552 -remarkable pricing

It’s authentication security; ie who ever is using the payment method is who they say they are… and are authorised to make the payment.
TOTP is a time based one time password, such as you get with a digital cryptographic key validated Authenticator application or dongle… such as Microsoft or Google Authenticator.

2FA is 2 factor authentication. Having a method with just a single factor such as password or PIN is these days considered weak authentication, it’s more secure to have multiple factored authentication… further it’s better to have the authentication factors split across something owned, something known and something you are.

An OTP is a regular one time password. An OTP provided by mobile text is now not considered secure by the US National Institute of Standards and Technology (NIST)

However credit card authentication is governed by PCI-DSS (Payment Card Industry Data Security Standards) that have not aligned with NIST at this time… perhaps due to issues of alignment with how credit cards are used, and the mechanisms by which authentication is made to enable a payment.

In short a digital payment system potentially can offer a higher level of user/owner authentication than current credit/debit cards. PayPal meets that requirement for me… and @sound-hound was asking for reasons… and I was giving mine… but I work in a related industry so perhaps more aware than some.

Hopefully that makes sense… it’s all about mitigating the impact of theft of card or numbers and preventing fraudulent use.

Excellent explanation, thank you.

Am I correct in thinking that my my Microsoft Authenticator App that I use for Amazon, Paypal discogs etc is TOTP?

For my credit (and debit) cards the site I am using says I need to authorise the payment and then in the banks app I do this (some accounts just uses Face ID, whereas others make me swipe and enter 3 digits from a 6 digit PIN - where does this stand in the hierarchy?

.sjb

Yes … exactly right.

So if all payments have to be validated using facial recognition as well as a PIN then this is good … as that is strong 2FA … ie something known, and something you are. But just relying on face recognition is not good.

Adding 3 digits from a 6 digit PIN… if on its own is weak. It’s a single something known. If you have a password and pin, that is weak multi factor authentication, as it’s two lots of something known… and not considered strong from an identity and authentication validation perspective, but your physical card, and PIN used together is considered stronger… as it’s something owned, and something known… as you would use face to face with a retailer into a card EPM.

1 Like

Is this written by AI?
Martin

1 Like

Chuckle… you sound like my wife :crazy_face:
But thanks for the compliment… but no I don’t believe I am AI

1 Like

Some people call you Betty?

G

10 Likes