Verified by Visa and MasterCard SecureCode are initiatives that encourage customers to register in order to protect transactions with an additional password. The systems allow financial institutions to confirm a cardholder’s identity to the online retailer, thus making transactions more secure against fraudsters. APACS reports that take-up of these authentication services has increased by 600 per cent in the last two years, and 25 million credit and debit card holders have signed up to the scheme since 2006.
However, there are 83 million credit and debit cards currently in circulation in the UK (1) , which means that as yet only 30% of UK cards are registered with either scheme. Furthermore, while these schemes allow for the addition of two-factor authentication, those deployed so far only use passwords which are still vulnerable to phishing fraud.
Many UK banks have already invested in the software and hardware to support MasterCard and Visa’s Chip Authentication Programme initiative (CAP) through their investment in card readers and CAP compliant cards to secure online banking. Either CAP or mobile authentication could be used as a common platform to offer strong user identification within a cryptographically secure environment for all online transactions. The fact that the infrastructure to use two-factor authentication for e-commerce has already been put in place for online banking means that there is a strong business case to employ two-factor authentication more broadly online. By working with the card schemes, all banks should soon be offering their customers security measures which cover the whole online payments space.
(1) APACS, Plastic cards in the UK and how we used them in 2007, http://www.apacs.org.uk/resources_publications/card_facts_and_figures.html