IBM has developed two-factor authentication that uses near-field communication (NFC) to secure financial transactions on mobile devices.
Big Blue claims using NFC means that users no longer have to carry inconvenient devices such as a random password generator.
Two-factor authentication is already prevalent in the business world where employees are required to enter a password and a verification code sent by text message to log into accounts or services.
IBM said its scientists have applied the same concept using a PIN and a contactless smartcard, such as a bank card or an employer-issued identity badge.
A user simply holds the contactless smartcard next to the NFC reader of the mobile device and after keying in their personal identification number (PIN), a one-time code would be generated by the card and sent to the server by the mobile device.
The technology is based on end-to-end encryption between the smartcard and the server using AES (Advanced Encryption Standard) security.
"Our two-factor authentication technology based on the Advanced Encryption Standard provides a robust security solution with no learning curve," said Diego Ortiz-Yepes, a mobile security scientist at IBM Research.
According to a recent report by ABI Research, the number of NFC devices in use will exceed 500 million in 2014. Another study from Juniper Research forecasts that one billion mobile phone users will use their devices for banking purposes by 2017, making this a vulnerable market for hackers.
The technology, which is available today for any NFC-enabled Android 4.0 device, is based on IBM Worklight, a mobile applicationplatform IBM acquired in 2012. Future updates will include additional NFC-enabled phones.
