MasterCard Launches its Authentication Program for Mobile Devices
MasterCard extends range of supporting form factors for its chip authentication program to include mobile phones, with support from Arcot, Logos and OpenWay
Waterloo, Belgium — 12 November, 2009 — MasterCard has today launched an innovative solution to harness the mobile phone as a form factor for its Chip Authentication Program. The initiative focuses on enabling consumers to authenticate their banking and online transactions through their own mobile phone with solutions from three leading industry vendors.
MasterCard’s CAP program (Chip Authentication Program) focuses on solutions that allow cardholders to authenticate themselves using their existing EMV banking card and a personal card reader. The reader, normally issued by a bank, generates a single-use password that can be used for e-banking transactions, e-commerce, telephone authentication or a whole host of other uses where the customer is not face-to-face with the bank or merchant – transactions termed as ‘card not present’.
Today’s announcement focuses on the use of the mobile phone for the generation of a dynamic password. Additionally the solution allows part of the transaction to be included in the generation of a password – this means that banks can enable cardholders to create a unique signature for a transaction. Such developments represent considerable armor against “phishing” and ‘man in the middle’ attacks – a growing problem in e-banking and e-commerce.
The initiative follows MasterCard’s recent announcement of its Advanced Authentication for Chip program, which is also designed to bring together best-in-class vendors for premium solutions in this increasingly important fraud-prevention area.
Today’s initiative is based on software solutions offered by Arcot, Logos and Openway.
Using the Mobile Phone to Authenticate and Protect
This new development leverages the ubiquitous nature of mobile phones. According to latest research from Forrester1, the number of individual mobile users in Europe will increase to 344 million users by the end of 2014, representing 84% of the Western European population. Coupled with growing online banking fraud activity (the UK Card Association reports that online banking fraud has jumped 132% in 2008 to stand at a record £52.5m.) the possibility to harness the mobile phone for authentication purposes is considerable.
Currently well over half of all bank cards in circulation in Europe are now driven by EMV, and with more than eight out of every terminal at point-of-sale similarly EMV enabled, there is a very real opportunity to build on this EMV experience uniting it with the technology and convenience of mobile devices.
Today’s announcement offers two types of solutions:
- The SMS-CAP solution works on any mobile phone. In this version, the CAP password is sent to the cardholder inside an SMS (short message service or ‘text’). The cardholder is then able to use this password to authenticate their online purchase or mobile banking activity.
- The second version runs on Smartphones or JAVA compatible phones. It consists of an application that runs on the mobile phone, and prompts the cardholder to key in a PIN. The phone then displays a CAP password. The consumer experience in this version is very similar to authentication using a card reader.
Because both solutions leverage the same specifications, banks can elect to work with a card reader, or a mobile phone, or both. For instance, a consumer may authenticate with a card reader at home but use mobile phon e authentication elsewhere.
“The simplicity of this approach may be evident but the innovative proposition and the suite of solutions that we have now in place with our partners provides a sophisticated and unrivalled offering to our bank customers” said Art Kranzley, chief emerging technology officer, advanced technology, MasterCard Worldwide.
“With EMV chip authentication demonstrating real value as a driver for secure internet shopping and online banking, we continue to strive to find new ways to broaden available solutions as needed by banks . This means finding cost-sensitive solutions for our customers and eas y to use methods for consumers. This program delivers on both.”
About MasterCard Europe and MasterCard Worldwide
MasterCard Europe is the entity responsible for managing MasterCard Worldwide’s business in Europe - for Europe. With headquarters in Waterloo, Belgium, MasterCard Europe works with 51 European countries stretching as far afield as the eastern border of Russia. Through its network of local offices, MasterCard Europe can understand and meet the diverse needs of customers in the very different types of markets throughout Europe, enabling people to do business in their own way in their own language.
