“Hey girl in your eyes
I see a picture of me all the time
(step!)”

Which is roughly how this new mechanism works to provide a second factor of authentication using an out of band mechanism. After submitting a payment, a “Cronto Visual Cryptogram” (a picture) is displayed which has to be decrypted by your mobile phone (or other device) providing you with a code you then have to enter into your payment page.

Similar to SMS 2FA (or at least well implemented SMS 2FA), the “cryptogram” can include other textual information such as payment details. This should hopefully prevent fraudulent transactions from being “authorised” via the channel, such as those generated by a “man-in-the-browser” trojan.

Whilst I haven’t really had time to process the benefits and disadvantages (mobile phone compatibility?) of this mechanism I’m quite happy to hear that innovate research is still being done in this space. Interesting…

(Thank you SBN feed for bringing this article to my attention!)