Last Updated: February 20, 2016
·
652
· tallemd

Tokens

Being in risk consulting one of the job descriptions is to advise customers in how to lower their risk. And this is something I've thought about a lot over the years. From an online accounts perspective one of the major things you can do is get tokens. Most major banks carry these, so do ebay, paypal, and blizzard. I found out about these during a marketing push by ebay about three or four years ago. And since then I've made it a habit to research whether it's available at any given company where I hold an account.

It's actually pretty easy to do the research. You call up the 800 number and ask questions until they get you to the right person. The typical goal is a yes or no answer rather than a maybe, i don't know, or I've never heard of that. It usually takes about 30 minutes. If you get a yes they will ship to you for free what basically amounts to a 20 dollar token. The company usually sees the lower risk profile as a financial gain that is larger than the cost of the 20 dollar token. It's actually a pretty big change. It takes your risk profile which is like say 20% and divides it by 100 so say 0.2%. That's actually a really big change. It basically erases your risk.

Now I've given this talk before to friends and family members and they say well it'll never happen to me. My risk profile is so much lower than that to begin with. And when they have a problem I'm the first person they call. I say, well these are the steps to get things fixed. Also have you given any thought to picking up a token. And the response at that point is usually, I'll take care of it tomorrow. So my advice to you isn't to go out and get a token right this minute because I know my advice will fall on deaf ears. My advice is to simply remember what I said so later on you'll know what to do.

I guess I should include a description of a token. It's a piece of plastic about the size of a thumb drive. You can attach it to your key chain. It displays a 6 digit code. Some have a button you press to display the code. Some always display the code. Some act as a keyboard and you press a button to have it enter to code for you. The code changes every 1-2 minutes. When you want to log in you type in this code in addition to your normal username and password.

They're testing credit cards in Europe and Asia that make use of this technology to generate a different ATM pin every 1-2 minutes. I haven't heard of a time table for the US, but so far they've been testing them overseas for about a year or so.

It's worth noting that paywave credit cards that use rfid chips already have similar technology built in although it's transparent to the customer since the transmission is handled electronically. Wireless car keys and NFC also make use of similar technology.