Comments on: Best authentication method http://itknowledgeexchange.techtarget.com/itanswers/best-authentication-method/ Sun, 19 May 2013 03:14:28 +0000 hourly 1 By: timwatson http://itknowledgeexchange.techtarget.com/itanswers/best-authentication-method/#comment-40438 timwatson Thu, 17 Aug 2006 11:30:50 +0000 #comment-40438 YOU MAY WISH TO CONSIDER A FREERADIUS SERVER, FREERADIUS DOT ORG, RUNNING SMALL WEB SERVER SOFTWARE SUCH AS ACME DOT COM. A LITTLE FAR OUT…, LINUXVIRTUALSERVER DOT ORG, ALONG WITH HEARTBEAT (INFO AT LVS DOT ORG (ABOVE)), AND THEN BEGIN ENCRYPTION HARDWARE/SOFTWARE BUILD USING ABOVE US A BASELINE. TIM.

]]> By: itdefensepatrol http://itknowledgeexchange.techtarget.com/itanswers/best-authentication-method/#comment-40439 itdefensepatrol Mon, 07 Aug 2006 10:32:19 +0000 #comment-40439 I mostly agree with previous. Note SSL is susceptible to man-in-the-middle attack.

I assume you are merchant. You payment processor probably has guides. VISA also has guides (or is that Mastercard?). Verisign is a good source for authent.

Others like PayPal also a good resource (for outsourcing heavy work).

Go strong. Banks are required (newly in effect) to use strong auth (password insufficient) – see FFIEC guidances.

All these have extensive guidance. Even you aren’t required to follow these, not a bad idea – your bank, payment proc or other may make you do it anyways (now? later?). Get ahead of the issue now.

password not acceptable. SSL basically OK (for now), but some risk.

]]> By: amaison http://itknowledgeexchange.techtarget.com/itanswers/best-authentication-method/#comment-40440 amaison Sat, 05 Aug 2006 12:17:25 +0000 #comment-40440 in order to process payment on-line, you need two authentication: that of the customer and that of the merchant.
if the transaction is at a point of sale with the merchant being on-line with a transaction processing terminal, the merchant authentication is installed within the machine and there is little to be added.
the authentication of the customer can be done with a
– single factor: the fact that he has a avlid credit card, which is quite weak authenticatino or with
- two factors:
– the fact that he as both a valid debit card and a unique password or
– the fact that he as a smart card and a unique password or a biometric signature

- three factors is rarely used in payment transaction.

when payment is done through the internet, the merchant “terminal” is his web site that can be secured with SSL. but the authentication of the customer is very weak and is the major source of impersonation.

two

]]> By: amaison http://itknowledgeexchange.techtarget.com/itanswers/best-authentication-method/#comment-40441 amaison Sat, 05 Aug 2006 12:14:47 +0000 #comment-40441 in order to process payment on-line, you need two authentication: that of the customer and that of the merchant.
if the transaction is at a point of sale with the merchant being on-line with a transaction processing terminal, the merchant authentication is installed within the machine and there is little to be added.
the authentication of the customer can be done with a
– single factor: the fact that he has a avlid credit card, which is quite weak authenticatino or with
- two factors:
– the fact that he as both a valid debit card and a unique password or

two

]]>