"This is interesting in that it’s the first public announcement I’ve seen, at least from a major player, to leverage the mobile phone to secure a card-based transaction," said payments expert Todd Ablowitz, president of Double Diamond Group. "Of course, the question, as always, is about adoption. Can MasterCard and the other players looking to secure card-not-present (CNP) transactions get merchant and consumer adoption? How long will it take? No doubt there is a high level of fraud in CNP transactions, especially as related to card-present transactions, but will this be the solution? It remains to be seen. In the payments industry, that can take a long time to play out."
MasterCard is offering two types of the new mobile Chip Authentication Program (CAP), an SMS version and a downloadable app for smartphones. Both options present single-use passwords.
With the SMS version, the one-use password is sent within a text message to a user's cell phone when the consumer reaches the point in the checkout process where the site asks for the secure code. Smartphone owners using the installed MasterCard app have their one-time-use passwords displayed after they enter a PIN.
"This new development leverages the ubiquitous nature of mobile phones," said a MasterCard statement, citing a Forrester Research prediction that 84 percent of residents in Western Europe will be mobile users by 2014. Jan Lundequist, a senior business leader at MasterCard, said there are quite a few residential card readers in use in Europe and Scandinavia, but he said MasterCard was repeatedly asked about a mobile phone version.
"What we heard from our customers [about the home-based card readers] is, 'That’s all well and fine. They are working well, and they are secure. But there's also the opportunity to use another personal infrastructure out there: the mobile phone.'"
Lundequist said the mobile CAP systems are "not replacing but complementing" the home-based reader devices. "For E-Commerce, it is all relying on that secure code," he said.