A dip, a tap, a text and a blink: The future of payment cards

The word “priceless” has an enduring and endearing presence at the St. Louis hub of MasterCard.

The word “priceless” has an enduring and endearing presence at the St. Louis hub of MasterCard.

A selfie instead of a password that you type in when you’re paying online. A computer chip in a card that you’ll have to dip or tap when you’re shopping in-store. These are just two of the most recent innovations in the payment processing industry that MasterCard is gearing up to implement worldwide.

The company’s No.1 concern has always been that, when a consumer pays with a MasterCard, the transaction is authorized, cleared and settled seamlessly and safely.

To do that, the company relies on fast and furious but secure technology, the cutting edge kind that a team of MasterCard executives and experts presented recently to a group of Southeast Asian journalists during tours of its tech headquarters in St. Louis, Missouri, and its tech hub in New York City.

The MasterCard Technologies headquarters in the Greater St. Louis Area in Missouri is a 55,000 square-foot workplace sprawled around a lake.

The hub houses the Mastercard Data Center (MDC) and the Operations Command Center (OCC), two crucial reasons the facility was built to withstand extreme conditions, including fire, flood, tornado and earthquake. Blackouts? No problem. The facility generates power that supposedly can support a city of 30,000 people and can operate on and on and on using backup generators.

The MDC is made up of 529 miles of copper and 520 miles of fiber infrastructure. Underneath its raised floors are 3.1 miles of cable tray. It has an available storage of 5.6 petabytes (for those who still think in gigabytes, 1 petabyte is equal to 1 million gigabytes. In 1 petabyte, you can store the DNA of the entire population of the United States and clone them twice, according to futurist Raymond Kurzweil in “The Singularity is Near”).

Command center

As for the OCC, it is a NASA-like operation with 20 monitors that are convertible into one giant screen. Its highly trained teams monitor and manage the MasterCard Worldwide Network of 25,000 financial institutions, 40 million merchants and 2.3 billions cardholders transacting in 150 different currencies in more than 210 countries. The same reliable, flexible and secure network responds faster than the blink of an eye and runs 24/7 all year round.

When a person dining in a Paris café uses his card, MasterCard can route the transaction from the café’s acquiring bank in Paris directly to the cardholder’s issuing bank and get that message back for approval without having to go through St. Louis.

But the MasterCard network is also smart enough to detect if a large issuing bank is unable to provide approval processing because its system is down, according to Tom Larner, senior business leader at Mastercard’s Network Operations. In such a case, the transaction is redirected to the OCC.

“We will then stand-in for the issuing bank and provide approval processing while its system is down,” Larner said. “The consumer doesn’t even know that’s what happened.”

The word “priceless” has an enduring and endearing presence at the St. Louis hub. Echoed from the company’s long-running and successful ad campaign, its translations into different languages welcome visitors into the strictly guarded lobby. It also headlines wall exhibits memorializing the company’s 50th anniversary in October.

The MasterCard Technologies headquarters in the Greater St. Louis Area in Missouri is a 55,000 square-foot workplace sprawled around a lake.

Fifth Avenue hub

The New York City tech hub, on the other hand, sits across three floors and 60,000 square feet of pricey property on Fifth Avenue. The open design environment is where inspired engineers, developers and others in the Mastercard product and technology teams take the company to new heights of innovation.

On one floor is a showcase for Mastercard’s latest suite of offerings: Groceries by MasterCard, the first grocery shopping app integrated into Samsung’s The Family Hub refrigerator that enables consumers to replenish food supplies without leaving their kitchens; Clothespin, an app jointly developed by MasterCard and Maytag that allows apartment complex dwellers and other consumers to do laundry by using their smart phones to pay, check for available machines, and receive notifications when cycles are complete; Qkr!, an app developed by MasterCard Labs that makes dining out much more convenient as diners can control how and when they pay, even split the bill with friends.

Opportunities for innovation

While the MasterCard technology hubs were physically impressive, the technologies presented, all aligned toward making payments safer and smarter for consumers, were even more astounding.

MasterCard never lent the money, never issued the cards, never made the terminals, pointed out chief information officer Ed McLaughlin, “but we’ve always provided the platform for innovation.”

He gave examples of the most disruptive and transformative businesses today—Amazon in retail, iTunes in digital media, Uber in mobility— that are anchored upon access to safe and secure payments as well as upon connecting buyers and sellers, exactly the type of solutions provided by MasterCard.

“The opportunity for us to make things better for our consumers is phenomenal,” said Johan Gerber, executive vice president for Security and Decision Products.

