Nov. 17, 2011
The alliance MasterCard Inc. announced earlier this week with Intel Corp. to secure e-commerce transactions will not supersede SecureCode, a MasterCard online authentication system, but will fairly soon lead to a new type of contactless-payment device from an emerging category of ultra-thin, fast-start PCs, executives with both companies tell Digital Transactions News. A significant ramp-up of the contactless capability is expected by 2013, the executives say.
“This will be a revolutionary breakthrough in how you do online payments,” says Mario Shiliashki, senior vice president and group head for U.S. emerging payments at MasterCard.
Under the terms of the multiyear, global deal, MasterCard has agreed to support a one-time password generated by an Intel microprocessor and firmware embedded with the Santa Clara, Calif.-based chipmaker’s Identity Protection Technology. IPT, which Intel began shipping this summer, is initially going into a new line of laptops known as “ultrabooks,” or light, very thin machines endowed with long battery life and the capability to boot up instantly, much like tablets. Intel says it expects between 10 and 12 ultrabook models to come to market by the end of the year, with more than 60 arriving in 2012. So far, PC makers Acer, Lenovo, Toshiba, Hewlett-Packard, and Asus are on board, the company says.
The one-time password, considered a second factor of authentication that can’t be affected by malware or phishing attacks, will flow through MasterCard’s network. If the password matches one simultaneously generated by the issuer, the transaction will be authorized, much as is the case with external password-generating tokens, a technology that has had limited usage because of its expense and the need to always have one handy. But with IPT, the token is built into the PC.
The new security technology is expected to make online payments easier by, for example, eliminating the need for consumers to type in extra information, such as the card-verification value on their cards. “It’s a secure but still convenient way for consumers to conduct online transactions ,” says Gordon Dolfie, general manager for IPT at Intel.
IPT represents a move by MasterCard beyond SecureCode, a software-based authentication system for online transactions that, along with Visa Inc.’s similar Verified by Visa, has not been as widely adopted as the card networks had hoped. Largely, this is because the technology interrupts a consumer’s online session to collect a password, something merchants abhor. “With Intel, we’re taking that same concept but making it embedded in the hardware,” says Shiliashki.
While SecureCode requires fairly extensive integration work by merchants and their processors, Shiliashki says IPT won’t. “This will ride the rails MasterCard has already established,” he says. “We’re not creating a new network. We’re adding a layer of authentication.” But IPT won’t replace SecureCode, since consumers will still need the latter technology whenever they perform a transaction on a machine other than their own, he adds.
In a second phase expected to gain momentum in 2013, the two companies will support contactless transactions, allowing consumers to tap their PC with, for example, a phone equipped with near-field communication (NFC) and merchants to turn ultrabooks and tablets into portable point-of-sale devices. Dolfie says Intel intends to ship IPT for smart phones and tablets after establishing it with ultrabooks, though he can’t give details of the plan. The company is starting with the new PCs, he says, because it expects them to be extremely popular. “Consumers are going to find these [ultrabooks] to be the next must-have,” he tells Digital Transactions News.
How the necessary RFID readers will work with—or in—ultrabooks and other devices will be left up to the manufacturers, though Intel is “working on that becoming part of the PC platform,” Dolfie says. “The manufacturer could start with an external device.”
Nor is it clear what impact, if any, the expected reduction of fraud from IPT will have on card interchange rates. Though Shiliashki says he’s “not prepared to discuss interchange,” he adds that the primary purpose of IPT is “to drive [fraud] costs out of the system. How that translates into a potential interchange adjustment, that’s a secondary consideration.”
SPECIAL FEATURERead Digital Transactions Online