Mastercard And Visa To Kill Off Password Authentication

Mastercard and Visa have announced plans to kill off the need for users to enter their passwords to confirm their identity

Mastercard and Visa have announced plans to ditch the need for customers to enter passwords as a means of confirming their identity.

Current systems – MasterCard SecureCode and Verified by Visa – are both based on the 3D Secure protocol, which was developed by Visa to reduce fraudulent credit and debit card transactions online.

It works by forcing people to enter a password into a pop-up window, so that the card issuer can confirm their identity before the transaction completes.

Retailers have been encouraged to adopt the protocol as it reduces the number of fraudulent chargebacks – money returned to the consumer from the retailer due to a fraudulent card transaction.

However, it is unpopular with online shoppers, because it requires them to use complex passwords that are easy to forget, and it can be difficult to tell whether the pop-ups themselves are legitimate or fraudulent.

Passwords are also inherently vulnerable, as they are repeatedly used for authentication and can often be discovered via social media or other means, rendering the consumer subject to fraudulent transactions.

Mastercard and Visa’s new ‘invisible’ authentication system, called 3D Secure 2.0, aims to tackle some of these issues by reducing the reliance on passwords as a means of verifying identity.

In the event that authentication is needed, cardholders will be able to identify themselves with the likes of one-time passwords or fingerprint biometrics, rather than committing static passwords to memory.

Mastercard is also piloting commercial tests for facial and voice recognition apps to authenticate cardholders, and conducting trials of a wristband which authenticates a cardholder through their unique cardiac rhythm.

“All of us want a payment experience that is safe as well as simple, not one or the other,” said Ajay Bhalla, president of enterprise security solutions at MasterCard.

“We want to identify people for who they are, not what they remember. We have too many passwords to remember and this is creates extra problems for consumers and businesses.”

The new 3D Secure 2.0 protocol could be adopted in 2015 and it is hoped that it will gradually replace the current 3D Secure protocol.

Commenting on the news, Marta Janus, security researcher at Kaspersky Lab, said that – if implemented properly – the new protocol will not only be more convenient for users, but also much more secure.

“It’s pretty well known that passwords are severely flawed: weak ones are easy to remember and easy to guess; strong ones are hard to guess, but hard to remember,” she said.

“One time passwords are already widely used and considered much safer than traditional ‘fixed’ passwords … combined with biometric checks, this will certainly make a strong alternative to any existing authentication method.”

TG

Posted by Rohan Kar for Android

Advertisements

About lankapage

We are an online publication (Educational Purpose Blog) made up largely of what we call “disintermediated” news – that is news without a spin put on it by a journalist, published as it’s delivered to Lankapage. All copyrights belong to their respective owners. Images and text owned by other copyright holders are used here under the guidelines of the Fair Use provisions of United States Copyright Law. Images and text are used here only for the education purpose and are not intended to generate income for the blog, its employees, or its students. That makes us unique. All content is delivered to you as the writer or producer intended — leaving only you to make judgments about what you read or watch, not us.

Posted on November 15, 2014, in Sri Lanka. Bookmark the permalink. Comments Off on Mastercard And Visa To Kill Off Password Authentication.

Comments are closed.

%d bloggers like this: