Best authentication method

pts.
Tags:
Access control
Application security
Biometrics
Browsers
Database
Digital certificates
Encryption
filtering
Identity & Access Management
Instant Messaging
Microsoft Exchange
provisioning
Secure Coding
Security tokens
Servers
Single sign-on
SSL/TLS
Web security
I'm researching authentication methods, trying to determine what method is best for allowing customers to make payments online. Which, in your opinion, is best?

Answer Wiki

Thanks. We'll let you know when a new response is added.

You can install ssl cert and arrange merchant accounts with your financial institute or setup paypal accounts which are very secure

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Amaison
    in order to process payment on-line, you need two authentication: that of the customer and that of the merchant. if the transaction is at a point of sale with the merchant being on-line with a transaction processing terminal, the merchant authentication is installed within the machine and there is little to be added. the authentication of the customer can be done with a - single factor: the fact that he has a avlid credit card, which is quite weak authenticatino or with - two factors: - the fact that he as both a valid debit card and a unique password or two
    0 pointsBadges:
    report
  • Amaison
    in order to process payment on-line, you need two authentication: that of the customer and that of the merchant. if the transaction is at a point of sale with the merchant being on-line with a transaction processing terminal, the merchant authentication is installed within the machine and there is little to be added. the authentication of the customer can be done with a - single factor: the fact that he has a avlid credit card, which is quite weak authenticatino or with - two factors: - the fact that he as both a valid debit card and a unique password or - the fact that he as a smart card and a unique password or a biometric signature - three factors is rarely used in payment transaction. when payment is done through the internet, the merchant "terminal" is his web site that can be secured with SSL. but the authentication of the customer is very weak and is the major source of impersonation. two
    0 pointsBadges:
    report
  • ITDefensePatrol
    I mostly agree with previous. Note SSL is susceptible to man-in-the-middle attack. I assume you are merchant. You payment processor probably has guides. VISA also has guides (or is that Mastercard?). Verisign is a good source for authent. Others like PayPal also a good resource (for outsourcing heavy work). Go strong. Banks are required (newly in effect) to use strong auth (password insufficient) - see FFIEC guidances. All these have extensive guidance. Even you aren't required to follow these, not a bad idea - your bank, payment proc or other may make you do it anyways (now? later?). Get ahead of the issue now. password not acceptable. SSL basically OK (for now), but some risk.
    0 pointsBadges:
    report
  • TIMWATSON
    YOU MAY WISH TO CONSIDER A FREERADIUS SERVER, FREERADIUS DOT ORG, RUNNING SMALL WEB SERVER SOFTWARE SUCH AS ACME DOT COM. A LITTLE FAR OUT..., LINUXVIRTUALSERVER DOT ORG, ALONG WITH HEARTBEAT (INFO AT LVS DOT ORG (ABOVE)), AND THEN BEGIN ENCRYPTION HARDWARE/SOFTWARE BUILD USING ABOVE US A BASELINE. TIM.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following