MasterCard and Visa have collaborated to create a new authentication system that would cease the need for customers to enter passwords as a means of verifying their identity when making online payments.
MasterCard and Visa’s current online authentication systems dubbed ‘MasterCard SecureCode’ and ‘Verified by Visa’ respectively are based on the 3D Secure protocol, which require users to enter a password to get their identity confirmed by the card issuer in order to make online payments.
The duo claims that the new ‘invisible’ authentication system, dubbed ‘3D Secure 2.0’ will remove the need of passwords while still retaining a perception of security.
The Payment providers claim that using the new security protocol cardholders will be able to get their identity authenticated using one-time passwords or fingerprint biometrics instead of complex passwords.
MasterCard revealed that it is conducting trials of a wristband which authenticates a cardholder through their unique cardiac rhythm and that it is also piloting voice and face recognition systems as a means of authentication.
“All of us want a payment experience that is safe as well as simple, not one or the other,” said Ajay Bhalla, president of enterprise security solutions at MasterCard.
“We want to identify people for who they are, not what they remember. We have too many passwords to remember and this is creates extra problems for consumers and businesses.”
The new Mastercard/Visa standard is expected to get commercially adopted in 2015 and gradually replace the current 3D Secure protocol.
The announcement follows a recent research study which stated that payments on mobile devices are expected to account for 30 percent of all online retail sales by 2018.
Many people shout that the password is dead or should be killed dead. The password could be killed only when there is an alternative to the password. Something belonging to the password ?PIN, passphrase, etc? and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password. Neither can be something that has to be used together with the password (biometrics, auto-login, etc).?Claiming that some of them can kill the password is like claiming to have found a substance that floats in the air and yet sinks in the water.?
What can be killed is the text password, not the password. At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on
average. What worries us is not the password, but the textual password. The
textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.