MasterCard, Visa up ante in battle for data security

MasterCard and Visa are adding more firepower in their fight to combat data security abuses.

The plans were revealed separately by each company, and coincided with last week's White House Summit on Cybersecurity and Consumer Protection at Stanford University.

MasterCard reported that it would invest more than $20 million in cybersecurity-related technology enhancements to deliver greater confidence to MasterCard cardholders, merchants and issuing banks. The enhancements will include biometrics.

"These new activities will help us continue to deliver the tools and solutions that instill a peace of mind by protecting each transaction that crosses our network," Chris McWilton, president, North American Markets, MasterCard, said in a press release. "While progress is being made with the move to EMV and mobile payments, our continued investments reinforce the efforts we are taking to protect the payments system for cardholders, merchants and issuers. That's at the heart of what our cardholders expect when they see our brand mark."

This spring, MasterCard will launch MasterCard Safety Net in the United States. The solution is designed to reduce the risk of fraud or cyberattacks before issuers and processors might notice these threats. It provides an independent layer of security on top of the tools and policies of financial institutions by monitoring and blocking specific transactions based on selected criteria, the company said. "MasterCard Safety Net is designed to intervene only in extreme cases to block fraudulent activity."

Later in the year, MasterCard and First Tech Federal Credit Union will roll out a pilot program that will enable consumers to authenticate and verify their transactions using a combination of unique biometrics, such as facial and voice recognition and fingerprint matching. "This initial test has the potential to deliver greater security to U.S. cardholders without compromising the ease and convenience Americans have come to expect today when using their credit and debit cards," the press statement said.

Up to now, biometric authentication has been considered unproven as a replacement for passwords, according to PaymentsSource. "There's been advancement in the technology behind biometrics that makes this a good time," said Carolyn Balfany, MasterCard's senior VP of product delivery, who is focused on EMV and security.

"We've been talking about biometrics for a long time, but I think we're at the tipping point of adoption, spurred both by the advancement of the various biometric technologies, combined with the fact that we finally have a set of endpoints such as mobile devices that can easily facilitate the authentication without requiring any special hardware," Julie Conroy, a research director at Aite Group, told PaymentsSource.

Visa said that it is expanding the use of new security technology that replaces the traditional 16-digit account number with a unique series of numbers. This will help to prevent exposure of sensitive consumer account information in online and mobile payments.

"In 2015, Visa will offer secure payments across a wide variety of devices, platforms and apps," said Charlie Scharf, Visa's CEO,  in a prepared statement. "In order to enable these innovative new ways to pay, we are deploying smart technologies that help to prevent fraud, while also maintaining consumer and merchant trust in digital commerce."

Last year, the company launched Visa Token Service, the technology that replaces the sensitive payment account information found on plastic cards, such as the 16-digit account number, expiration date and security code, with a unique series of numbers that can authorize payment without exposing actual account details. To date, more than 500 financial institutions have started to implement the service, Visa said. In 2015, the service will expand to more payment environments, helping merchants, financial institutions and mobile device manufacturers to offer secure digital payment experiences.

"Removing card account numbers from the processing and storage of payments represents one of the most innovative and promising technologies we've seen in decades," said Scharf. "This, combined with chip card technology, advances in account holder authentication through analytics and biometrics, and more sophisticated risk monitoring, will allow Visa account holders to enjoy new, secure payment experiences."

Gil Luria, an analyst at Wedbush Securities, told the Wall Street Journal it's no sure thing that the initiatives will be sufficient to stop the data abuses. "Nobody's really come up with a foolproof way to safeguard consumer information. At the end of the day, it's the retailer, the bank that has to keep it secure. [Visa and MasterCard] can only do so much to set the rules, enforce them," he said.

For more:
-See this MasterCard press release
-See this Visa press release
-See this PaymentsSource article
-See this Wall Street Journal article

Related stories:
Retail groups take banks to task over data breach responsibility
Retail security issues move from CIO to the C-suite
Asset management critical to IT security
Shoppers don't feel safe, demand to be compensated for security breaches
Retail security still very much under attack