A MORE advanced data authentication system is being pushed by Visa Inc. among banks in order to deter credit card fraud.
“To prevent fraud in card transactions from happening, issuers must shift from static data authentication (SDA) to the dynamic data authentication (DDA),” Michael E. Smith, Visa’s head for risk management for Asia Pacific, Central Europe, Middle East and Africa, told reporters in a briefing yesterday.
SDA is a type of data authentication in which a terminal validates a password placed on the card at the time it was issued to the cardholder, while DDA is a type of data authentication in which the card uses public key technology to generate a password.
Mr. Smith said static data is the password a bank or issuer gives a cardholder at the time she or he applies for a card, while the dynamic data is a one-time password issued by the bank every time the cardholder makes a transaction online or through an automated teller machine.
He said the DDA is more secure than the SDA as it generates a “unique password” for each transaction.
“SDA is static because the password is not changed. You use that same password for every transaction so it becomes more exposed to credit card fraud,” he said.
“As for the dynamic data, you have a new password issued by your bank every time you make a transaction, which makes it harder for ‘fraudsters’ to access the key to your account.”
Skimming or copying the information in the magnetic strip of the card and false merchant sites or sites created by hackers designed to acquire people’s credit card information are other types of credit card fraud.
In the DDA, the password is generated through a “token” (a gadget issued by banks).
“In the case of an online transaction, a pop-up window would show in your computer screen to authenticate your identity and generate your password,” Mr. Smith explained.
He stressed the password generated by the token and the pop-up window would only be valid for about five minutes.
Murugesh Krishnan, Visa’s director for country risk management for South and Southeast Asia and the Middle East, said the DDA is not yet being used in the country but Visa is holding talks with local banks about its integration into the country’s payments system.
“There are ongoing discussions with [local] banks, it’s just a matter of timing of getting the budget for the system, but in the Asia Pacific region, Singapore, Hong Kong, Malaysia are among the countries that have implemented the DDA in their banks,” he said.
“A shift to DDA from SDA would benefit cardholders but as it would be costly for banks, there are economic decisions to be made,” he added. -- Ann Rozainne R. Gregorio
Code:
http://www.bworldonline.com/main/content.php?id=24360