Mastercard technology tackles fraud

May 2002 Access Control & Identity Management

With the escalating growth of the Internet as a channel for e-business, security of payment information has never been more critical.

For this reason, MasterCard is focused on ensuring that its member financial institutions, consumers and merchants are protected from fraud in the online world of e-commerce, as well as the offline world, and that their privacy is respected and protected. "The payments industry faces increasing security challenges as payment card counterfeiters and other criminals employ more sophisticated techniques and technologies to defraud financial institutions and their customers," says Eddie Grobler, Senior Vice President and General Manager for MasterCard Southern Africa.

"MasterCard has been an industry leader in the development of security features - such as the first tamper-evident signature panel, the use of three-dimensional holograms, and card validation codes (CVC). "MasterCard's innovative technologies provide protection to consumers and merchants from card fraud and unsafe transactions when purchasing products or services - whether face-to-face, by phone and mail, and now - especially - to meet the unique needs and requirements of the Internet," says Grobler.

Two examples of such emerging technologies are:

Smartcard

Digital identification - and other information - stored on a microchip on a card, produces a portable, security tool. Once consumers have a smartcard embedded with their digital identification, they can take that card anywhere, insert it into any personal computer that has a chip reader, enter their personal identification number (PIN) and begin shopping or receiving information securely. Smartcards offer consumers mobility and added security by ensuring that someone can not sit down at a computer and pose as them simply by logging on, since the physical card must be present and inserted into a card reader. As more and more smartcards are being introduced around the world, hardware manufacturers are installing smartcard readers as a standard feature on their PCs.

Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted
Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted

Biometrics

MasterCard has rolled out a programme with biometrics at its Purchase, NY-based headquarters, featuring finger minutiae. The next step in this approach is to match the image value calculated from the finger minutiae with the value stored on a smartcard. The smartcard, operating on the MULTOS platform, would ultimately combine functionality such as stored value and loyalty to the physical and logistical access applications, and would allow all to coexist on a secure platform.

But even as criminals become increasingly resourceful, MasterCard continues to build on its history of innovation in developing and delivering new security initiatives that strengthen fraud prevention. "MasterCard works proactively through its many fraud-fighting programmes with member financial institutions, the industry and the public to build consumer confidence and increase the overall security of transactions. For instance, towards the end of last year MasterCard announced a solution to assist online merchants in defending against Internet hackers. MasterCard Site Data Protection Service (SDP) is a multitiered set of global e-commerce and financial security services designed to help protect the websites of its members and online merchants," says Grobler.

SDP proactively defends against hacker attacks by identifying possible vulnerabilities in an acquirer's or merchant's online systems, and addresses the security issues that online merchants and their acquiring banks face in the virtual world. This includes Internet fraud, which leads to chargebacks (consumer repudiation of transactions), damage to brand image and consumer concerns about the safety of their account numbers. Another development to fight online fraud. MasterCard's UCAF is a standard, globally interoperable method of collecting accountholder authentication data at the point of interaction across all channels, including the Internet and mobile devices. UCAF is intended to provide the basis for a guaranteed payment to online merchants by presenting collecting and passing cardholder authentication information generated by issuers. "Once collected by a merchant and passed to their acquirer, this information is communicated to the issuer in the payment authorisation request and provides explicit evidence that the transaction was originated by the accountholder. UCAF works with a myriad of security solutions, including Secure Payment Application (SPA), smartcards and more," says Grobler.

Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels
Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels

Similarly, MasterCard's SPA is an online security solution that utilises the UCAF 'railway'. SPA generates a unique transaction token each time a registered accountholder conducts an electronic transaction. This token is referred to as the Accountholder Authentication Value (AAV). This 32-character value incorporates elements specific to the transaction and effectively binds the accountholder to a transaction at a particular merchant for a given sale amount. Other MasterCard programmes aimed at earlier detection and prevention of fraud include RiskFinder, SAFE, and Fraud Velocity Monitoring:

* RiskFinder is MasterCard's proprietary neural network, and is an advanced system for providing accurate predictions enabling fraud detection in near realtime.

* SAFE (system to avoid fraud effectively) is the central repository for fraud data within MasterCard, and supports fraud prevention programmes and security efforts. SAFE generates regular global reports from the information that all MasterCard issuers are obliged to provide at least monthly on fraudulent transactions.

* Fraud Velocity Monitoring is a formidable first line of defence against fraudulent activity, and provides an early warning of suspicious cardholder activity and questionable merchant action.

Several other alert and early warning programmes exist, such as: identifying transactions on accounts that have been classified for credit or fraud reasons; protection against fraudulent card use in non face-to-face transactions; and continual tracking of merchant transactions for fraudulent activity and excessive numbers of counterfeit transactions.

"MasterCard members and staff hold regular Fraud Strategy Forums throughout the world, to provide feedback on security programmes and insight for future efforts. In addition, regional task forces have been established to work with law enforcement to respond to local fraud concerns and other regional issues," concludes Grobler.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Read more...
Bespoke access for prime office space
Paxton Access Control & Identity Management Residential Estate (Industry)
Nicol Corner is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. It is also the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption.

Read more...
Next-generation facial recognition access control system
Enkulu Technologies Products & Solutions Access Control & Identity Management Residential Estate (Industry)
With a modern and innovative design, iDFace is the ideal device for monitoring and controlling people entering and exiting a building using facial recognition technology, including liveness detection, for enhanced security.

Read more...
Long-distance vehicle identification
Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The STid SPECTRE reader can identify vehicles up to 14 metres away, across four traffic lanes, ensuring secure access to an estate without disrupting the traffic flow.

Read more...
Multi-modal access control solutions
Suprema neaMetrics Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Suprema’s latest multi-modal access terminals are top-of-the-range, highly secure, easy to install, and easy to use. They feature biometrics, mobile access, and RFID and are both PoPIA and GDPR compliant.

Read more...
Battery-powered video doorbells
Ring Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Ring has announced the latest addition to its line of video doorbells. The Battery Video Doorbell Pro builds on the capabilities of its predecessor, providing greater value and convenience for homeowners.

Read more...
Tackling estate entrance challenges
Turnstar Systems Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The Velocity Raptor’s retractable spikes deter criminals from entering estate premises; equipped with LED lights, it provides visibility during the day and night, and in adverse conditions.

Read more...
HELLO visitor access management
Products & Solutions Access Control & Identity Management Integrated Solutions Residential Estate (Industry)
HELLO is an on-premises visitor and contractor access management solution designed to be fully integrated and complementary with smart, on-trend technologies, securing estates and businesses alike.

Read more...
Digital transformation in estate environments
Regal Distributors SA Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Digital transformation has brought all users into digital processes across every industry and activity, interlinking activities and crossing industry boundaries. This complexity leads to significant changes in previously established workflows, especially in visitor management.

Read more...
Same old cables, new intercom
Hikvision South Africa Products & Solutions Access Control & Identity Management Residential Estate (Industry) Smart Home Automation
Retrofitting old residential complexes with a modern two-wire HD video intercom system is more than an upgrade. For many homeowners and renters, these systems represent a leap into the future.

Read more...