Nok Nok & CompoSecure Partner to Take Metal Credit Cards to a New Level
By David Strom
I got my first metallic credit card from Apple a few years ago. I thought it was more a curiosity than anything else. Soon after, my wife got a metallic card from Chase. American Express and Discover have both been making metal cards for years as well. Now, thanks to a partnership between NokNok and CompoSecure, you will see new types of cards that have something besides their outer skin to offer consumers: the ability to include authentication tokens and cold cryptocurrency wallets. (More on that in a moment.)
These first metal cards are either loved or loathed, depending on your point of view. A brief and very unscientific survey among my Facebook friends brought up strong emotions pro and con: because the cards are thicker than plastic ones, they can be more difficult to remove from your wallet, but they also can be more durable. Some of my friends imagined scenarios where the sharp metal edges could be used in various Ninja moves, but these were more fantasies than realized.
Apple’s card – issued by Goldman Sachs – has the feature where every transaction uses a virtual credit card number. This is particularly useful for online payments. You can easily change this number in the Apple Wallet app. And the physical card itself doesn’t have any account number shown. All of this makes it harder for fraudulent transactions and cybercrime, which run more than $100Bn annually according to the IMF.
But let’s look more closely at the authentication feature. What Nok Nok has announced is the ability to share a FIDO-based digital key to serve as an additional authentication factor for multiple logins. Before FIDO, if I wanted to use multi-factor authentication, I had to carry around a set of hardware or software keys, one for each login. What if I could use my smartphone, working in conjunction with my smart credit card, to accomplish a truly passwordless login? That is the vision with the CompoSecure announcement. Consumers can authorize transactions via a variety of methods: a finger swipe, keying in a six-digit PIN, or tapping the card to their phone to enable an NFC-encrypted transaction.
What happens if your card is lost or stolen, along with your phone? Many of us, myself included, have forgone carrying a wallet and just have a couple of pockets on the backs of our phones for cards. The card – and for that matter, your phone is still protected by the PIN. And if you have set up facial or finger recognition on your phone, that will further protect any access if your phone is found. The idea is appealing: one less dedicated piece of hardware to carry around. As Nok Nok’s CEO Phil Dunkelberger said in this interview, “when you ask a customer to carry a separate device or a separate token, very few customers will be willing to go through that process.”
The cold crypto wallet feature is also interesting. What this means is that your crypto assets are not stored online, but on the device itself. These wallets have been available for several years, but again they are yet another thing to carry around and potentially lose. Having a wallet integrated into a smart credit card itself makes a lot of sense. CompoSecure is building this new card/wallet combination with its Arculus project, which should be out in beta later this year. If your card is lost or stolen, you will need to recover it with a series of passphrases (which hopefully you will not store in any online form). If you use a crypto exchange for your transactions, you can use your cold wallet to send or receive funds. Nok Nok said they will be supporting authentication on Arculus as well.
Using a metal credit card to serve as an authentication credential to secure transactions could be a way to move us further away from using insecure passwords, and marrying convenience and better security. I look forward to trying them out.