Gift cards are quickly becoming an extremely popular retail payment option, but the traditional analog cards suffer from a lack of security when used for e-commerce.
The card itself becomes virtually irrelevant, with the number—which can be guessed or hacked into—the only means of identifying the card. Customers who purchase cards that have already been emptied of their value—presumably fraudulently—usually have little recourse, beyond blaming the retailer.
Imx Solutions, however, announced July 5 a new approach to digital gift cards, with an eye on security. The Los Angeles company says the product is initially being used by Sears, Kmart and CompUSA, as well as televisions Ultimate Shopping Network.
The Imx approach uses a two-factor authentication approach—aka the “something you have and something you know” tactic. The “something you have” is a credit-card-sized CD. Somewhere on that CD—or near it, in the CDs packaging—is a PIN associated with that card. The PIN is typically be hidden until the purchase is made, and often will be visible when, for example, a protective coating is scratched off, said Imx Sales/Marketing Director David Farris.
But the “something you have”—the CD—also takes a page from the one-time-password-issuing devices because it has a series of encrypted codes on it that need to match up with a list of encrypted codes on an Imx server, and the correct code “changes twice a minute,” Farris said.
When a customer installs the mini-CD into a computer, it first plays a multimedia advertisement while the card connects with the server and tries to authenticate the customers card.
The cards boast both storage and stored-value capabilities, and Imx is pushing them as a multimedia advertising vehicle.
But the nature of the mini-CDs also has the potential for adding both additional security and CRM capabilities. That is true in the sense that they can capture and transmit IP address information (for additional identification of the user) along with potentially information about what the user is clicking on in the e-commerce site and possibly even where the user visited before and after going to the site.
Farris said his people have considered such possibilities, but noted that different customers of theirs will use different capabilities and that various states, cities and countries have conflicting privacy rules about such data acquisition.
This raises the issue of the morphing of another retail POS (point-of-sale) and/or marketing tool. Will the digital gift card morph with the credit card and the loyalty card? Could a contactless payment card communicate and share data with a wireless-equipped digital gift card? How will the new revelations about RFID Gen3 impact all of this?
In the same way that smart phones (which themselves are the morphing of cell phones and PDAs) are turning into personal POS systems, able to interact with vending machines, ATMs and cash registers, will gift cards and credit cards evolve in the next two years into something unrecognizable to us mere mortals from 2006?
Evan Schuman is retail editor for Ziff Davis Internets Enterprise Edit group. He has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop anytime soon. He can be reached at [email protected]
Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.