Mastercard's tokenization keeps transactions safe. Source: Shutterstock

Mastercard’s tokenization keeps transactions safe. Source: Shutterstock

How Mastercard uses technology to protect customers from fraud

CYBERATTACKS are evolving in scale, sophistication, and frequency. At the same time, new forms of digital payments and transactions are proliferating.

As a result, all players in the financial ecosystem need to have wide-ranging and comprehensive cybersecurity solutions in place to secure their expanding networks and data.

In an exclusive interview with Tech Wire Asia, Mastercard APAC’s Senior Vice President — Cyber & Intelligence Solutions Karthik Ramanathan explained how the team uses technology to secure customers from fraud and other cyber threats.

“The quantity and sophistication of cyber threats to banks are rising significantly. We’re seeing an increase in the scale of attacks – for example, attempts by fraudsters to use malware and other tools to bring a bank system down. These operations are becoming more organized and internationally networked.

“On the other end, we are also seeing a significant step-up in criminals offering stolen credit card and other data for sale on the dark web. That can be the starting point for many fraudulent transactions.”

Being aware of the situation in the market, Mastercard is careful to craft a solution for its individual customers.

“We use multiple layers of security to protect consumers across the flow of every transaction. These include authentication, tokenization, and data analytics to prevent fraud.”

Authentication solutions like 3D Secure form the first layer of security and usually seen when customers shop online. “Today, the most common way customers know this technology is the One Time Password they receive on their mobile device for online transactions.”

The industry is now moving to the next version of 3D Secure and this is called EMV 3DS, which enables more information about a transaction to flow to the issuer.

According to Ramanathan, the new technology allows issuers to safely authenticate transactions without prompting customers for an OTP – especially for low value, low-risk transactions.

“Consumers are increasingly preferring biometrics as well, such as the use of a fingerprint to authorize a transaction,” said Ramanathan, suggesting that they’re keen on delivering such features to end-users.

However, the Mastercard Senior VP pointed out that tokenization is the next key layer in protecting customers and is crucial in today’s digital-first world of business and commerce.

“This technology replaces the card’s primary account number (PAN) with an alternate card number called a token, and the tokenized card details are delivered to the mobile device to enable secure payment.

“We combine this with advanced authentication through a standard checkout experience that leverages the EMVCo Secure Remote Commerce (SRC) framework.”

According to Ramanathan, SRC also helps merchants implement and securely store tokens on file, which ultimately supports a move towards a token-only world.

As the use of mobile devices and the internet of things (IoT) for transactions expands, an industry-standard, robust, and trusted tokenization scheme that can be adopted by all players will enable multiple devices to transact with each other and merchant ecosystems.

The use of tokenization also allows anonymized data to be aggregated, analyzed, and leveraged for stronger detection of fraudulent behaviors, further securing transactions for customers using Mastercard’s payment system.

Finally, as a final line of defense, Mastercard uses sophisticated data analytics and artificial intelligence to score transactions for fraud at various points of data transmission.

However, Ramanathan believes that the company needs to do more than just secure its own product. In order to strengthen its ecosystem, Mastercard invests in ongoing consumer education to arm them with the knowledge they need to protect themselves.

“This includes teaching consumers to check that the websites they’re using are secure, they’re not transacting across public Wi-Fi, they have researched the merchant and so on,” explained Ramanathan.

While the company is essentially a payments processor, the discussion with Tech Wire Asia showcased how the company has morphed into a technology business in many ways.

True, the company isn’t directly selling technology but the brand is definitely strengthened by the technology that it has developed and built to support customers and end-users.

In the end, technology has provided Mastercard with a competitive edge than many of the smaller players in the market are struggling to beat.

Ramanathan and his organization’s efforts to secure (and educate) the end user have earned the company a lot of positive recognition and credit in the market place. In the coming months, more security is promised, bringing with it a promise of more cutting-edge technology.