Pain points

Payment card fraud costs the global economy approximately $27.85 billion in a single year, and this is projected to rise to $40.63 billion by 2027, according to The Nilson Report. In addition, information theft incidents continue to occur in the secure digital authentication process, such as a short message service (SMS) for one-time passwords, (OTP) for bank account transfers, and PINs for identity authentication.

Card Not Present (CNP) Fraud is rapidly increasing

Card Not Present (CNP) Fraud is rapidly increasing

CNP Fraud is rapidly increasing globally through online and offline transactions where static values such as ID/PW account information and card numbers are exposed. To prevent this, an average of 21 passwords are used per internal employee, and 50% of the work at the Company Help Center is to reset passwords.

Inconvenience of Hardware OTP and Security Vulnerability of Digital OTP

Software OTP, short message service (SMS), email and biometrics are replacing hardware OTP tokens to elicit a convenient user experience. However, it is still difficult to completely replace hardware OTP, since it is free from external cyber-attacks by being disconnected from the network.

Problems persist

Many technologies have been introduced to resolve issues associated with static values and the contactless payment system (Tap to Pay) market is steadily growing. However, the risk of sniffing attacks during card cloning and NFC communication continues, and there is no complete solution for both online and offline.

Absence of Integrated Card product covering every function - payment, access, identification, login etc

Despite the inconvenience of carrying more than 3.5 cards per 1 person for payment, identification, and access purposes, there is still no multi-purpose integrated card. The current trend is to handle multi-functions within mobile. This however adds to issues related to the centralization of information in mobile phones.

The solution

Through the patented One-Time Authentication Code (OTAC) algorithm, you can generate your ID/PW and your card number with dynamic codes even in the off-the-network environment without the need for any additional infrastructure. If the OTAC applet is embedded on your everyday credit/debit card, your card can perform not only payment functions, but also access authentication and financial transaction authentication. It can also be used in system login and identity verification, since the IC chip card can be connected to your smartphone and access devices via NFC.

  • OTAC card numbers change constantly without a network connection.
  • The dynamic card number has 0% possibility of duplication with others.
    (the quantum random number generation can be duplicated.)
  • It can recognize the card holder with the dynamic card number only.
  • All of the above is possible without changing the existing payment infrastructure.
  • OTAC Applet size is just  10KB, installed in wherever Smartcard chip can go

> Read our 'Toss Bank' case study here


OTP v1-1

Card tapping mobile OTP
(Payment + mOTP Combi Card)

With swIDch's card tapping mobile OTP (one-time password), the hassle of carrying a separate device is reduced and the security of hardware remains strong against cyber attacks.

It is embedded in the form of an applet on the IC chip. A card with OTAC applet embedded generates the first OTAC through communication with the smartphone NFC. Since the first code generated from the card is changed into a second ‘OTAC’ via the application, there is no risk of sniffing, something that can occur during standard NFC transactions.

OTAC-based card tapping mobile OTP is added to a debit card, so you can use high value remittance services simply by tapping the card on the back of your smartphone. It means that there's no need to issue an OTP device only for two-factor authentication (2FA). Above all, it provides a safer financial security environment by preventing incidents that may occur when using the existing mobile OTP, such as an incident in which a smartphone is remotely controlled by malicious code and a large amount of money is transferred.

All-in-one Card

All-in-One Card

swIDch provides an all-in-one simple card and integrated security authentication service that enables your payment, financial transaction authentication, access authentication, and app/web login by simply embedding the OTAC applet. What if one card could be used for a variety of purposes, including access card, ID card, membership card, and even payment? Carrying multiple cards is no longer necessary. Payment, access, system login, Advanced-OTP, you name it. You can be assured of greater convenience and security via multiple features in one card.

Numberless Card

Numberless Card

A physical payment card holds information, such as 16 digit numbers
on the front, expiry date and the three digit card verification code on
the back. The challenge with the current method is that these
numbers are static. They don’t change. Sure, we can issue a new credit card
with the new details every single week, but do we? Of course not.

swIDch’s numberless card does NOT contain any card details written
on the physical card. Instead, you will use secret card details that
dynamically change every time you try to use them, provided by an
OTAC algorithm embedded in the card, which means the numbers
will not be reused.

Offline payments

The card functions in exactly the same way
as any other cards that we use today do - Chip & PIN or contactless.

Online payments

OTAC integrated banking apps will allow users to be able to
generate one-time dynamic card numbers, expiry dates and
CVV/CVCs. These dynamic card details can be used in ANY
e-commerce payment pages around the world.

Biometric Display Card

Biometric Display Card

Many consumers demand a payment method that is as easy
to use as it is secure, without the need to use banking apps every time to pay for shopping. swIDch solves this problem with its Biometric Display Card.

swIDch’s Biometric Display Card gets activated with the user’s
fingerprints only. Once the user scans his or her fingerprint, the display
on the card will show a one-time dynamic card number, expiry date and CVV number.

This product is unique. There are cards with the biometric facility,
but ours is the only one anywhere in the world that has both the
biometric facility and the dynamic number regeneration algorithm built
into the card.

Virtual Card & Corporate Card

Virtual Card & Corporate Card

Some people don't want to use new card details every single time.
If you're with the swIDch, you don't have to.

We provide Virtual Card solutions to businesses where their users can
generate virtual cards to be saved on mobile wallets or on a web browser.
Upon generation of a virtual card, users can specify the merchants,
budget and even the expiry dates. Complete control and personalisation.

The best part of swIDch’s virtual card is that the user can generate
virtual cards as many times as they want. As a result, it is easy to be shared
with a number of different users in a most secure way.

A fantastic example of this is a parent creating a virtual card for their child
which can then be saved on their mobile wallet. This will give the parent
control over the usage and spending.

These features can be furthered into Corporate Cards.
Now dedicated account managers of the partner corporations can create
virtual cards for their employees on-demand, as many as they want,
all by themselves. Banks no longer need to spend a lot of resources in
issuing every single corporate card for each employee within its corporate clients.

Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
Sufficient to IDENTIFY user
DYNAMIC Authentication code
that does NOT duplicate
Uni-directional authentication
in off-the-network environment

OTAC is a dynamic code, which means the code keeps changing. As a result, you don’t need to worry about any leak of your personal information, such as
your card details, because the codes must have already been changed when others try to use them.

The network connection is NOT necessary at all for generating OTAC.

Reducing an authentication stage that requires the network connection directly means there are fewer gateways for
the hackers
to access our personal information.

Moreover, this feature enables users
to authenticate even when they are
in networkless environments, such
as on the plane, underground, rural or foreign areas.

swIDch can guarantee that the code never duplicates with anyone
at any given moment.

There is NO chance of someone else having the same code.

The users or their devices can be identified with the code alone.

Once OTAC has been generated, providing OTAC alone is already fully sufficient to identify the user as the code is unique.

It means, you can forget about the bundles of static information including IDs and passwords.