The online shopping and payment experience today have attained a certain level of security, convenience and trust. The entire process from cart check-out to online payment is now almost second nature to consumers because they know what to expect:
Upon confirming the payment account and clicking ‘Purchase’, the consumer waits to receive a text message containing a dynamic one-time password (OTP) – usually 6 digits – that is to be entered to the transaction site to authenticate the payment. Within a matter of minutes, the transaction is completed, the purchase confirmed, and delivery of the product is on the way.
In the early 2000s, global card schemes such as Visa, MasterCard, JCB and American Express deployed the 3-D Secure protocol to provide an additional layer of security for online card transaction. This protocol enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases, thereby helping to prevent unauthorised CNP transactions and protect merchants from CNP exposure to fraud.
However, online payment still saw a low adoption due to inconvenience and lack of security. Consumers would have to enter their 16-digit card number, expiry date and CCV number, as well as rely on memory to enter the pin number of the card to make an online purchase. Further, the static nature of passwords and credit card numbers made these details vulnerable to phishing.
Infinitium drilled down to the pain-points faced by consumers and tackled them head-on: What if there is an alternative to remembering static pins and passwords? How can consumers be assured that they will not be charged for a purchase that they did not authorise? How can issuing banks confirm that it is the cardholder that is making the transaction instead of a middleman?
The answer to these questions birthed the dynamic OTP technology, which enables the bank to issue cardholders a one-time password through their mobile phone that they enter each time they use their cards to purchase goods online.
This two-factor authentication – requiring something the person knows (such as a password) plus something the person has (such as a specific mobile phone) – eliminates the problem of phishing and makes e-commerce transactions more secure. The entire payment ecosystem benefits with two-factor authentication as a standard: not just consumers and banks, but also merchants because they have the peace of mind to accept cards for e-commerce transactions.
With this breakthrough, Infinitium demonstrated the technology to Visa, who then presented it to the central banks of Malaysia and Singapore, which resulted in the Monetary Authority of Singapore and Bank Negara Malaysia mandating that all e-commerce transactions in their respective countries must be two-factor authenticated with Dynamic Authentication.
Infinitium’s first major innovation in securing the payment process of e-commerce remains relevant until today – with every online purchase transacted, Infinitium generates the dynamic OTP, delivers it to the consumer’s mobile phone and authenticates it on behalf of banks. As one of the industry’s leading specialists in e-payments, Infinitium’s solutions continue to impact over 50 banks across the region and touches the lives of over 180 million cardholders daily when they engage in online payments.
Recently, Infinitium has been awarded the technology patent for Multi-Factor Authentication by the Indonesian Patent Registrar, of which Dynamic Authentication with OTP stands as one of the form factors within this patent.
We believe that with our pioneering spirit & innovative solutions,
we can break boundaries and adapt to changing circumstances.