MasterCard Worldwide advances global commerce by providing a critical economic link among financial institutions, businesses, cardholders and merchants worldwide. As a franchisor, processor and advisor, MasterCard develops and markets payment solutions, processes approximately 21 billion transactions each year, and provides industry-leading analysis and consulting services to financial-institution customers and merchants. Powered by the MasterCard Worldwide Network and through its family of brands, including MasterCard®, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories. For more information go to www.mastercard.com.
Editorial Note
About Arcot
Arcot is the Cloud Authentication Leader. Its solutions make Web transactions and online access safe for millions of consumer, enterprise, and e-Commerce users. Organizations can transparently protect their users from fraud without requiring expensive hardware. Arcot fraud prevention, strong authentication, and e-Document security solutions can be deployed with SaaS, internal or mobile applications delivering the right balance of cost, convenience and strength.
The ArcotOTP mobile solution extends the range of devices available for MasterCard CAP authentication and provides customers with the ability to authenticate with an application that runs on their mobile phone. Because ArcotOTP is certified by MasterCard, it can be used with any EMV transaction and in conjunction with other EMV authentication devices. For instance, a consumer may authenticate with a card reader at home but use the mobile ArcotOTP while on the go.
“Arcot’s goal is to provide solutions that make it easy for businesses and consumers to reduce fraud. Our latest offering, ArcotOTP, is a breakthrough in convenience. Cardholders can now use their mobile phones with MasterCard CAP to protect themselves when shopping or banking online. Financial institutions can deploy this protection to more customers without having to issue cumbersome card readers that can be lost or broken resulting in additional cost,” commented Ram Varadarajan, President and CEO of Arcot Systems, Inc. “Arcot has a long history of partnering with MasterCard to provide increased security in card not present transactions.”
Press Contact
Carol Alexander, +1-408-969-6174 or +1-650-576-8740
About Logos
Croatia based Logos, member of the Asseco South Eastern Europe group, is one of the leading IT companies in the region specializing in the development, integration and implementation of highly customized turn-key projects for the financial industry. Logos’ portfolio includes Single Point of Strong Authentication solutions supporting hardware tokens from different vendors, EMV CAP, mobile token and SMS OTPs; PKI SmartCard Digital Signature and Encryption solutions, as well e-commerce 3D Secure and JavaPhone Mobile banking solutions.
“Logos has included support for MasterCard’s Chip Authentication Program within its ASEBA SxS authentication solution from the very beginning, as well as MasterCard’s SecureCode specification. ASEBA SxS supports different authentication devices, and it provides channel and application independent reliable two-factor authentication, increasing the level of security in e-commerce and e-banking transactions”, said Drazen Pehar, Logos Chief Executive Officer. “Recognizing all the advantages of mobile devices and mobile technology, Logos added SMS OTP and Mobile token authentication to its ASEBA SxS Server, and certified its solution for MasterCard’s EMV CAP. We strongly believe that usage of mobile devices as an authentication device is the best compromise between security, cost and mobility; and that it will result in a high user acceptance and more secure Internet transactions”.
Press Contact
Maja Bajza Ljubicic, +385 1 3030 000
About OpenWay
OpenWay Group (www.openwaygroup.com) is a payment processing software vendor (rated as strong positive by Gartner, 2009*). Its WAY4 Card Issuing and Merchant Acquiring, Loan Management, Personalised Remote Banking, Payment Switch/Hub, Behaviour Loyalty and other payment solutions successfully operate in more than 90 banks, processing and telecom companies in Europe, US, Asia, the Middle East and Africa.
“WAY4 is a customer-centric rule -driven environment for debit, credit and prepaid cards, deposits, loans, current accounts, mobile money and other financial products, for targeted marketing campaigns and personalised self-service via ATMs, kiosks, POS terminals, web, mobile banking and other channels. WAY4 supports 24x7 high-speed processing on open platform clusters,” said Wim Pardon, Managing Director of OpenWay Belgium. “Our partnership with MasterCard and our work together to further enhance the range of solutions through its chip authentication program, will ensure that WAY4 has an important part to play in the fight against card-not-present fraud.”
Press Contact
Svetlana Konakova, +7 812 324 48 98
|
