Community
:-) Getting warmer...
Using VBV is very much like locking your front door but leaving your windows open. I have said this in 2001 to a VISA security executive : "VBV or 3DSecure's weakness is that it requires ALL online merchants to participate in order for it to work".
The solution is quite simple. This really isn't brain surgery.
VISA Card Issuers should enable cardholders to deactivate their card accounts for card not present (MOTO, internet) transactions and activate the card account for each card not present transaction directly with the issuer and preferably using multi-factor authentication (OTP). This direct link between cardholder and card issuer applies a universal security effect. The participation of the entire universe of online merchants would not be needed.
Additionally, cardholders access and control of their card accounts will give more transparency to the process and will open up the communication between cardholders and card issuers (banks). Banks can then re-use the same multifactor authentication method for their online banking. This, in my opinion, is something that bank customers would appreciate nowadays.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Rolands Selakovs Founder at avoided.io
14 February
Sergei Grechkin Chief Risk Officer at AIFM Cayros Capital
Katherine Chan CEO at Juice
Yuval Shuminer CEO at Piere
13 February
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.