Caradas Offers Smart Card Client For MasterCard
Caradas Inc., a provider of smart card enablement and integration software, announces smart card client software that works with MasterCard's standard for online credit card authentication.
The Caradas Connexus Payment Client software enables credential information from a smart card to be transmitted from the consumer to the card's issuer for verification, employing MasterCard's Universal Cardholder Authentication Field (UCAF) data transport standard. The software is intended to help merchants and issuing banks verify the identity of cardholders before approving online transactions.
To employ Caradas' client, a user first registers online with the financial institution that issued their card. The institution must support UCAF, MasterCard's standard for passing accountholder authentication data among issuers and merchants. Users next specify a PIN they will use with their smart card-enabled MasterCard and receive a standalone smart card reader.
The reader does not need to be connected to a PC. Rather, it uses a challenge-response system similar to RSA Security's SecurID authentication tokens.
When the user is ready to make a purchase at a site that supports UCAF, he is presented with a challenge number via the Caradas client. When the user inserts his smart card in the holder, he is prompted to enter his PIN and the challenge number.
If both are entered correctly, the reader will display an 11-digit response number that the cardholder then enters into the PC. The Caradas client software uses this number to electronically "sign" the transaction and the signature is transported back to the issuer for validation.
In some regions, including Europe, the Middle East and Africa, MasterCard UCAF transactions are treated the same as physical "card present" transactions conducted in brick and mortar stores. That means MasterCard fully covers the merchant for any potential losses. Such guarantees typically don't exist for online transactions in the U.S. that use traditional security systems such as SSL encryption. While encryption protects the card number, it does not help in verifying the identity of the cardholder.