Mastercard opts for mobile authentication
MASTERCARD IS HOPING to thwart fraudsters with the launch of a mobile based two-factor authentication system.
The system forms part of the association's Chip Authentication Program (CAP) that will allow punters to verify their banking and online transactions through their mobile phone rather than having to use a dedicated token or personal card reader.
There are two versions of the application. The first uses text messages to send a verification password that the user will have to enter within a certain timeframe in order to authenticate an online purchase or mobile banking activity.
The second version is an application designed to run on smartphones or other Java compatible devices. In this case the cardholder is prompted to key in a PIN and then a dynamic password is generated
"The simplicity of this approach may be evident but the innovative proposition and the suite of solutions that we have now in place with our partners provides a sophisticated and unrivalled offering to our bank customers" said Art Kranzley, chief emerging technology officer, advanced technology, MasterCard Worldwide.
With figures showing that online banking and ecommerce fraud is on the rise, Mastercard hopes that this system will help counter phishing and man in the middle attacks, while removing some of the inconveniences associated with having to use a separate device such as a token. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
This strategy is only safe if it is used by a minority of punters within an evironment of punters not using it and if participants cannot be identified.
If everyone uses it or thieves can tell who uses it they know they must take your card and your mobile phone to get your money. Which obliges those of such an entrepreneurial disposition to resort to means like armed robbery or hostage taking rather than simple pick pocketing to get the goods and the punter ends up running risks to provide the card provider with less risk.
Why would you want to do that?
In any case, people will just go for a card service that doesnt make you jump through hoops like a dickhead every time you want to buy something.
Real time biometrics is the only way, incorporating body integrity scans preferrably, its amazing what you can do with a stanley knife and a bath tub.
What!? Frikkin laser beams dont grow on trees you know!
Bank of America has been doing this for over a year already. Any time you log in to online banking, you can have them txt msg a passcode to you that must be used in addition to your PIN to access the acct. You only have 2 mins before the passcode expires. Nothing is 100% secure but its an easy way to add security
the message doesn't contain transaction details. How much and to who. Authenticating login helps nothing.
Have you seen PalmTree Technology's cool security ?
You don't need a token - your device(phone/laptop/pc) is the second factor and you don't need to send an sms. This is the future of online security!!!
Would be useless if the thief does some researching on the net. He would not require to steal your phone as he can easily clone it to receive the SMS and run away with the loot.
Alternately, what can be done is have the secondary password split up, with the first half or the second half of password predecided by you, and the server only sends the remaining random other half. Thus, even if someone actually manages to steal or clone your phone, he still has only half the information!!!