Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

  • TN 1: How to stop ID theft - see below
  • TN 2: How to stop Card-Not-Present fraud over the Internet - see below
  • TN 3: The Stepwise CNP fraud solution: Technical details - see below
  • TN 4: How to implement the Stepwise CNP fraud solution - contact us for confidential copy
  • TN 5: The Stepwise e-voting solution - contact us for confidential copy
  • TN 6: How Stepwise can protect digital IDs in smart phones - contact us for confidential copy
  • TN 7: How the Stepwise CNP fraud solution resists malware - contact us for confidential copy
  • TN 8: Comparing Stepwise with other CNP fraud mitigations - see below
Lockstep TN1 How to stop ID theft (1 4)Lockstep TN1 How to stop ID theft (1 4)

The root cause of most identity theft is the carefree way in which online businesses ask for – and get – our personal numbers. The ease with which numerical identifiers can be taken over and replayed has created a crisis of confidence in authentication and an ever worsening tide of private data being exchanged and exposed. Lockstep’s “Stepwise” enables each unique ID and each transaction to be sealed with two vital pieces of information: (1) the issuer of the ID and (2) the fact that the ID was carried in a particular type of device.

PDF, 56Kb
Lockstep TN2 CNP Fraud (1 2 1)Lockstep TN2 CNP Fraud (1 2 1)

Card-not-present (CNP) fraud is now the most prevalent form of payment fraud. Current strategies to deal with CNP fraud require merchants to ask for increasing amounts of personal detail to try and establish ownership of a credit card. It’s like trying to put out a fire with gasoline. Stepwise on the other hand tells a web merchant everything they need to know, instantly, to be sure that a transaction is valid. It proves that a bona fide credit card was present, and that the credit card details cannot have been replayed by an impostor or simply made up.

PDF, 74Kb
Lockstep TN3 Stepwise CNP Technical Detail (1 0)Lockstep TN3 Stepwise CNP Technical Detail (1 0)

Technical Note 2 explains that Stepwise uses a “capsule” that contains cardholder details and identifies the issuer, and which is loaded onto a smartcard. The capsule is in fact a standard digital certificate customised to carry all pertinent details about the cardholder account needed by a merchant to authenticate a card transaction. The Stepwise certificate is digitally signed by the issuer, and corresponds to a private key held securely inside the smart chip. Thus, any digital signature that is verified as corresponding to a given Stepwise certificate must have been generated by the indicated smartcard, because there will be no other way to invoke the matching private key.

PDF, 384Kb
Lockstep TN8 Stepwise compared with other CNP measures (0 1)Lockstep TN8 Stepwise compared with other CNP measures (0 1)

This Tech Note compares Stepwise to the leading responses to CNP fraud: 3D Secure, Remote Chip Authentication, End-to-End Encryption and Tokenization.

PDF, 46Kb