New ways to authenticate card-not-present transactions

by. Brandon Kuehl

Consumer-facing solutions for authenticating digital transactions had been bandied about the industry a few years ago. These include an EMV card reader that individuals would use to authenticate their cards for online purchases and an NFC card reader that could be built into or attached to devices like tablets, laptops or desktop computers. However, today more energy is rightly being focused on behind-the-scenes technology designed to make online transactions secure – and easy – for consumers.

Some of these industry-driven authentication methods are already in place across Europe, and showing positive results. These include Short Message Service (SMS) authorization codes and Universal Serial Bus (USB) security tokens.

SMS authorization codes are one-time passwords first introduced to counter phishing and other attacks against authentication of online services. Users enter the one-time password after logging into a system with their traditional credentials, or the password is used to authenticate a transaction.

USB security tokens provide secure storage for multiple login credentials, so consumers need to remember only a single password or PIN to access a system or authenticate a transaction. USB security tokens are different from payment tokens, in that they are delivered to the consumer via USB. Payment tokens, on the other hand, are never delivered to the consumer. They are only ever seen by the merchant and the various processing entities that help a transaction flow through the authorization system.

continue reading »