Thales today announced that SafeSign, its end-to-end solution for identity management, user authentication and transaction security, now supports the use of XIRING Xi-Sign tokens and EMV card readers. Thales and XIRING, a leading authentication, electronic signature and secure transaction solutions provider, are working together to deliver the security benefits of the latest MasterCard CAP (Chip Authentication Program) standard EMV cards.

The MasterCard CAP standard has been put in place to combat the growing threat of transaction fraud conducted when the cardholder is not present, such as the online phishing technique. It allows EMV cards to be used in the authentication process of secure online service provision.

Thales and XIRING enable customers to take advantage of the new EMV CAP standard by using the strong two-factor authentication technique of something you have (EMV card) with something you know (PIN) to identify and authenticate the user. When trying to access a service, customers insert their EMV card into the XIRING unconnected card reader and enter their PIN. They will then be presented with an eight-character code on the display. This one-time code, which changes every time the card is used, is then transmitted to the Thales SafeSign Authentication Server which strongly authenticates the user to permit access.

The same combination of the Thales SafeSign Authentication Server and XIRING card reader can be used to authenticate the transaction itself. When the user performs a transaction, he is presented with a challenge in the form of a numeric code. With the EMV card plugged into the unconnected reader, the user keys the challenge code into the reader and a new one-time passcode is generated in response. This new passcode is then entered by the user into his PC where prompted and transmitted to SafeSign to authenticate the transaction itself.

Thales and XIRING are now offering customers the chance to take advantage of an integrated EMV package that supports the CAP standard, incorporating EMV smart cards, XIRING card readers and a year’s licence of the Thales SafeSign Authentication Server. The package also includes consulting, installation and training support.

Paul Meadowcroft, head of transaction security at Thales, stated: “As cardholder-not-present fraud continues to rise, the need to identify remote users and authenticate their transactions is rapidly becoming a top transaction security priority for many organisations. Thales SafeSign Authentication Server supports a wide range of authentication tokens and our ability, with XIRING, to authenticate all EMV cards using the CAP standard provides organisations with the ability to apply strong, two-factor authentication to a range of transactions.”

George Liberman, CEO of XIRING, said: “Thales and XIRING work perfectly together to deliver the benefits of the MasterCard CAP standard. Both the Thales SafeSign Authentication Server and our XIRING card readers are compliant with the MasterCard CAP standard, and both provide real flexibility for users. Our card readers will process all EMV cards and the SafeSign platform from Thales is able to authenticate the transaction, regardless of the level of security used. We are sure that the EMV authentication solution that we now offer will shortly be implemented across a wide number of organisations. ”

About Thales
Thales is an international electronics and systems group, serving defence, aerospace, services and security markets. The group employs 61,500 people worldwide and generated revenues of €10.3 billion in 2004.

Operating in three main markets covering e-security, card payment and network security, Thales’ e-security activities address the business, government and finance industries’ need for cryptographic security products and solutions. Over half of the world’s banks, together with the majority of the busiest exchanges, currently use Thales technology. For more than 20 years the company has been at the forefront of security and payment technology, co-operating and contributing to set the industry standards used for financial transactions and e-commerce globally. Thales’ e-security business offers a wide range of security solutions to protect Government and Defence critical information infrastructures, thereby positioning the company as a leading worldwide supplier of certified network security products.

About SafeSign
SafeSign is the first middle office system to offer a strategic approach to identity management and transaction authentication that in turn removes complexity through the use of a single platform between the front and back office. Transactions from multiple trust schemes can be easily integrated and secured, regardless of format or whether from third parties, enabling current investments to be exploited. All transactions, whatever their source, can be authenticated on the single SafeSign platform that is seamlessly integrated with front and back office systems.

About XIRING
XIRING designs, manufactures and markets smartcard based security products and solutions. Through authentication and digital signature it allows private and professional users to secure their electronic transactions. XIRING focuses on remote banking and health care applications and leverages an international network of more than 50 business partners. Six million XIRING readers have been delivered in 30 countries.

For more details: www.xiring.com

Press Contact:
Sharon Brennan
Hotwire
+44 (0) 20 7608 4628
sharon.brennan@hotwirepr.com

Sarah Milligan
Thales e-Security
+44 (0)1844 204181
sarah.milligan@thales-esecurity.com

Press Contact for XIRING:
Shona Clarke
Harrison Cowley
+44 (0)870 606 0960
shonac@harrisoncowley.com

Nigel Reavley
XIRING
+33 (0)1 46 25 80 38
n.reavley@xiring.com