ITU Workshop on "Digital Financial Services and
Financial Inclusion“
(Geneva, Switzerland, 4 December 2014)
Evolving Payments into The Digital
World
Richard Smith,
Vice President, MasterCard
Customer Fraud Management
Richard_smith@mastercard.com
Geneva, Switzerland, 4 December 2014
What do most criminals want?
Primary Account Data
Mag stripe Track 1 + Track 2 data
PAN, User Name, Expiry date, CVC1
CVC2
Personal Identification Number (PIN)
Personal data
Geneva, Switzerland, 4 December 2014
2
Where is the data?
Point of Sale
(POS) system
Back of House
Server (BOH)
In Transit
Geneva, Switzerland, 4 December 2014
3
Traditional “Four-Party” Model
Depiction
Issuer
Acquirer
Transaction
Third Parties
Third Parties
Statement
Transaction
Cardholder
Merchant
Goods and Services
4
Emerging Trends
Technology – Cloud, Mobile
• New types of entities that we have never worked
with before
• They don’t know us and we don’t know them
• They don’t understand the rules of the game,
Regulation/AML/OFAC/Customer Risk/Fraud
• Risk appetites are very different
May 30, 2016
Page 5
Transition to Today’s “n-Party” Model
Independent
Sales
Organizations
(ISO)
Independent
Sales
Organizations
(ISO)
Issuer
Acquirer
3rd-Party Processor
Member Service Provider
(TPP MSP)
3rd-Party Processor
Member Service Provider
(TPP MSP)
Data Storage
Entity (DSE)
“Merchant”
Types and Devices
Cardholder
Merchant
Merchant
Merchant
6
Franchise Development
1
Standards

Define the Rules

Develop and evolve the rules

Roles and Responsibilities of the various stakeholders

Balanced consideration of all interests

Allows the licensee to use the brand

Ensures customer is legal, regulated, compliant during on
boarding.

Licensee agrees to comply with the MasterCard standards
2
Licensing
3
Registration
4

The Licensee registers all the relevant parties

MasterCard knows who is involved in the payment Eco
system

Integrity of the network
–
Compliance Program
Compliance

–
Global Quality Analytics
–
Dispute Resolution Management
Global interoperability between anonymous parties
Measures of Safety
Credential Management: How the payment credentials are
protected
-
Typically measured by:
1. Who provisioned the credentials?
2. What credentials were provisioned?
3. Where were the credentials stored?
Transaction Strength: How we maintain authenticity in the
transmission of payment information
-
Typically measured by:
1. How was the cardholder authenticated / identified?
2. Was dynamic data used in the transaction?
converged paradigm to address
the digital era
New Converged Paradigm
1.
2.
3.
4.
5.
6.
Strong device authentication for
“Face-to-face” and “Remote”
Strong and easy-to-use
consumer authentication
Payment credentials under
control of cardholder regardless
of use case
Hardware and software
methodologies supported
Dynamic data in all transactions
Issuer liable (by and large)
Benefits
•
•
•
•
Higher quality, safer and
more secure transactions
Migration of transactions to
the devices that consumers’
prefer
Seamless integration of
payment into high value
digital assets
– Merchant shopping apps
– Mobile banking
applications
Improved Consumer
Experience
Tokenization – Provided through the
MaDigital Enablement Service (MDES)
Tokenization
Digitization
Of a consumer’s payment card credentials
Tokenization is the
replacement of a consumer
card’s primary account
number (PAN) with an
alternative card number
Digitization is the process
to deliver “tokenized” card
details to mobile devices
or servers for more secure
payments
Apple Pay is a full implementation
new converged paradigm
Contactless (EMV)
In-app
(EMV Over Internet)
…that’s it!