Data security and transaction integrity are of critical importance to businesses and consumers. This need continues to grow as electronic transactions constitute an increasingly large share of commercial activity.
Email may be used as a tool to verify transactions, but email is susceptible to attack and vulnerable to hacking or other unauthorized access. Short message service (SMS) messages may also be used, but that is subject to compromise as well. Moreover, even data encryption algorithms, such as triple DES algorithms, have similar vulnerabilities.
Activating many cards, including for example financial cards (e.g., credit cards and other payment cards), involves the time-consuming process of cardholders calling a telephone number or visiting a website and entering or otherwise providing card information. Further, while the growing use of chip-based financial cards provides more secure features over the previous technology (e.g., magnetic strip cards) for in-person purchases, account access still may rely on log-in credentials (e.g., username and password) to confirm a cardholder's identity. However, if the log-in credentials are compromised, another person could have access to the user's account.
Despite concerns over security, the widespread use of log-in credentials passwords to safeguard account access and critical information continues. A potential solution to this problem is proposed by the FIDO Alliance in the form of the FIDO2 project to create a FIDO authentication standard. The FIDO2 project incorporates W3C's Web Authentication specification and the FIDO Client-Authentication Protocol to permit the use of common devices to authenticate online services and control account access. The FIDO2 project provides for the authentication of a device by initiating a cryptographic challenge that is answered by an authenticator device using a private key. However, security issues remain, including difficulties in proving an authorized user is present at the outset of the device authentication process.
These and other deficiencies exist. Accordingly, there is a need to provide users with an appropriate solution that overcomes these deficiencies to provide data security, authentication, and verification for contactless cards. Further, there is a need for both an improved method of activating a card and an improved authentication for account access.