reader; the card then generates a response that the user presents to the application. Introducing a random challenge into an authentication process is a very strong security technique. The e20 reader does not need to be connected to a PC, is easy for consumers to use and it is totally platform independent.

The e20 mobile reader is only slightly larger than a credit card, with a sleek, highly stylized design. In creating a security device for the virtual world, SCM’s engineers took their inspiration from the dial on a real world safe. The team settled on an oval shape and placed the keys around the perimeter. It’s small size and light weight make it both easy to hold and highly portable. It is an elegantly simple design, yet it significantly increases online transaction security for consumers, issuers and merchants.

Strong chip authentication is called “two-factor,” because it combines “something I own” (the chip card and the e20 reader) and “something I know” (the PIN). Though simple for the consumer, it is highly secure and it works across a variety of channels. Another important benefit to issuers is that it provides irrefutable proof of cardholder verification for the transaction, a critical requirement for card issuers faced with mounting online transaction disputes among their accountholders.

About SCM Microsystems

SCM Microsystems is a leading supplier of solutions that open the Digital World by enabling people to securely access digital content and services. The company develops, markets and sells its smart card reader technology for network and physical access and conditional access modules for secure digital TV decryption to OEM customers in the government, financial, enterprise and broadcasting markets worldwide. Global headquarters are in Fremont, California, with European headquarters in Ismaning, Germany. For additional information, visit the SCM Microsystems web site at