MasterCard says a forthcoming wholesale upgrade of the 3DSecure protocol for authenticating online transactions will pave the way for the introduction of more secure biometric and token-based prompts and the ultimate eradication of static passwords.
MasterCard has been working with Visa on the new authentication standard, '3DS 2.0', which will utilise richer cardholder data and result in far fewer password interruptions at the point of sale. In the event that an authentication challenge is needed, cardholders will be able to identify themselves with the likes of one-time passwords, or fingerprint biometrics, rather than committing static passwords to memory.
Under the plans, Visa will maintain sole ownership of the 3DS 1.0 protocol (including all intellectual property and management of the current 3DS 1.0 specifications), but does not not plan to invest further in the standard. When released, the 3DS 2.0 specification will be owned jointly by Visa and MasterCard and will operate separately and in parallel with 3DS 1.0.
Ajay Bhalla, president of enterprise security solutions, MasterCard says: “We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”
He says the company is currently evolving its SecureCode programme to support the new standard with a view to a roll out in 2015.
MasterCard has also been piloting a number of commercial biometric tests, including the use of facial and voice recognition apps to authenticate cardholders, chip cards which utilise fingerprint recognition, and a Canadian trial of Bionym's Nymi wristband which authenticates a cardholder through their unique cardiac rhythm.