Rampant data breaches have taught consumers that it is not always wise to store payment data with a third party, but soon such behavior may become the safer way to transact.
Intel Corp. is building an ability in its devices to generate dynamic data for each transaction made from a digital wallet funded by a MasterCard Worldwide product. Unlike the payment data used in most e-commerce transactions today, dynamic data are designed to be virtually impossible to reuse if someone steals the information.
Intel's machines also will support contactless MasterCard PayPass payments generated by a card or a mobile phone; these also use dynamic data.
"It used to be, things that make it more convenient sometimes would lessen security, [and] things you did to make it much more secure were often an impediment to the consumer,” says Ed McLaughlin, MasterCard chief emerging payments officer. “We can now move both things in parallel: Make it more convenient and more secure."
The dynamic-data capability provides a similar measure of security as the one-time password tokens consumers use to log in to some bank accounts, he says. It also protects users against keylogging software because card data store remotely in a digital wallet instead of typed for each new merchant.
Some Intel devices already generate dynamic data. Intel will add he contactless-payment capability next year, starting with the Ultrabook line of thin portable computers.
Consumers would not need to use a contactless card when shopping from home if they already use the digital wallet. The contactless-payment capability is more appropriate for kiosks and other merchant devices.
Intel focused first on its thin laptop line "because they are handy on-the-go devices" that complement smartphones, says Gordon Dolfie, general manager of Intel identity protection technology.
The company designed the Ultrabook line, which later will get touchscreen capabilities, as "a hybrid tablet and notebook PC," Dolfie says. Some merchants today already use tablets to accept payments.
With Intel's technology, a merchant first must switch on the PayPass capability with MasterCard, McLaughlin says. Banks that already issue PayPass cards would not need to make any substantial changes.
This is in contrast to a similar payment technology from SecureKey Technologies Inc., a Toronto-based company that enables consumers to make contactless payments from home computers by using a USB device. Intel also has invested in that company.
In SecureKey's model, the issuing bank that offers SecureKey payments must be set up to accept the dynamic data it generates. The merchant, under SecureKey's model, can be oblivious to this process because users submit the dynamic data in one of the checkout page's normal fields.
McLaughlin would not say whether MasterCard is working with SecureKey.
Intel eventually will open up the payment capability MasterCard is supporting to other card networks, but MasterCard will have an initial period of exclusivity, McLaughlin says. He would not say how long that exclusivity would last.
There is a clear security benefit to MasterCard's plan, says Avivah Litan, a vice president and distinguished analyst at Gartner Inc., a Stamford, Conn.-based market research company
"It's much better to have a dynamic code, and it's a good idea not to store data on your PC," she says.
However, no security is perfect she warns. Crooks can steal a dynamic code in real time and use for fraudulent transactions before the legitimate customer can use it, Litan says.
Even so, "it's definitely a step up from what we do today," she says.
