This blog is not about the many attempts to secure card payments in a proprietary way - and many examples exist - but about the fact that the card associations now seem to be certifying some of these solutions. I think that this is a major step forward with significant implications. The fact that unique payment solutions (some of these being very different to what we generally would have done) now get Credit Card Association endorsement or even licensing is indeed very interesting.
While quite a few of these examples can be found (one that we at Fundamo are intimately involved with), I would like to just quote two:
- Mastercard recently announced their Chip Authentication Program (CAP) which allows for a One Time Password (OTP) to be generated by a phone (Read here). This means that someone can use a card on the Internet with a OTP that has been generated by their mobile. This is quite interesting as merchants can validate the OTP for a specific transaction. Security is much higher and the computing power of the phone is utilised well.
- The mCheck solution deployed on Airtel in India is also an interesting case study.(Read here). While I do not know the detailed architecture of the solution, it is my understanding that the encryption capabilities of the SIM card is used to good effect to secure an ordinary Credit Card transaction. This is solution is endorsed by VISA, even though it is very specific to mCheck.