The Electronic Payments Association announced Monday that ATM or debit cards can be used on the Internet with transaction authentication and security that are comparable to point-of-sale purchases.
Also known as the National Automated Clearing House Association (NACHA), the nonprofit Electronic Payments Association concluded its “Internet Secure ATM Payments” (ISAP) pilot program on April 13th. NACHA said it successfully processed 598 transactions in which digital signatures substituted for personal identification numbers (PINs).
The encrypted payment requests were then sent through an electronic paymentsnetwork, and the participants’ accounts were debited in real time.
“For consumers, purchasing online with digitally-authenticated ATM cards is no different from making an online credit-card purchase,” Forrester Research senior analyst Frank Prince told the E-Commerce Times. “It’s the merchants whose riskis greatly reduced by digital signatures.”
According to Prince, the value of using digital signatures for online payments is that they provide a “paper trail” that allows merchants to pinpoint faulty transactions.
Sign at the Bottom
Prince noted that the issue of card-not-present transactions has been tackled before, outside the context of the Internet. In the offline world as on the Internet, the goal of processing card-not-present transactions is to reduce the financialrisk for the merchant.
“Merchants are often left holding the bag when a transaction goes bad,” said Prince. “The question being addressed now is what specific technologies and policies can reduce merchants’ risk. Digital signatures are one answer.”
100 Percent Proof?
In the ISAP payments pilot, the digitally signed transactions were validated 100 percent of the time, and the average response time for authorizing a transactionwas six to eight seconds, NACHA said.
Approved transactions and denials were successfully returned to the merchant. In addition to successful transaction processing, the pilot withstood attempts to compromise security and commit fraud, the association said.
NACHA president and chief executive officer Elliott C. McEntee said that the success of the ISAP pilot shows that digital signature technology can be used to secure transactions because the signature is transported through a secure network and validated by the issuing bank.
“It’s in everybody’s best interest to reduce fraud,” Prince noted. “Consumers gain confidence from a history of successful transactions.”
Not a Done Deal
Despite optimism about NACHA’s latest digital signatures pilot, the network through which digital signatures and related authenticity certificates are transmitted — the public key infrastructure (PKI) — might be on shaky ground, accordingto research findings released Monday by Meridien Research.
PKI relies on a system of public and private keys, or codes. Public keys, accessible by anyone, are used to encrypt online messages, and private keys,known only by the individual, are used to decrypt online messages.
In her report, “PKI: It’s Now or Never,” Meridien Research senior analyst Jeanne Capachin said that PKI is facing daunting obstacles, and will likely dissolve unless financial institutions show their support en masse.
“There’s been a reluctance on the part of financial institutions to adopt PKI,” Capachin told the E-Commerce Times. “And if the situation hasn’t changedwithin 12 months, it will indicate they’re not committed to it.”
Very good idea! At last secure payments in the most intuitive way possible. Looks exactly like traditional ATM transactions in a much more secure way!
It looks like there’s still a lot of work in educating people about the difference between PKI as a solution or as a framework; successful applications that use PKI are solutions. PKI in and of itself is simply a concept. Moreover, digital certificates were NOT – repeat NOT – used to complete the digitally signed debit transactions in the NACHA pilot. Digital certificates were a PKI application that didn’t completely solve anything particularly well, but served to make some money for a few companies in the confusion.