H-Token Marco Polo Overview

The H-Token MarcoPolo is a high-security storage device equipped with an internal Smart Card and an integrated ID1 contact Smart Card reader. The device allows implementing a bi-directional, end-to-end, encrypted, mutually authenticated, out-of-band channel, between the e-banking server and the device firmware. The secret PIN can be entered directly using a phone-like keypad and the transactions details can be shown and verified on the integrated high resolution color display.

When plugged into a USB port, the on-board software sets up the secure environment for online banking, enabling data encryption, strong authentication and digital signing of documents and transactions.

Back to Top


  • Capacity: 512MB (default), 1GB-4GB
  • Multi-partitioned Flash (CD,R/O,R/W,E,H)
  • AES-256 CBC hardware encryption
  • Anti-Tampering Protection
  • Cryptographic Smart Card Chip (EAL 4+)
  • Bus/Memory encryption
  • Secured against DPA/SPA attacks
  • Integrated ID-1 card slot (A, B and AB cards)
  • Secure PIN entry using the integrated keypad
  • USB 2.0, CE, FCC, RoHS

Back to Top

Dynamic Code Dumping And Patching
mTan & OOB Methods
Keystroke and Event Emulation
Keystroke and Mouse Logging
Static Code Dumping & Patching
Social Engineering & Interface Manipulation
Why Secure Browser?
Screen Capturing
PDF Form Spoofing
Window Overlay and Event Emulation
Session Hijacking


Successful hacking always leverages flaws in both the underlying technology as well as in our understanding of the transaction process. The short videos provided in this section try to fill this gap by describing how typical e-banking sessions are hacked and the key vulnerabilities exploited in each case.

We'd love to hear from you: let us know if you experienced any of such attacks and if you have any others to report.

Back to Top


Achieving good practical security requires the collaboration of informed users: basic knowledge of online security practices can go a long way to avoiding the majority of online frauds. Here you can find some resources of growing complexity to guide you through what our products do and why they provide outstanding practical security.

Back to Top

Hardware Specifications

Size 111mm x 48mm x 11mm
Weight 70g
Display 2" TFT LCD
Display Resolution 176 x 220
Display Colors 262K
Operation Temperature 0°C - 40°C
Storage Temperature -10°C - 70°C
Operation Humidity 30% - 80%
Storage Humidity 20% - 93% (40°C)
Sequential Read Rate 8 MiB/s
Sequential Write Rate 5 MiB/s
Memory Endurance 5000 Program/Erase Cycles
Data Retention JEDEC compliant

Back to Top

Testimonials from our Partners & Customers:

Your products gave me the peace of mind I needed to believe that Internet can still be
a safe place for our business. James Cooley, COO (UK)

The EISST team is the best I have interacted with and your support is excellent.
Jayakaran Paul, Technology Risk Manager, (UAE)

...no other solutions and products can match the range and strength of your protection
mechanisms. Compass Security Audit (CH)

Doing out of band transaction verification with your device provides our most valued
customers with the level of service and security they expect. Hans Bloch, CISO (FR)

Your products provide state of the art protections without losing sight of the need to
keep security usable. James Polster, CISSP (USA)