header banner
Default

MasterCard and Visa are removing their 3D Secure passwords


Table of Contents

    Visa and MasterCard announce plans to discontinue password use on 3D Secure, Verify by Visa and SecureCode secure payment platforms.

    Payment giants Visa and MasterCard announced plans to eliminate the need for password authentication in the companies’ respective “Verified by Visa” and “SecureCode” payment platforms which are designed to add an additional layer of security to online transactions.

    In a press release, MasterCard announced that ultimate goal of an upgraded 3D Secure system, set to replace the current system next year, will rely on “richer cardholder data” in order to limit password interruptions in the payment process. In the event that an authentication challenge is required, MasterCard says it plans to replace static, memorized passwords with one-time passwords and fingerprint biometrics. MasterCard is also sponsoring commercial tests to design facial and voice recognition applications for use as authenticators in the future as well as a wristband that authenticates via cardiac rhythm.

    Threatpost reached out to MasterCard for clarification on what the company means by “richer cardholder data” but did not hear back by the time of publication.

    3D Secure is a card-not-present payment protocol developed Visa and adopted by a number of other payment card companies. It was designed to curb the growing problem of fraudulent purchases being made online. When a Verified by Visa or SecureCode user enters her card information to an online merchant, the merchant then sends that payment data to Visa or MasterCard. The payment company replies with an iframe that presents the user with an additional  password-based authentication form. If the customer enters the correct password, the merchant receives an authorization code to proceed with the transaction.

    However, the 3D Secure protocol has been criticized for requiring users to remember yet another complicated password as well as for its user interface, which has been mistaken for a phishing scheme.

    “All of us want a payment experience that is safe as well as simple, not one or the other,” said Ajay Bhalla, president of enterprise security solutions at MasterCard. “We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”

    Sources


    Article information

    Author: Deborah Ramirez

    Last Updated: 1703126882

    Views: 1451

    Rating: 4.4 / 5 (76 voted)

    Reviews: 90% of readers found this page helpful

    Author information

    Name: Deborah Ramirez

    Birthday: 1994-04-28

    Address: 9406 Rice Hollow Suite 768, East Denisemouth, SC 79849

    Phone: +4042147754525203

    Job: Tour Guide

    Hobby: Coffee Roasting, Kite Flying, Playing Chess, Robotics, Card Collecting, Quilting, Stamp Collecting

    Introduction: My name is Deborah Ramirez, I am a multicolored, brilliant, Gifted, risk-taking, unwavering, variegated, resolute person who loves writing and wants to share my knowledge and understanding with you.