Shoppers who pay for purchases with a wave of a mobile phone gain extra protection.
Mastercard Inc.’s digital wallet, MasterPass, has gotten a security boost. Intel Corp. is now providing its Identity Protection Technology to shoppers who pay for items with their MasterPass contactless card or by tapping their MasterPass-equipped mobile devices next to a Near Field Communications, or NFC, reader built into some cash registers. NFC wirelessly communicates payment and other data between a chip embedded in a piece of hardware, most often a mobile phone, and the register.
The technology adds an extra layer of authentication to a shopper’s device so that when she logs into a web account to make a purchase, the site can tell it is her and not a cyber-criminal using her log-in credentials, according to Intel. This is known as two-factor authentication, because the consumer identifies herself in two ways—with her user name and password and also with a device associated with her.
The added layer is a code unique to the shopper’s mobile device that the retail web site verifies in the background through the Intel Identity Protection Technology as she begins to make a payment. For the shopper, there aren’t any extra steps in the checkout process. Intel assigns a new code to her mobile device every 30 seconds so that a criminal cannot learn and abuse it, the company says. It’s embedding the technology intodevices with the NFC reader from manufacturer NXP Semiconductors N.V., including MasterCard digital wallets and select Intel computing devices, such as its newest lines of Ultrabooks (which Intel describes as hybrid versions of laptop and tablet computers) and PCs, it says. The two-factor authentication also works on direct e-commerce and m-commerce transactions via those devices, not just those that occur via NFC.
“This provides a way to introduce a dynamic authentication capability into the card-not-present transaction in a way that involves minimal consumer friction and could really have a significant impact on card-not-present fraud over time,” Julie Conroy, an analyst at Aite Group, says. “The key element is getting the hardware into consumers’ hands—it will take time to get a big enough population of devices with the requisite chips as well as contactless cards into consumers’ hands to make any real dent in the growing card-not-present fraud problem.”
In 2012, retailers lost 1.4% of their mobile commerce revenue and about 0.9% of online revenue to fraud, according to payment processing and risk management services provider CyberSource Corp. in its 2013 Online Fraud Report. Although CyberSource didn’t report a mobile order fraud rate for 2011, it notes that 28% of retailers tracked mobile commerce fraud in 2012, up from only 8% in 2011. The online fraud rate was down slightly from 1.0% in 2011, and far below the 10-year high of 1.8% in 2004, the firm says. CyberSource is a unit of Visa Inc.