The credit-card sized device emits beeps which, when the card is held next to aPC microphone, identify you to the bank

By Natalie Soh

A STRING of ultrasonic beeps may be the key to safer Internet banking or online shopping in the future.

Small enough to slip into a wallet, one of the beepcard's advantages over other forms of security hardware on the market is its portability. -- STEVEN LEE

The sounds are generated by a card, that looks just like a credit card and fits into your wallet.

The difference is, this 'beepcard' has its own mini-computer, a paper-thin battery, and a device to make the sounds, all embedded within the small frame.

And unlike other security software and devices, the beepcard is easy to use, relatively inexpensive and hard to crack.

Mr Andy Ng, managing director of Push Consulting, which is trying to get the card accepted here, said: 'It acts like an extra verification for, say Internet banking, or online shopping.'

The way it works is, after entering your usual personal identification number (PIN) and password to log in, the bank's site prompts you to squeeze your card, while holding it next to your computer's microphone.

'On most laptops, it's either on the side of the computer or near the keyboard. But you can buy a microphone and plug it in for two or three dollars,' Mr Ng explained.

The sounds the card emits contain encrypted information about yourself, and a randomly generated number.

Each time you use it, the number changes. The bank will have software to predict which number goes with which card, so it can verify that it is the right person asking for transfers or shopping online.

Just a few months ago, a thief stole Internet passwords and IDs and siphoned off about $62,000 from 21 DBS and POSBank accounts through the Web. Within hours, he had skipped town.

Many still have jitters about online banking, and security provided by firewalls and other software comes at a price.

Mr Ng said: 'The main thing about the beepcard is that it's very easy for the layman. No extra PINs or clunky, complex plug-in hardware like smart-card readers.'

'You just hold your card to the mike and squeeze.'

And because the data in the beeps changes every time you use it, attempting to record the sounds and fake the audio signature is not going to help crack the system.

'The bank's system is already expecting the next sound with the next random number, so you can't use a pre-recorded series of sounds,' said Mr Ng.

And if a crook steals your card? Just cancel it, says Mr Ng. 'Besides, he doesn't have your PIN or password. It's an extra layer of security.'

Because of the way the card is manufactured, any attempts to pry it apart to steal the embedded codes will break the chip, again rendering it useless.

It will cost about US$10 (S$17.50) to issue a card to a customer, comparable to current smart-cards with chips, said Mr Ng.

'But besides being an extra layer of security, if you wanted, you could emboss the card and add magnetic stripes, and you'd get a credit card too.'

The four-year-old technology has been implemented by banks and stockbroking houses in Japan and Israel.

And while bankers here consider the new beepcard, The Straits Times asked Mr Calvin Yap, an IT security consultant, to test the card.

Mr Yap said: 'I like the idea that it's easy to use. I have examined other types, whether they issue a token with a random number that changes every 60 seconds, or a smart-card reader, or biometrics where they can scan your fingers, palms or eyes.

'Besides being expensive, they require extra software or hardware.'

And what of the beepcard? 'It's built on state-of-the-art technology, and they have ensured that the card cannot be tampered with. So it's very promising,' said Mr Yap.