A code card is used mostly in online banking
, for authtentication and security purposes. This simple, yet very effective, system has proved to be more flexible and less complicated than other online banking security solutions. The system works with a random number sequence
, only known by two sources. One source is the bank's secure computer system, the other is the private code card issued by the bank. The authentication
will only work if the challenged part (The one initiating the request) can respond correctly to the challenge
(i.e. enter the right number asked for). The number entered is the compared to the one in the database, and access allowed if the number is correct. The secure computer will also refuse the same number sequence again, so the code can't be used more than once. This is somewhat the same principle as the one time pad
The system works like this: When starting an account, the online system is activated, and you recieve a card with some number sequences. When using the Internet to access your account, the browser establishes an SSL connection to the bank's server. You are then asked to enter your account number or customer number and then enter your PIN. Then you receive two choices, either to block a stolen code card or to enter the number next to the one displayed. If the entered number is correct, access is granted. If not (after three tries), the account won't be accessible from the net for a while. When you run short on numbers, the computer sends a new card automatically.