In the battle against mobile fraud and malware, hardware authentication is another tool in a shed filled with biometric authentication options and new security standards.
SecureKey Technologies is integrating its security software and authentication service with MasterCard's MasterPass virtual wallet. The move will let the payment network's digital commerce platform users make more secure, online transactions using Intel Ultrabooks.
The Toronto online authentication company's wares -- briidge.net software and service buried deep within devices, such as laptops and smartphones -- work in a similar way to EMV cards. The hardware assures that the PC on the other end of an online order form is actually the one that belongs to the person whose credit card is being charged.
Last year, SecureKey, which is also working with the Canadian government,
Last May, MasterCard invested in SecureKey's $30 million Series B round.
"All of us are buying stuff on the internet and all of us are just typing in [credit card information]. It's work. And it's not very secure for the merchant or the issuing bank," says Andre Boysen, SecureKey's executive vice president of marketing.
The authentication technique could just as easily be applied to online and mobile banking.
Boysen says that with the SecureKey technology people may not have to go through additional steps to prove they are who they say they are on an ecommerce site.
"What this really says is that this unique device is present, so typically at registration the device is paired with a MasterPass wallet," says Boysen. "So, if the device is present it may not go to a transaction confirmation and other out of band techniques, such as challenge questions," may not be required.
SecureKey recently joined the FIDO Alliance (short for Fast IDentity Online), which promotes a security protocol for device authentication.
The group boasts PayPal and Lenovo as members.
Any authentication method, however, is only as safe as the machine, says Robert E. Lee, an Intuit business analyst.
He explains that, from a security expert's standpoint, bankers must always assume that a device has been hacked, which diminishes the value of authentication hardware.
"I think some of that hardware signing is interesting," says Lee. "But we have to look at where trust starts if you have an operating system that calls out to the trusted hardware to get a one-time password... you are relying on that user's laptop to give you assurance to sign the transaction or whatnot."
Still, he adds, it does make it harder for a criminal to break into a person's transaction but it only raises the bar a little bit, he says.
