9:27 p.m. EST, March 4, 2012
By Walter Pacheco, Orlando Sentinel
A Melbourne company is sandwiching tiny circuits inside credit card-like devices to help everyone from social-media users to high-security businesses combat the rising onslaught of identity theft and fraud.
“This type of technology is an evolutionary step in security because it consolidates multiple accounts on one card,” said 51-year-old Mark Poidomani, CEO of SurePassID. “It combats fraud because it uses information unique to you at a particular time.”
Poidomani, a security expert with more than 25 years of experience in the information and authentication technology industry, founded SurePassID in 2009.
Officials at high-security businesses already use the cards to access sensitive areas in buildings and highly protected information, such as member account numbers, networks and other data.
Poidomani’s goal is to provide consumers with portable and unobtrusive technology that adds a unique layer of security to personal online accounts beyond a username and password.
SurePassID accomplishes that task with flexible plastic devices that are the same size and thickness of a credit card, and integrated with an E-Ink display on the upper right corner of the card. That display shows a random two- to eight-digit number generated at the touch of a button embedded on the device.
“The number can’t be used by scammers because it’s a one-time password,” Poidomani said. Since the number refreshes quickly, it prevents skimmers from using it to make a fraudulent purchase, he said.
Devices such as fobs and tokens have provided the same protection for years, but they are often clumsy and bulky.
The company developed the delicate circuitry inside the cards. The tiny battery that powers the card is designed by Solicore in Lakeland. The cards are manufactured mainly in China and Taiwan, with a secondary plant in Tampa.
SurePassID is privately owned and employs four people, including Poidomani.
Quality assurance tests are performed by RTP Systems Inc. in Melbourne.
SurePassID charges consumers $12 for the card and a $1.99 monthly fee for the authentication service, Poidomani said. The company also has mobile apps and text messaging services that forward secure passwords to a user’s smartphone.
Electronic cardholders use the device as they would a credit card or bank card.
After the user or cashier runs the card through a reader at the register or on an e-commerce site, the cardholder enters their personal pin number on a pad followed by the randomly created sequence on the E Ink display to complete the purchase.
Bank of America, Citibank, and other financial institutions already provide the technology in one form or another.
Poidomani, whose experience includes servicing high-profile companies such as Charles Schwab and PayPal, said SurePassID is discussing partnering with local and out-of-state financial institutions interested in adopting the technology for their members.
“We’re planning a rollout of the technology in China,” Poidomani said. “[The Chinese] take fraud really seriously. They’re not so casual about their personal information as we are here.”
A 2012 report by Javelin Strategy & Research shows that identity theft and fraud is growing rapidly among social media users who post personal information online — data often used by financial institutions to verify a person’s identity.
Social media users can also use the cards as an alternate form of authorization to log into their Facebook accounts.
Once a user changes their settings to OpenID authorization, Facebook directs them to another site where they enter the number generated by the card. If it’s approved, the site redirects the user to Facebook.
Companies such as Google, MySpace, PayPal, VeriSign, LiveJournal, and Yahoo accept OpenID verification.
“Consumers need to embrace this type of security, and I think they are willing to pay for it,” Poidomani said. “I don’t think they know how wide open they really are.”