Mastercard gets twice as tough on ID security

Mastercard will help banks in Asia Pacific beef up internet banking security with the launch next month of an electronic security system that will more stringently verify a customer's identity.

The system will enable the banks to add a second layer of security to internet banking by providing a choice of authentication solutions that financial institutions can offer their customers. These include randomly generated SMS passwords sent to mobile phones and security tokens that issue one-time access codes.

The move comes as increasing pressure is put on the banks to provide internet customers with two-factor authentication services where users are authenticated first with something they know (a password), and then with either something they have (a hardware token or one-time SMS code) or something of themselves (a fingerprint).

The Australian Bankers Association last week called for the banks to boost internet security, saying it would release an industry standard this year requiring online users to be identified by two methods rather than just a password or PIN as at present.

The Hong Kong Monetary Authority has also said that high-level transactions have to be authorised by two methods.

Mastercard vice-president and regional head of security and risk management Tim Morris said the service would run off the existing Mastercard online authentication system, which the banks use to run cardholder authentication products such as Verified by Visa and Mastercard's SecureCode, which allows participating banks and card issuers to validate a cardholder's identity during the electronic checkout process.

"It's cheap, as it runs off the existing Moas platform, saving the banks in terms of implementation costs," Mr Morris said.

"We've negotiated very, very competitive deals with the suppliers of the authentication tokens, bringing the cost down to a level that really hasn't been seen before in those markets."

Mr Morris could not say how much the service would cost the banks, nor how much the project had cost Mastercard, but said by using the system the banks would reduce implementation costs by up to 80 per cent.

Mr Morris said one of the strengths of the system was that it was "solution agnostic", meaning the banks would be in a position to provide their customer with at least three different channels of two-factor authentication security tokens, SMS passwords and chip cards that generate a random number when plugged into a reader.

Mr Morris said so far the response from the banks, including those in Australia , had been very good, though Mastercard was not at the contract stage yet with any institutions.