NordPass Touts Improved Security of E-Commerce Tokenization, Passkeys

NordPass’s head of product research and development, Sorin Manole, said Mastercard’s recent commitment to reaching full e-commerce tokenization by 2030 in Europe enables better security through the increased use of passkeys. In practice, this means that cardholders can enable passkeys to authenticate e-commerce transactions.

“From a security standpoint, manual card entry carries a wide set of possible risks,” Manole explained. “If your card is physically stolen and you have no additional method of authentication added to your account, bad actors can easily steal your money.”

“This also applies online. Any information we type visibly on the screen, be it passwords or credit card details, can be acquired by hackers using malware, shoulder surfing, or other attacks. Introducing passkeys for e-commerce transactions would be a remedy for such threats.”

NordPass said e-commerce websites are especially appealing to modern hackers because people leave sensitive details from their shoe size, which can be used in phishing attacks, to credit card details. According to Deloitte, there are risks when e-commerce sites store a customer’s credit card data in an internal database for a smooth shopping experience. If hackers break into a company’s systems, they can acquire the payment details.

Based on a NordPass study, the retail and e-commerce industry ranks third in terms of the number of companies suffering data breaches, during which various consumer data was leaked.

“With customers having the option to avoid manual card entry and use passkeys instead, these risks will be reduced,” Manole explained. “Passkey technology is currently considered the most sophisticated method of online authentication, and while it was meant to replace passwords, we will soon observe its further implementation for payment processing.”

Cardholders will be able to create payment passkeys with Mastercard and use those payment passkeys to authenticate with biometric authentication in e-commerce token transactions. Merchants will be asked to confirm such transactions with device biometrics (such as fingerprint or face recognition).

According to Manole, passkey technology consists of two cryptographic keys — public and private. The public key is stored on the website’s server, and the private one — on the user’s device. Without each other, these keys do not work. It means that even if a hacker breaks into an e-commerce site and steals a public key, they will not be able to use it without the private key and biometric confirmation on top of it.

NordPass allows users to access passwords securely on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by former NordVPN staffers.



Sponsored Links by DQ Promote

 

 

Send this to a friend