MasterCard is working with Visa to create a new authentication standard for online payments that will gradually replace the 3D Secure protocol with “invisible authentication”, far fewer prompts for passwords and support for a range of biometric technologies.
The new standard, which could be adopted as soon as 2015, “will be the largest wholesale upgrade to online payment security,” MasterCard says.
“By 2018, payments on mobile devices are expected to represent 30% of all online retail sales,” the payments network explains. “The new standard will move security infrastructure beyond the PC era, supporting emerging technologies and changing consumer needs.
“MasterCard’s approach is to utilise richer cardholder data, which will result in far fewer password interruptions at the point of sale. In the event that an authentication challenge is needed, cardholders will be able to identify themselves with the likes of one-time passwords, or fingerprint biometrics, rather than committing static passwords to memory.”
“All of us want a payment experience that is safe as well as simple, not one or the other,” says Ajay Bhalla, MasterCard’s president of enterprise security solutions. “We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”
The announcement of work on the new protocol follows an investment by MasterCard in wearable biometric device maker Bionym. The company’s Nymi heartbeat verification bracelet is being tested by a number of banks in Canada and, MasterCard says, other pilots designed to commercially test “facial and voice recognition apps to authenticate cardholders” are also in progress.