IMGCAP(1)]
MasterCard Worldwide has approved special card readers from four vendors that consumers can use to authenticate themselves online, a spokesperson for the card company tells CardLine Global. As part of MasterCard's chip-authentication program, consumers with EMV smart cards can generate one-time-use passwords for card-not-present transactions, including purchases from online retailers, instead of using PINs. MasterCard approved devices from Thales SA, Gemalto NV, Logos and Data Security Systems Solutions Pte. Ltd. One system advantage is it incorporates part of the transaction data into the one-time password, the card company says. By binding authentication to the specifics of a purchase, the system can thwart man-in-the-middle attacks, in which a third party observes the interaction and steals the password for other uses, MasterCard says. "End-users would be able to use their existing EMV cards with a handheld, unconnected reader that the organization would need to distribute to its user base," a spokesperson for Thales tells CardLine Global. "These readers go to any end-user who would need to securely log on to the online service or send secure transaction instructions." Among the likely beneficiaries would be consumers who want secure access to their online-banking [sites] and users who access corporate Internet-banking systems and sign batch transactions, the spokesperson says.
