The experience of paying for things online is about to feel a lot different in the coming years.
Starting from 2030, Mastercard will no longer require Europeans to enter their card numbers manually when checking out online -- no matter what platform or device they're using. Mastercard will announce Tuesday in a fireside chat with CNBC that, by 2030, all cards it issues on its network in Europe will be tokenized. In other words, instead of the 16-digit card number we're all accustomed to using for transactions, this will be replaced with a randomly generated "token."
The firm says it's been working with banks, fintechs, merchants and other partners to phase out manual card entry for e-commerce by 2030 in Europe, in favor of a one-click button across all online platforms. This will ensure that consumers' cards are secure against fraud attempts, Mastercard says. Users won't have to keep entering passwords every time they try to make a payment, as Mastercard is introducing passkeys that replace passwords.
This is likely something like a FIDO token/passwordless setup of some sort (i.e. Windows Hello).
The thumbprint would just unlock the hardware device, so the thumbprint itself wouldn't need to be transmitted to your credit issuer. This gives you full two factor authentication of your identity because you need the hardware device (something you have) and your biometric (something you are). They also often allow pins (something you know) instead of biometrics as the second factor.
The first thing I thought was "what's the alternative?" If I don't do biometrics on my phone then why would I do it for my credit card? I'm American so I don't have to worry about this yet but it's probably an indicator of what's coming here.
I might be wrong, but I think they will probably let the OS handle the biometrics offline, which means that they won’t have access to your biometrics, they just work with cryptographic keys. Otherwise it doesn’t make sense, as apps usually don’t have direct access to the fingerprint reader. It will probably be similar to how a passkey works.
I’m always down for stuff like this but it doesn’t sound much different from having to approve the payment in the app or using one of those single-use cards. I’ll wait and see how the passkey works.
But guys! This isn't going to be hackable at all! And it's certainly not going to be a problem for problematic gamblers or anyone with compulsive spending habits
That isn't a concern and it shouldn't be. People are responsible for themselves, why should I be inconvenienced because progressive iterative improvements could negatively impact a select few people that are entirely responsible for themselves?
As for hackable, they would not do it unless it was more secure and if it is easier for the consumer what is the problem. Fraud protection is standard here anyway, never heard of someone not getting their money back when someone else uses their account.
If NFC was ubiquitous across all devices I could see something like this working relatively easily. But given the matrix of devices, operating systems, web browsers, apps, etc. I don’t see this as an easy task at all…