What does Secoder procedure actually mean?
The Secoder standard was specified by the German banking industry.
The aim was to define a simple chip card reader that is primarily optimized for online banking so that online transactions can be made even more secure by visualizing data on the card reader’s display.
Chip card readers with display and keypad enable clear visualization and explicit confirmation of transaction data. For example, the recipient account number and transaction amount are shown on your own display. Together with the secure PIN entry, this results in a significant security gain in online banking, as, for example, manipulation by man-in-the-middle attacks that are very difficult to detect can be detected immediately, because the display is always independent of the display on your PC monitor and therefore cannot be manipulated by Trojans or phishers.
Functions
- Wired chip card reader with display and pinpad
- Special filter rules for card access (a kind of hardware firewall)
- To make full use of the secoder in online banking (display of transaction data), the data center must support the reader on the backend side
- Can be used for HBCI / FinTS, electronic signature, GeldKarte and TAN generation
- Only PC/SC 2.0 Part 10 support, no ZKA-SIG-API!
- Optional: Firmware update
What’s new with the Secoder 2 process?
With Secoder 2 procedures, the reader also only accepts certified software updates. A user can therefore be sure that only the displayed transaction will be released by him and that a hacker will therefore not be able to pass on any other data.
The patented Secoder 2 process is the German banking industry’s highest security standard for chip card readers and transaction security.
Relevant new functions in Secoder 2.1 vs. Secoder 1.2
- With ZKA cards, the PIN can no longer be sent to the card from the PC; secure PIN entry at the class 3 chip card reader is now mandatory.
- Transaction data can be visualized in advance on the display of the chip card reader.
- As an option, RFID chip card readers can now also be used for the eID function of the new ID card.
- If the Secoder 2.1 function is loaded into the chip card reader, it can no longer be removed from the chip card reader. Only secure smart card reader updates of the Secoder 2.ff version are possible.
To summarize:
- Raising the security level to rule out possible attacks in principle.
