Though the PIN number has long been relied on as a key
element in payment card security its effectiveness is now seriously
in doubt. Steve Howes, CEO of GrIDsure, discussed with EPI an
alternative to the PIN developed by his company that is
increasingly attracting big-name adopters.

Amid a plethora of solutions making their appearance on the online
security scene, one product is attracting a growing number of
big-name adopters such as Microsoft and earning for its developer
GrIDsure accolades for its simple effectiveness.

Intended as a replacement for PIN numbers, UK developer GrIDsure’s
solution struck a particularly strong note with IT research and
advisory firm Gartner – which last year featured GrIDsure among its
“Cool Vendors in Application Security and Authentication”.

Adding to its reputation, GrIDsure’s solution found itself
highlighted by the BBC as being amongst the top-five security
innovations showcased at the Infosecurity Europe exhibition held in
London in April this year.

“The solution’s appeal lies in its elegant simplicity,” Steve Howes
a joint founder and CEO of GrIDsure, told EPI.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Electronic Payments International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Random numbers

The GrIDsure security solution comprises a box grid, usually in a
five-by-five configuration with a total of 25 cells making up the
box. Instead of choosing and remembering a four digit PIN the user
is required to choose and remember a pattern or, as GrIDsure terms
it, a personal identification pattern or PIP. Howes noted that on a
25 cell box grid there are 390,625 four-cell PIPs available. By
contrast, when four-digit PINs are used there are just 10,000
combinations.

Each time the GrIDsure system is used a grid appears on, for
example, a user’s computer screen or an ATM’s screen, with a random
number in each cell. The user then reads the numbers in the pattern
and sequence registered and he or she has will have a unique,
one-time code number to use.

The advantages of GrIDsure compared to PINs are numerous, said
Howes. From a memorisation perspective, studies have shown that
individuals have a far greater ability to remember patterns than
numbers, he continued. Peoples’ ability to recall patterns was
demonstrated in a study conducted by University College London’s
Computer Science Department on behalf of GrIDsure.

For the study, 50 people of varying age and ability were chosen and
a standard five-by-five grid was used. After first usage of the
system checks were taken at varying periods and pattern
recollection dates were found to be high. For example, the
recollection success rate averaged 92.6 percent after 36.9
days.

From a security perspective a study conducted by a University of
Cambridge mathematics professor, Richard Weber, found that GrIDsure
appears to be about 100 times more secure than a traditional
PIN.

Increased security can be achieved with the GrIDsure solution by
combining it with a user’s mobile phone, said Howes. The grid is
generated on the user’s phone as a Java applet and then typed onto
the keyboard being used, eliminating the danger of screen capture
and creating a true two-factor security solution.

Meets the three requirements

Ideally, said Howes, a security solution must have three key
attributes: a high level of security, ease of use and low cost of
implementation. GrIDsure fulfils all three, he said.

The advent of GrIDsure’s solution comes at a time when banks are
wrestling with soaring card losses from fraud and customers are
growing increasingly dissatisfied with security solutions being
offered to them.

Given the harsh economic climate banks are becoming more conscious
of the cost impact of card fraud, said Howes. For customers the
result has in many instances been the imposition on them by banks
of increasingly complex security procedures.

“They are throwing technology at the [security] problem and in many
instances putting people off from using the online channel,” said
Howes.

He continued that banks are getting a lot of negative feedback from
customers issued with two-factor security solutions such as card
readers. Also creating negative customer reaction is the
over-sensitivity of banks’ security systems which is, said Howes,
resulting in customers being increasingly contacted to verify
legitimate transactions.

“I have personally had a card blocked for 24 hours after I executed
a transaction,” said Howes. At fault was over-sensitive geolocation
security.

“People have had enough of complexity and it is forcing the banks
to rethink their approach,” said Howes.

Increasing adoption

Adoption of GrIDsure’s solution is “gaining momentum fast,” said
Howes. “There is massive interest in the corporate world where the
solution is being adopted as a cost-effective and far more secure
alternative to security tokens.”

While no banks have yet adopted GrIDsure for customer use, one
European bank has been using it for 18 months for three internal
projects, said Howes.

“By year-end it is likely that they will be using it for online
transactions,” he added.

Notably, among recent adopters of GrIDsure is Microsoft, which has
selected it for its Intelligent Application Gateway, a solution
that provides secure remote access to corporate networks for remote
employees and business partners.

GrIDsure is also partnering with US technology developer Quest
Software which is offering GrIDsure’s solution as an alternative to
users of its two-factor Defender identity security products. Quest
has 300,000 Defender users in sectors such as health care and
financial services.

For good reason, it seems, Howes believes GrIDsure represents a
major step forward in the quest for enhanced security.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up