Thursday, 13 November 2014

Mastercard and Visa to kill off password authentication

Mastercard and Visa have announced plans to kill off their respective online authentication systems – MasterCard SecureCode and Verified by Visa – and replace them with a new standard called SafetyNet

MasterCard SecureCode and Verified by Visa are both based on the 3D Secure protocol, which was developed by Visa to reduce fraudulent credit and debit card transactions online

It works by forcing people to enter a password into a pop-up window, enabling the card issuer to confirm their identity before the transaction completes
Retailers has been encouraged to adopt the protocol as it reduces the number of fraudulent chargebacks – money returned to the consumer from the merchant due to a fraudulent card transaction
However, it is unpopular with online shoppers, because it requires them to use complex passwords that are easy to forget, and it can be difficult to tell whether the pop-ups are legitimate or fraudulent
Static passwords are also inherently vulnerable, as they are repeatedly used for authentication and can often be discovered via social media or other means, rendering the consumer subject to fraudulent transactions
The new SafetyNet authentication system aims to tackle some of these issues by reducing the reliance on passwords as a means of verifying identity
In the event that authentication is needed, cardholders will be able to identify themselves with the likes of one-time passwords or fingerprint biometrics, rather than committing static passwords to memory
Mastercard is also piloting commercial tests for facial and voice recognition apps to authenticate cardholders, and conducting trials of a wristband which authenticates a cardholder through their unique cardiac rhythm.
“All of us want a payment experience that is safe as well as simple, not one or the other," said Ajay Bhalla, president of enterprise security solutions at MasterCard
"We want to identify people for who they are, not what they remember. We have too many passwords to remember and this is creates extra problems for consumers and businesses."
The new protocol could be adopted in 2015 and will gradually replace the current 3D Secure protocol
Next article Next Post
Previous article Previous Post