MasterCard (NYSE:MA) has today launched an innovative solution to harness the mobile phone as a form factor for its Chip Authentication Program.
The initiative focuses on enabling consumers to authenticate their banking and online transactions through their own mobile phone with solutions from three leading industry vendors.
MasterCard's CAP program (Chip Authentication Program) focuses on solutions that allow cardholders to authenticate themselves using their existing EMV banking card and a personal card reader. The reader, normally issued by a bank, generates a single-use password that can be used for e-banking transactions, e-commerce, telephone authentication or a whole host of other uses where the customer is not face-to-face with the bank or merchant - transactions termed as 'card not present'.
Today's announcement focuses on the use of the mobile phone for the generation of a dynamic password. Additionally the solution allows part of the transaction to be included in the generation of a password - this means that banks can enable cardholders to create a unique signature for a transaction. Such developments represent considerable armor against "phishing" and 'man in the middle' attacks - a growing problem in e-banking and e-commerce.
Using the Mobile Phone to Authenticate and Protect
This new development leverages the ubiquitous nature of mobile phones. According to latest research from Forrester1, the number of individual mobile users in Europe will increase to 344 million users by the end of 2014, representing 84% of the Western European population. Coupled with growing online banking fraud activity (the UK Card Association reports that online banking fraud has jumped 132% in 2008 to stand at a record £52.5m.) the possibility to harness the mobile phone for authentication purposes is considerable.
Currently well over half of all bank cards in circulation in Europe are now driven by EMV, and with more than eight out of every terminal at point-of-sale similarly EMV enabled, there is a very real opportunity to build on this EMV experience uniting it with the technology and convenience of mobile devices.
Today's announcement offers two types of solutions:
* The SMS-CAP solution works on any mobile phone. In this version, the CAP password is sent to the cardholder inside an SMS (short message service or 'text'). The cardholder is then able to use this password to authenticate their online purchase or mobile banking activity.
* The second version runs on Smartphones or JAVA compatible phones. It consists of an application that runs on the mobile phone, and prompts the cardholder to key in a PIN. The phone then displays a CAP password. The consumer experience in this version is very similar to authentication using a card reader.
"The simplicity of this approach may be evident but the innovative proposition and the suite of solutions that we have now in place with our partners provides a sophisticated and unrivalled offering to our bank customers" said Art Kranzley, chief emerging technology officer, advanced technology, MasterCard Worldwide.
1 Source: Forrester Research European Mobile Forecast, 7/09 (Western Europe). There are some 334 million users currently in Western Europe.