Egg shares online PIN security secrets

The firm hopes to improve confidence in online banking security

Egg claims its PIN system is hack-proof

Online bank Egg is sharing the secrets of its internet-based PIN checking facility with the credit card industry, in an attempt to improve confidence in web banking and increase its customer base.

The introduction of chip-and-PIN two years ago prompted the bank to develop a packaged system of hardware and software, to securely transmit PINs between an encrypted storage facility and a web customer.

A message is sent down the same security pipeline that erases all the transaction history stored on the computer receiving the information seconds after the customer has viewed the passcode online.

"The system was used as a competitive advantage for a couple of years, but Egg eventually came to the conclusion that other banks ought to use it, so we didn’t mind if others used the same method,” Egg's head of procurement David Boyle told Computing.

Egg allowed vendor SafeNet to use the intellectual property rights of the system to market it to other banks late last year. But the uptake of the extra security layer has been slow and credit card operator MBNA is the only bank trialling the system, according to industry sources.

“The more people who understand that such systems can be perfectly secure, the more business we should get out of it as we are already positioned as the largest internet bank in the UK,” said Boyle.

“But there are other cards issuers around that do not use the secure pipeline and cannot guarantee that what they transmit is then erased from the terminal looking at the information on the customer end.

“It may be possible for criminals to hack in some of these systems and find out what the PIN was but in our system it is impossible to do that.”