MasterCard Inc. said it has approved special card readers from four vendors for consumers to authenticate themselves online with chip cards.
As part of the Purchase, N.Y., card company's chip authentication program, MasterCard lets users of EMV Integrated Circuit Cards use their cards to generate a one-time-use password for card-not-present transactions such as e-commerce, rather than using a personal identification number.
MasterCard said Wednesday that devices from Thales SA, Gemalto NV, Logos and Data Security Systems Solutions Pte Ltd. have been approved.
The card company said one advantage of the system is that it incorporates part of the transaction data into the one-time password. By binding authentication to the specifics of a purchase, MasterCard said, it can thwart man-in-the-middle attacks, in which a third party observes the interaction and steals the password for other uses.
Thales, in a separate announcement, said that, if the card does not support offline PIN, its advanced-authentication-for-chip reader offers the option of a one-time password, challenge and response or transaction data signing that can be used for online user authentication and transaction signing.