Mastercard Wants to Get Rid of Card Numbers for Online Purchases, ET BrandEquity

Mastercard (image in file)

Mastercard Inc. is stepping up efforts to eliminate the need to provide credit card numbers when making online purchases in a bid to combat fraud.

A decade after it first unveiled technology that replaces customers’ card numbers with so-called tokens, the company is now processing 1 billion such transactions a week, Chief Executive Michael Miebach said in an interview. That’s after the payments giant took three years to process its first 1 billion such transactions.

Now, Mastercard plans to expand its use of technology to replace security measures like passwords with biometrics like fingerprints or facial scans, Miebach said. It’s the latest step the financial industry is taking to combat the growing problem of online payment fraud, which is expected to top $91 billion by 2028.

A decade ago, the conventional wisdom was, “If you want to stay safe, protect your data and transactions with passwords,” Miebach said at Mastercard’s London offices. “That worked for a while. And then it started to become a vulnerability instead of effective security and protection.”

Mastercard and rival Visa Inc. first introduced token technology about a decade ago after fraudsters attacked the payment systems of retailers including Target Corp. and Best Buy Co., making off with tens of millions of consumer credit card information. The technology initially focused on replacing card numbers with a token that only the networks can unlock, meaning it is useless if a hacker gets his hands on it.

Payment services like Apple Pay have helped reduce fraud related to in-store purchases. But now criminals are targeting e-commerce sites that require consumers to manually enter their card details to make a purchase.

Hackers are also increasingly targeting websites in places like India that rely on one-time passwords to help keep them secure. These passwords — which retailers and banks send to consumers to authenticate their identities — have become increasingly vulnerable to fraudsters, Miebach said.

Mastercard will work with banks and payment service providers around the world to replace those one-time passwords with a token based on consumers’ biometrics. It launched the service in India this week after signing partnerships with PayU and banks including Axis Bank Ltd.

“The root of the problem was that if the data was exposed and someone got into it and got into it, they could exploit it,” Miebach said. “The digital economy — what’s holding it back? The risk of data breaches, fraud, etc. And tokenization is a big lever to mitigate that.”

Mastercard expects all e-commerce transactions in Europe to be tokenized by the end of the decade.