Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Visa and MasterCard Finally Set to Bin Passwords

Credit card giants Visa and MasterCard have announced plans to do away with the password element of their much-hated 3D Secure online authentication initiative.

It’s not clear what the new authentication system, 3D Secure 2.0, will require in place of passwords but it could well be tied to users’ mobile phones.

Smartphone-generated one-time passwords are increasingly being used by online service providers as a means to authenticate their users, most notably the likes of Google and PayPal.

“All of us want a payment experience that is safe as well as simple, not one or the other,” said MasterCard president of enterprise security solutions, Ajay Bhalla.

“We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”

The new system could be introduced as early as next year, and promises a “smoother, simpler and safer experience for cardholders," the firm said.

MasterCard said it’s also trialling commercial tests of facial and voice recognition apps to authenticate customers, as well as a wristband which can discern individuals’ identities through their cardiac rhythm.

3D Secure has often been criticized by consumers because it requires cardholders to remember an additional password to authenticate themselves when paying for goods and services online.

It’s also easy for concerted cyber-criminals to crack with Man in the Middle attacks or lookalike phishing pop-ups.

Phil Turner, EMEA vice president at identity management firm Okta, argued that password fatigue means most consumers will welcome the news.

“We’ve long had single sign-on technologies to remove the complexity of remembering multiple passwords, but what if someone else gets a hold of that single username and password?” he added

“Not surprisingly, multi-factor authentication – which requires two or more factors to verify the legitimacy of the user – has taken off and evolved pretty substantially in the past decade and we’re now seeing authentication methods becoming as personalized and specific to the individual as the experiences they're trying to access.”

What’s Hot on Infosecurity Magazine?