MasterCard plans to end the use of passwords for online payments, possibly by 2015, the company says.
The company has been working on the co-creation, with Visa, of a new authentication standard, which when adopted, will be the largest wholesale upgrade to online payment security. It’s intended to benefit consumers, banks, and merchants alike, with invisible authentication and far fewer prompts for passwords.
By 2018, payments on mobile devices are expected to represent 30% of all online retail sales and therefore the new standard will move security infrastructure beyond the PC era, supporting emerging technologies and changing consumer needs.
MasterCard’s approach is to use richer cardholder data, which will result in far fewer password interruptions at the point of sale. In the event that an authentication challenge is needed, cardholders will be able to identify themselves with the likes of one-time passwords, or fingerprint biometrics, rather than committing static passwords to memory.
Ajay Bhalla, president of Enterprise Security Solutions, MasterCard, says: “All of us want a payment experience that is safe as well as simple, not one or the other. We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”
The new protocol could be adopted in 2015 and will gradually replace the current 3D Secure protocol. Other steps MasterCard is taking toward a password-free environment include:
• Evolving its SecureCode program to support the new standard, resulting in a smoother, simpler, and safer experience for cardholders.
• Piloting commercial tests for facial and voice recognition apps to authenticate cardholders.
• Conducting trials of a wristband that authenticates a cardholder through his or her unique cardiac rhythm.