Visa Mitigates New Forms of Internet Crime

Known as dynamic passcode authentication, the framework launched by Visa will help to establish an industry-wide standard for the technology. Visa will support the initial release through pilot programmes with Visa member banks in 2005. An extension of the Verified by Visa service adopted by over 29,000 merchants, dynamic passcode authentication is also known as two-factor authentication (something you have; i.e., your card, plus something you know, i.e., your PIN). The technology validates the cardholder’s identity and verifies the physical presence of the payment card through the combination of a smart (chip) card and calculator-sized smart card reader, or dynamic passcode generator. Visas adoption of this framework enables member banks to proliferate additional forms of secure payment instruments that will support the ongoing growth and opportunities of Internet banking and commerce for consumers and merchants. Dynamic passcode authentication is another layer of protection that allows cardholders to participate in a rigorous authentication process using a smart card and dynamic passcode generator that creates a one-time passcode for each online transaction made by a cardholder. The cardholder inserts their smart card into the passcode generator, enters their PIN to prove their identity, and the device displays a unique numeric response code to prove the presence of the payment card. Cryptographic operations are done on the smart card itself and the one-time-use passcode serves as a digital signature for the transaction. The cardholder enters the passcode on their computer as prompted by the online banking website or the Verified by Visa authentication page. Member banks may offer dynamic passcode authentication as an alternative to static passwords commonly used today for conducting online banking or making a purchase over the Internet. Dynamic passcode authentication raises the bar against fraudsters and phishing scams with the one-time passcode, which is useless in subsequent transactions. Visa International has a rich history of innovating and adopting advanced technologies and methods to combat new forms of fraud and ensure that members, merchants and consumers are protected. For example, the Account Information Security program secures the storage of card numbers. The zero liability programme protects consumers from liability for unauthorized transactions. Address Verification Service (AVS) and Card Verification Value 2 (CVV2) raise the level of fraud protection for card-not-present transactions. Dynamic passcode authentication is the latest example, drawing on Visa’s heritage of contributing to the widespread acceptance of financial services technologies.