Thales extends support to MasterCard Advanced Authentication for Chip
New solution secures online transactions executed with new and existing EMV cards(PresseBox) ( Stuttgart, )
MasterCard Advanced Authentication for Chip allows two-factor authentication on EMV cards already issued that do not necessarily have offline PIN capabilities or have not been personalized according to the MasterCard Chip Authentication Program(TM) (CAP). This allows issuers to provide strong authentication to their cardholders without the need to re-issue their cards. This solution has been driven by regional demand, especially from the Asia Pacific Region and Latin America, where there are hundreds of millions of cardholders who need to be able to use their existing EMV cards to protect their online transactions. Thales has long supported MasterCard CAP with its SafeSign, HSM 8000 and payShield solutions.
According to Art Kranzley, Chief Emerging Technology Officer at MasterCard, "Today, consumers still don't feel safe when buying online or using e-banking facilities which is why it is important that we create the conditions needed for banks to be able to allay these fears. Thales and MasterCard have already delivered strong authentication solutions in the past, now with Advanced Authentication we are best placed to support banks in continuing fighting Card Not Present fraud and building confidence for online customers."
The new Advanced Authentication for Chip is operated by the cardholder inserting an EMV card into a Personal Card Reader (PCR). Once inserted, the PCR will perform specific card checks. If the card does not support offline PIN, the Advanced Authentication for Chip reader provides the option for a one-time password (OTP), challenge and response (C/R) or transaction data signing (TDS) which can be used for online user authentication and transaction signing. Otherwise the cardholder will first be prompted to introduce the PIN. This also means that Advanced Authentication for Chip is compatible with MasterCard CAP. SafeSign verifies and validates the OTP, C/R and TDS in order to effectively authenticate the user and provide additional security for online transactions.
"Thales has collaborated extensively with MasterCard to provide user authentication solutions and online transaction signing for CAP. We have now added support for EMV cards that have been issued without CAP personalization or an offline PIN", says Franck Greverie, Vice President, Managing Director for the information security activities of Thales. "Our support for Advanced Authentication for Chip demonstrates our continued commitment to work with MasterCard to enable our customers to make online and Card Not Present transactions safer for EMV card holders and dramatically reduce fraud."
SafeSign is Thales's identity management and authentication solution that helps protect financial institutions and their customers against online fraud, enabling them to concentrate on delivering new products and services. Unlike other solutions, SafeSign supports a wide range of authentication technology including EMV/CAP, OATH tokens, mobile phones, smartcards and digital signature technologies. This approach allows SafeSign customers to maintain maximum flexibility in the selection of authentication that they deploy to meet their current and future needs.
About MasterCard Worldwide
MasterCard Worldwide advances global commerce by providing a critical economic link among financial institutions, businesses, cardholders and merchants worldwide. As a franchisor, processor and advisor, MasterCard develops and markets payment solutions, processes approximately 21 billion transactions each year, and provides industry-leading analysis and consulting services to financial-institution customers and merchants. Powered by the MasterCard Worldwide Network and through its family of brands, including MasterCard®, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories. www.mastercard.com
Whilst RealWire Limited endeavour to ensure the accuracy of the information contained in this Release, RealWire Limited cannot accept any liability for:-
- the inaccuracy or otherwise of any information contained in this Release; or
- any loss liability or expense which may be suffered by any party in consequence of acting or omitting to act as a result of any information contained in or omitted from this Release; or
- any loss or suffering which may be caused by or to any party either as a result of the information contained in this Release or such information contained in this Release being inaccurate or otherwise misleading.