Sunday 23 October 2016 | RSS


    MasterCard and Visa to create new security standard to replace passwords for online payments

    MasterCard is working with Visa to create a new authentication standard for online payments that will gradually replace the 3D Secure protocol with “invisible authentication”, far fewer prompts for passwords and support for a range of biometric technologies.

    Visa and MasterCard logos

    The new standard, which could be adopted as soon as 2015, “will be the largest wholesale upgrade to online payment security,” MasterCard says.

    “By 2018, payments on mobile devices are expected to represent 30% of all online retail sales,” the payments network explains. “The new standard will move security infrastructure beyond the PC era, supporting emerging technologies and changing consumer needs.

    “MasterCard’s approach is to utilise richer cardholder data, which will result in far fewer password interruptions at the point of sale. In the event that an authentication challenge is needed, cardholders will be able to identify themselves with the likes of one-time passwords, or fingerprint biometrics, rather than committing static passwords to memory.”

    “All of us want a payment experience that is safe as well as simple, not one or the other,” says Ajay Bhalla, MasterCard’s president of enterprise security solutions. “We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”

    The announcement of work on the new protocol follows an investment by MasterCard in wearable biometric device maker Bionym. The company’s Nymi heartbeat verification bracelet is being tested by a number of banks in Canada and, MasterCard says, other pilots designed to commercially test “facial and voice recognition apps to authenticate cardholders” are also in progress.

    • Sam

      I think it should read in the first paragraph – “….will gradually replace the static password authentication with “invisible authentication”, far fewer….”
      3-D Secure is a set of protocol specifications, that does not necessary restrict itself to conventional ‘secret’ password.

    More headlines...