Every day indentities, Credit Cards numbers & personal informaition is stolen. So what could potentially be done to help fight back from a consumer standpoint? Dual-Authentication.

What is dual-authentication? It is the process in which you login into a system using a password & username (factor 1) then you recieve a code via SMS (or something similar) to your mobile device and you have to enter that into the login form as well (factor 2) in order to access your account information. So what if we could have a simplified way of doing this with credit cards?

  1. You swipe your CC at a payment kiosk
  2. You recieve an SMS notification via you phone with a code

Then one of the two items below occurs:

  1. You enter this code (as i like to call it “preauthorization code”) into the kiosk pad (where you swiped the card) to continue the transaction
  2. You recieve the SMS or Push notification on your mobile phone (When you recieve the pre-auth code or notification, it would also say where the pre-auth is coming from.) and using an app verify the preauthorization or reply “yes” to the SMS to continue the transaction

The downside?

You have probably already guessed it. Inconvienince & it’s slow. (hopefully not anymore than 30 seconds longer) But, is it better to have a slower transaction or to loose your credentials?

Also how could an Internet Transaction take place?

My thoughts on this would be two-fold:

  1. You enter a predetermined code with the transaction that is created ahead of time for only this transaction.
  2. Or a predefined “single-use secret code” much like other 2-factor authentication systems give you, if you don’t have your mobile device on hand.

You could make the argument that “This is the Credit Card companies’ responsibility, not mine!” Yes, this is true; however, anyone that is targeted by an attacker, will eventually get through the defenses and still get the information.

As I like to say “If you are targeted by a hacker attack, you’re screwed. Period.”

This is why I believe the best defense that can be taken is by the end-user.