Managed information cards for secure online purchasing

Here's news of an important technology demonstration from Ping Identity and ACI Worldwide at the upcoming DIDW Conference (just two weeks away in San Francisco in case you have forgotten to register).

To put this in context, ACI Worldwide is the world leader in retail payments – over half the plastic card transactions in the world (55 billion last year) go through ACI's software at banks, merchants and networks in over 85 countries.

The presentations will include a discussion of how,  “the 3D-Secure protocol used by Visa, MasterCard, and JCB, as well as the PayPal protocol, could easily be adapted to support Information Card”.

The work is the result of a collaboration by Sid Sidner, the architect for ACI’s virtual SET wallet and 3D-Secure products, and Ping's Ashish Jain and Patrick Harding.  Ping's backgrounder says:

“The identity metasystem concept embodied in Information Cards has applications beyond pure authentication.  For example, Information Cards could be excellent for supplying payment data to an e-commerce merchant during a purchase.

“It would go like this: A payment provider such as a bank or PayPal issues a consumer a payment Information Card.  Then the consumer can use it at participating merchants.  They simply click a button which activates the identity selector software on their PC, phone, or set-top box – an identity selector like Microsoft's CardSpace or any of the other ones being developed.  The consumer selects the payment Information Card of their choice, enters their PIN, and the identity selector gets the payment information from the payment provider and returns it to the merchant.

“The consumer will like it because they don't have to type in the card number, expiration date, CVV, and billing address.  The merchant will like it because the clickpath to order submission is shorter; they will should get better merchant fees and fraud risk; and they don't have to store sensitive cardholder information in their databases.  The payment provider will like it because they can dramatically lower their e-commerce fraud.

“An exciting aspect of this is that the 3D-Secure protocol used by Visa, MasterCard, and JCB, as well as the PayPal protocol could easily be adapted to support Information Cards.”

3 thoughts on “Managed information cards for secure online purchasing

  1. This is really cool news!!! I advocated open standards at Visa, and 3-D secure always rubbed me the wrong way for a) not being an open standard that could be leveraged by other parties, b) had very limited ability to be extended to work in any sort of “identity metasystem” and c) didn't really allow for the sort of innovation that openid & information cards allow.

    That being said, the problem with changing 3-D Secure is one of costs – there were a lot of machinations just to get 3-D adopted in the last few years – I'm not sure its realistic to expect a lot of enthusiasm for *more* investment in technology change across the online electronic payments ecosystem! (Though it would be pretty cool…)

  2. Pingback: IdentityBlog - Digital Identity, Privacy, and the Internet's Missing Identity Layer

Leave a Reply