GOTHENBURG, SWEDEN - FEBRUARY 10 2010 - To protect themselves against card-not-present fraud, merchants increasingly turns to 3D Secure (3DS) technology, exemplified by Verified by Visa and MasterCard SecureCode. However, Steven Murdoch and Ross Anderson describe this as “lousy technology” in a recent report for the Computer Laboratory at Cambridge University, UK.
According to the report’s authors, there are numerous serious problems with the existing approach to e-commerce security. Many relate to the way different banks and card issuers implement the standard. Banks often cut corners when enrolling and verifying users. For example, some firms ask for users’ PIN numbers and the system overshares personal information between banks, merchants and outside contractors. Many of these problems stem from reliance on static passwords and the need to authenticate users at the point when they first enter their password.
All these problems undermine customer confidence and make life easier for online criminals says the report - and Todos agrees. Which is also why Todos targeted the issue already in 2007, developing a more secure, more private, more trustworthy alternative. Todos technology works within the 3DS environment to offer merchants and card issuers a much more secure alternative to static passwords:
- Two-factor authentication.Using a Todos device or mobile application and a private PIN, users can securely authenticate ecommerce transactions without revealing personal information.
- Malware and phishing protection. Todos technology makes man-in-the-middle attacks virtually impossible and thwarts online criminals using phishing sites.
- Transaction authentication/verification. Our latest authentication devices allow users to see details of the transaction they are signing; providing informed consent for transactions.
- Secure domain separation. Uniquely, Todos devices keep authentication for ecommerce and online banking separate so that a breach in one area does not compromise the other.
- Complete range of devices. The authors recommend ‘sign what you see’ technology and Todos offers the full-range of these products. However, the company also offers options, including tokens, mobile solutions and card readers, which are also highly secure, flexible and popular with banks and their customers.
“In the long term we need to move to a trustworthy payment device,” says the report. At Todos, we couldn’t agree more. “This report completely validates the Todos approach to eCommerce authentication,” says Håkan Nordfjell, COO at Todos AB.
Advanced security is not a pipedream. Todos makes it a reality today. Nordjfell explains: “Our 3D Secure eCommerce technology is already used by forward-thinking banks such as Nordea, China Trust Commercial Bank and ICA Banken and we’re ready to protect hundreds of millions of vulnerable Verified by Visa and Mastercard SecureCode customers. With us, they are properly verified and truly secure.”
Todos AB helps banks and other businesses create trusted, secure relationships with their customers online. Founded in 1987, Todos designs, develops, delivers and supports security solutions for remote authentication. We have delivered over 20m products to 100+ financial institutions in more than 30 countries. When trust matters, trust Todos. For more information visit: www.todos.se.
For further information please contact:
John Ahlberg, Communications Director
+46 31 775 88 00