2010-02-10 14:08:23 -
Independent research from the University of Cambridge reveals the weakness of
today's approach to eCommerce authentication. Todos technology offers a
user-friendly way to increase security within the 3D Secure environment.
GOTHENBURG, SWEDEN - FEBRUARY 10 2010 - To protect themselves against
card-not-present fraud, merchants increasingly turns to 3D Secure (3DS)
technology, exemplified by Verified by Visa and MasterCard SecureCode. However,
Steven Murdoch and Ross Anderson describe this as "lousy technology" in a recent
report <http://www.cl.cam.ac.uk/%7Erja14/Papers/fc10vbvsecurecode.pdf> for the
Computer Laboratory at Cambridge University, UK.
According to the report's authors, there are numerous serious problems with the
existing approach to e-commerce security. Many relate to the way different banks
and card issuers implement the standard. Banks often cut corners when enrolling
and verifying users. For example, some firms ask for users' PIN numbers and
the
system overshares personal information between banks, merchants and outside
contractors. Many of these problems stem from reliance on static passwords and
the need to authenticate users at the point when they first enter their
password.
All these problems undermine customer confidence and make life easier for online
criminals says the report - and Todos agrees. Which is also why Todos targeted
the issue already in 2007, developing a more secure, more private, more
trustworthy alternative. Todos technology works within the 3DS environment to
offer merchants and card issuers a much more secure alternative to static
passwords:
* Two-factor authentication. Using a Todos device or mobile application and a
private PIN, users can securely authenticate ecommerce transactions without
revealing personal information.
* Malware and phishing protection. Todos technology makes man-in-the-middle
attacks virtually impossible and thwarts online criminals using phishing
sites.
* Transaction authentication/verification. Our latest authentication devices
allow users to see details of the transaction they are signing; providing
informed consent for transactions.
* Secure domain separation. Uniquely, Todos devices keep authentication for
ecommerce and online banking separate so that a breach in one area does not
compromise the other.
* Complete range of devices. The authors recommend 'sign what you see'
technology and Todos offers the full-range of these products. However, the
company also offers options, including tokens, mobile solutions and card
readers, which are also highly secure, flexible and popular with banks and
their customers.
"In the long term we need to move to a trustworthy payment device," says the
report. At Todos, we couldn't agree more. "This report completely validates the
Todos approach to eCommerce authentication," says Håkan Nordfjell, COO at Todos
AB.
Advanced security is not a pipedream. Todos makes it a reality today. Nordjell
explains: "Our 3D Secure eCommerce technology is already used by
forward-thinking banks such as Nordea, China Trust Commercial Bank and ICA
Banken and we're ready to protect hundreds of millions of vulnerable Verified by
Visa and Mastercard SecureCode customers. With us, they are properly verified
and truly secure."
###
Todos ABhelps banks and other businesses create trusted, secure relationships
with their customers online. Founded in 1987, Todos designs, develops, delivers
and supports security solutions for remote authentication. We have delivered
over 20m products to 100+ financial institutions in more than 30 countries. When
trust matters, trust Todos. For more information visit: www.todos.se.
For further information please contact:
John Ahlberg, Communications Director
john.ahlberg@todos.se <mailto:john.ahlberg@todos.se>
Todos AB
+46 31 775 88 00
www.todos.se <http://www.todos.se/>
[HUG#1382868]
Full story - PDF:
hugin.info/141510/R/1382868/341771.pdf
