Credit cards have become an immensely popular method of payment for goods and services. As mobile devices have grown in popularity, consumers now desire the ability to complete transactions using mobile applications on mobile devices. Mobile phones can be used for making efficient payments via contactless transactions at a merchant terminal. To successfully complete a transaction, sensitive card data must be transferred to the mobile device. To do so, the server or network containing the data needs to authenticate the user of the mobile device.
There are several authentication options to sync operations between a mobile application on a mobile device and a server. Two-way authentication, for example, involves two parties authenticating each other at the same time. This method requires the mobile application to authenticate itself to the server and the server to authenticate itself to the mobile application, such that both are assured of the other's identity. This method is an inefficient solution to the problem.
Another authentication solution is two-way Secure Socket Layer (SSL) authentication. Two-way SSL authentication requires the mobile application to be provisioned with a SSL certificate. Given that there could be millions of users, provisioning a SSL certificate for each user is impractical.
An alternative authentication method requires the user to provide two passwords—one for sync operations and another for payment operations. However, a single factor authentication method requiring the user to remember two passwords is cumbersome.
Accordingly, there is a need in the marketplace for a system designed to provide two factor authentication to ensure a better user experience. Furthermore, from an efficiency, security, and cost standpoint, the current disclosure provides an effective solution to this problem by using one password to enable payment and sync authentication.
Embodiments of the present disclosure can address the above problems, and other problems, individually and collectively.