via Nordic Edge – Identity management and strong authentication.

The solution will provide strong authentication, whilst avoiding the need for the customer to have  any additional hardware e.g. card readers.
Read press release

Ordinarily this would be a logical conclusion. However, a benefit of implementing a Federated Authentication solution, is that privacy data can be maintained in a single repository.

The integration of individual applications (or services) in order to use a single repository/data store is achieved through open secure protocols.  Further a complete set of personal data may not need to be proliferated across all applications, simple  user role and user id may be sufficient.

MasterCard already includes tools that allow cardholders to authenticate themselves using their existing banking card and a personal card reader. The reader, normally issued by a bank, generates a single-use password that can be used for e-banking transactions, e-commerce, telephone authentication or a whole host of other uses where the customer is not face-to-face with the bank or merchant (‘card not present’ transactions).

The latest mobile phone authentication initiative includes two types of solutions:

An SMS solution that is designed only for mobile phones. In this version, the one time password password is sent to the cardholder inside an SMS text. The cardholder is then able to use this password to authenticate their online purchase or mobile banking activity.

Another version was developed to support both Smartphones and JAVA compatible phones. The solution includes an application that runs on the mobile phone, and prompts the cardholder to key in a PIN. The phone then displays a password. The consumer experience in this version is very similar to authentication using a card reader.

David Mitchell, Senior Manager, Digital Operations and Fraud at Barclays explains:

“Phishing attacks started in the UK in late 2004,”

“We saw that static credentials were no longer good enough for new thirdparty payment transactions and for new functionality we want to add to our online banking service.”

“We wanted to give customers ownership of their accounts and for them to be able to make payments and access future services”

“With phishing attacks increasing, static credentials simply wouldn’t be strong enough to offer these future services online.“

Now, all the customer needs to do is insert their standard chip-enabled bank card into the PINsentry reader and type in their PIN. They carry the device with them and can perform these secure online transactions from any personal computer.

“The system works by securing the logon using the PINsentry device to generate a one-time-only pass code,”

“This is a stronger authentication method than static credentials, as the code is spent once the customer has used it.”

“We also ask our customers to digitally sign any third-party payments they set up online using the PINsentry device.”