PHOENIX — As computer hacking is becoming an increasingly more common threat to online retail, a Valley start-up says it’s working on a solution to make online shopping safer.
uQontrol is a Chandler-based company that announced the launch of its first product this week, called the Qkey, which aims to make online shopping act a bit more like traditional retail, according to Christopher Maus, the company’s founder and CEO.
“Qkey is a high-level security device for consumers to function much like the chip and PIN card that consumers are receiving for brick and mortar purchases or retail purchases,” he said.
The Qkey is a key-sized chip that stores its user’s payment or any other sensitive login information so that the corresponding data is kept offline and therefore away from where hackers can access it, Maus said.
Adding a physical element into the online payment process helps ensure that only someone with the Qkey in hand and the right passwords can make a transaction, according to the company.
“The mechanism of all security is that you have some physical part of that control, whether it’s cars (or) whether it’s keys,” he said. “On the Internet it doesn’t work that way, it’s what we call virtual security, meaning you trust that (a website’s) firewalls will hold up and that’s why everything is crumbling right now.”
When users want to make an online purchase, Maus said they plug the Qkey into their computer’s USB port and only after several security steps can their sensitive information be used to make purchases.
First, users must gain access to a secure browser that is used by Qkey and protected by a master password.
“You enter your password to get into the browser — it’s just one password, just like you do with a computer to get in — and now I open up the browser and I shop like I normally do,” he said.
When ready to check out, users then pair the Qkey to their smartphone for an added layer of security, Maus said.
“I choose my card and my phone buzzes … you pick it up (and) there’s a PIN number,” he said.
That PIN number is an OTP, or “one time pin” according to Maus. Once the PIN number is correctly typed into the phone, the user must physically tap the Qkey to finalize the transaction.
“Again, just like retail,” he said. “Card inserted, then (PIN) entered, accept by clicking the button … we do it every day, every time you make a card purchase.”
Maus said hackers commonly attack data stored in web browsers and use keystroke loggers to steal passwords and credit card information, so by keeping data offline and completing transactions without using keystrokes helps to keep users more secure.
If users lose their Qkey, Maus said the device can even be set to lock down after a certain number of failed password attempts.
The company is currently taking preorders for the Qkey, which will last about a month, and then expects to begin fulfilling those orders in the 120 days following the end of the presale.