Visa pushes for new authentication system

[Arkos]

A MORE advanced data authentication system is being pushed by Visa Inc. among banks in order to deter credit card fraud.

“To prevent fraud in card transactions from happening, issuers must shift from static data authentication (SDA) to the dynamic data authentication (DDA),” Michael E. Smith, Visa’s head for risk management for Asia Pacific, Central Europe, Middle East and Africa, told reporters in a briefing yesterday.

SDA is a type of data authentication in which a terminal validates a password placed on the card at the time it was issued to the cardholder, while DDA is a type of data authentication in which the card uses public key technology to generate a password.

Mr. Smith said static data is the password a bank or issuer gives a cardholder at the time she or he applies for a card, while the dynamic data is a one-time password issued by the bank every time the cardholder makes a transaction online or through an automated teller machine.

He said the DDA is more secure than the SDA as it generates a “unique password” for each transaction.

“SDA is static because the password is not changed. You use that same password for every transaction so it becomes more exposed to credit card fraud,” he said.

“As for the dynamic data, you have a new password issued by your bank every time you make a transaction, which makes it harder for ‘fraudsters’ to access the key to your account.”

Skimming or copying the information in the magnetic strip of the card and false merchant sites or sites created by hackers designed to acquire people’s credit card information are other types of credit card fraud.

In the DDA, the password is generated through a “token” (a gadget issued by banks).

“In the case of an online transaction, a pop-up window would show in your computer screen to authenticate your identity and generate your password,” Mr. Smith explained.

He stressed the password generated by the token and the pop-up window would only be valid for about five minutes.

Murugesh Krishnan, Visa’s director for country risk management for South and Southeast Asia and the Middle East, said the DDA is not yet being used in the country but Visa is holding talks with local banks about its integration into the country’s payments system.

“There are ongoing discussions with [local] banks, it’s just a matter of timing of getting the budget for the system, but in the Asia Pacific region, Singapore, Hong Kong, Malaysia are among the countries that have implemented the DDA in their banks,” he said.

“A shift to DDA from SDA would benefit cardholders but as it would be costly for banks, there are economic decisions to be made,” he added. -- Ann Rozainne R. Gregorio

http://www.bworldonline.com/main/content.php?id=24360

 

[Uluda88]

it's not well explained -.- I don't see the problem for carders
sounds like verified by visa only with a new password every time
but where does the password come from or go to is it a sms if ur instore?
Not everyone has a mobile or carrys it with him everyday.

 

[Amstrad]

Шо, пиздюки? Доигрались?
Ну оно и к лучшему.

---------- Сообщение добавлено в 01:56 PM ---------- Предыдущее сообщение размещено в 01:54 PM ----------

it's not well explained -.- I don't see the problem for carders
sounds like verified by visa only with a new password every time
but where does the password come from or go to is it a sms if ur instore?
Not everyone has a mobile or carrys it with him everyday.

Тoken can generate a new pin for each transaction by secure algorithm.

 

[fask3y]

will wait and see what happens. this is supposed to be happening in 2011. always ways around new technologies

 

[livethebeat]

lol, let them keep putting more security on these things, not going to change anything or slow anything down.

The best way around fraud is consumer awareness. Just don't be stupid. But because most of the world is stupid we will always use this to our advantage

 

[Okolom]

its good

 

[ladaniva]

Maybe its like RSA token which generates 6 digit code which is changing by 2-3 minutes.
But it is very slow and problematic system...

 

[dofkiuxas]

it is good

 

[Rainman]

In the Netherlands we already have something like this for another payment syste. You get a little device with a display and numbers from 0 to 9, you activate the device once over your online banking with the serial number, and then it creates a unique algo that only matches your device for every transaction. If you enter a wrong algo 3 times your banking is blocked. There is also a non-changable 5 digit PW on the device itself.

 

[eastman]

Hope they dont get this one through its hard now working around all these security feature... We dont need anything extra!

 

[source]

lol visa never stops making lame security
they know good that they can't never decrease the frauds while all statics says its in increase

i think they just do that to abuse banks and partners claiming that they updating the security and bullshit and you have to pay us more or at least they have to show the world that they works while they bullshit