As the internet of things was enriching lives and blurring physical and digital boundaries, it powered payments everywhere through increased connectivity across the globe. There were 4.9 billion connected devices in 2016, he said. He figured that there were up to 100 different devices that potentially could do payments on behalf of a consumer nowadays.

Fighting fraud

“But with opportunity comes vulnerability,” he added. “As commerce moved from a physical environment to a digital one, fraud was moving as well.”

Online fraud increased as in-store shopping became more secure. Counterfeiting a physical card became more difficult after the magnetic strip was replaced with an embedded EMV chip, a technology resulting from a collaboration among credit card networks Europay, Mastercard and Visa.

“There is a very strong push globally to move to a full EMV environment,” Gerber said.

The chip cards have shooed away fraudsters to the cyberspace where they have been focusing on identity-theft and hacking systems for account takeovers.

Gerber said that credit card fraud was estimated at $60 billion globally. He recalled that a specific bank was breached by hackers who took over the bank’s systems and authorized ATM withdrawals at more than 27 countries, stealing close to $40 million.

Since that attack, he said, MasterCard had put in place Safety Net, a real-time network protection tool that scans the network, detects patterns that look abnormal and locks the system to render data useless. The technology has detected and blocked ATM, POS (pointed of sale), system weakness and system failure attacks, “helping financial institutions avoid millions in potential fraud losses across channels.”

With cybercrime tools becoming more sophisticated, MasterCard also established the Digisec Lab to defend the company and the industry against attacks targeting, among other things, mag stripes, EMVs, PIN entry devices like terminals and ATMs, digital wallets and other Cloud-based payments.

The security research laboratory, which opened in 2015 in Knutford, United Kingdom, is unique to Mastercard, said Nancy O’Malley, EVP for Payment System Integrity. It works with global law enforcement agencies to dissect fraud devices using state-of-the-art X-rays, lasers and other equipment.

Layers of protection

Today, MasterCard’s concern is no longer just fraud but also consumer confidence in the digital payment system, Gerber said.

Wanting to gain that trust without risk to its stakeholder merchants and banks, Mastercard has introduced multiple layers of protection for consumers that include biometrics, tokenization and zero liability.

The MasterCard Identity Check Mobile for online shopping, which is available in Europe now and will be rolled out in phases in other parts of the world next year, uses biometrics to speed up digital transactions and make them more secure.

Bob Reany, EVP for Identity Solutions, describes Identity Check thus: “Imagine you’re going to make a purchase through your phone and you don’t want to give a password or answer any questions verifying your identity. You just want to do this seamlessly and easy. A pop-up on your phone says take a picture. You look at the camera, you blink, and that’s it.”

In that blink-of-an-eye selfie, three things are identified: your device, your location and your face.  As such, it speeds up the digital payment experience without having to sacrifice safety and security.

The same biometrics technology can also verify your Identity through your thumbprint via a fingerprint scanner.

Tokenization

Then there is Mastercard Digital Enablement Service (MDES), which creates a “digital” version of a Mastercard plastic card.

“Let’s say you want to use a digital wallet like Apple Pay or Android Pay on your mobile phone,” Reany said.  “We wouldn’t be very smart if we let you put your 16-digit account number into your phone because people can steal your phone, the bad guys can send you viruses and malware, fraud can occur. What we can do is use MDES. We go to your issuer, we validate your identity and we place a token or representation of that account number.”

That token number is useless if stolen. “We want to tokenize every single digital transaction in the world to make it much harder for the bad guys to do fraud,” he added.

While tokenization, biometrics and EMV are designed to safeguard the account and the cardholder, and Safety Net secures the transaction, zero liability is meant to enhance user experience.

According to O’Malley, zero liability is not a product but a policy.  “It used to be that we had a different liability rule in every region of the globe,” she said. “One day our CEO asked why did we do that. He said consumers should have the same protection regardless of where they lived. So we updated the rule and now it’s a global policy.”

Zero liability is a promise that, should there be fraud on your account when you use a Mastercard online, you will not be liable for the transaction. As simple as that sounds, it is probably the most important of MasterCard’s policies.

“You can take any MasterCard product, get on a plane, land anywhere in the world, and have complete confidence that it’s going to work perfectly for you,” said McLaughlin. There are more Mastercard users than Facebook users, and we continue to grow.”

There is definitely room for growth because, according to research from McKinsey and Capgemini, 85 percent of transactions in the world is still in cash. To include the un-banked and un-carded in the Mastercard experience would be a challenge that is, as they would say in St. Louis, priceless.

Read more...