Mastercard and Visa to kill off password authentication


Sophie Curtis

November 13, 2014

Mastercard and Visa have announced plans to kill off the need for users to enter their passwords to confirm their identity

Mastercard and Visa have announced plans to ditch the need to enter passwords as a means of confirming user identity.

Current systems MasterCard SecureCode and Verified by Visa are both based on the 3D Secure protocol, which was developed by Visa to reduce fraudulent credit and debit card transactions online.

It works by forcing people to enter a password into a pop-up window, enabling the card issuer to confirm their identity before the transaction completes.

Retailers have been encouraged to adopt the protocol as it reduces the number of fraudulent chargebacks – money returned to the consumer from the merchant due to a fraudulent card transaction.

However, it is unpopular with online shoppers, because it requires them to use complex passwords that are easy to forget, and it can be difficult to tell whether the pop-ups are legitimate or fraudulent.

Static passwords are also inherently vulnerable, as they are repeatedly used for authentication and can often be discovered via social media or other means, rendering the consumer subject to fraudulent transactions.

A new invisible authentication system aims to tackle some of these issues by reducing the reliance on passwords as a means of verifying identity.

In the event that authentication is needed, cardholders will be able to identify themselves with the likes of one-time passwords or fingerprint biometrics, rather than committing static passwords to memory.

Mastercard is also piloting commercial tests for facial and voice recognition apps to authenticate cardholders, and conducting trials of a wristband which authenticates a cardholder through their unique cardiac rhythm.

“All of us want a payment experience that is safe as well as simple, not one or the other,” said Ajay Bhalla, president of enterprise security solutions at MasterCard.

“We want to identify people for who they are, not what they remember. We have too many passwords to remember and this is creates extra problems for consumers and businesses.”

The new protocol could be adopted in 2015 and will gradually replace the current 3D Secure protocol.

Great ! Thanks for your subscription !

You will soon receive the first Content Loop Newsletter