Mastercard technology tackles fraud

May 2002 Access Control & Identity Management

With the escalating growth of the Internet as a channel for e-business, security of payment information has never been more critical.

For this reason, MasterCard is focused on ensuring that its member financial institutions, consumers and merchants are protected from fraud in the online world of e-commerce, as well as the offline world, and that their privacy is respected and protected. "The payments industry faces increasing security challenges as payment card counterfeiters and other criminals employ more sophisticated techniques and technologies to defraud financial institutions and their customers," says Eddie Grobler, Senior Vice President and General Manager for MasterCard Southern Africa.

"MasterCard has been an industry leader in the development of security features - such as the first tamper-evident signature panel, the use of three-dimensional holograms, and card validation codes (CVC). "MasterCard's innovative technologies provide protection to consumers and merchants from card fraud and unsafe transactions when purchasing products or services - whether face-to-face, by phone and mail, and now - especially - to meet the unique needs and requirements of the Internet," says Grobler.

Two examples of such emerging technologies are:

Smartcard

Digital identification - and other information - stored on a microchip on a card, produces a portable, security tool. Once consumers have a smartcard embedded with their digital identification, they can take that card anywhere, insert it into any personal computer that has a chip reader, enter their personal identification number (PIN) and begin shopping or receiving information securely. Smartcards offer consumers mobility and added security by ensuring that someone can not sit down at a computer and pose as them simply by logging on, since the physical card must be present and inserted into a card reader. As more and more smartcards are being introduced around the world, hardware manufacturers are installing smartcard readers as a standard feature on their PCs.

Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted
Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted

Biometrics

MasterCard has rolled out a programme with biometrics at its Purchase, NY-based headquarters, featuring finger minutiae. The next step in this approach is to match the image value calculated from the finger minutiae with the value stored on a smartcard. The smartcard, operating on the MULTOS platform, would ultimately combine functionality such as stored value and loyalty to the physical and logistical access applications, and would allow all to coexist on a secure platform.

But even as criminals become increasingly resourceful, MasterCard continues to build on its history of innovation in developing and delivering new security initiatives that strengthen fraud prevention. "MasterCard works proactively through its many fraud-fighting programmes with member financial institutions, the industry and the public to build consumer confidence and increase the overall security of transactions. For instance, towards the end of last year MasterCard announced a solution to assist online merchants in defending against Internet hackers. MasterCard Site Data Protection Service (SDP) is a multitiered set of global e-commerce and financial security services designed to help protect the websites of its members and online merchants," says Grobler.

SDP proactively defends against hacker attacks by identifying possible vulnerabilities in an acquirer's or merchant's online systems, and addresses the security issues that online merchants and their acquiring banks face in the virtual world. This includes Internet fraud, which leads to chargebacks (consumer repudiation of transactions), damage to brand image and consumer concerns about the safety of their account numbers. Another development to fight online fraud. MasterCard's UCAF is a standard, globally interoperable method of collecting accountholder authentication data at the point of interaction across all channels, including the Internet and mobile devices. UCAF is intended to provide the basis for a guaranteed payment to online merchants by presenting collecting and passing cardholder authentication information generated by issuers. "Once collected by a merchant and passed to their acquirer, this information is communicated to the issuer in the payment authorisation request and provides explicit evidence that the transaction was originated by the accountholder. UCAF works with a myriad of security solutions, including Secure Payment Application (SPA), smartcards and more," says Grobler.

Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels
Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels

Similarly, MasterCard's SPA is an online security solution that utilises the UCAF 'railway'. SPA generates a unique transaction token each time a registered accountholder conducts an electronic transaction. This token is referred to as the Accountholder Authentication Value (AAV). This 32-character value incorporates elements specific to the transaction and effectively binds the accountholder to a transaction at a particular merchant for a given sale amount. Other MasterCard programmes aimed at earlier detection and prevention of fraud include RiskFinder, SAFE, and Fraud Velocity Monitoring:

* RiskFinder is MasterCard's proprietary neural network, and is an advanced system for providing accurate predictions enabling fraud detection in near realtime.

* SAFE (system to avoid fraud effectively) is the central repository for fraud data within MasterCard, and supports fraud prevention programmes and security efforts. SAFE generates regular global reports from the information that all MasterCard issuers are obliged to provide at least monthly on fraudulent transactions.

* Fraud Velocity Monitoring is a formidable first line of defence against fraudulent activity, and provides an early warning of suspicious cardholder activity and questionable merchant action.

Several other alert and early warning programmes exist, such as: identifying transactions on accounts that have been classified for credit or fraud reasons; protection against fraudulent card use in non face-to-face transactions; and continual tracking of merchant transactions for fraudulent activity and excessive numbers of counterfeit transactions.

"MasterCard members and staff hold regular Fraud Strategy Forums throughout the world, to provide feedback on security programmes and insight for future efforts. In addition, regional task forces have been established to work with law enforcement to respond to local fraud concerns and other regional issues," concludes Grobler.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managing staff effectively
September 2019, dormakaba South Africa, iPulse Systems , Integrated Solutions, Access Control & Identity Management
Workforce management solutions allow organisations to track the relationship between productivity and the cost of employment, incorporating issues such as health and safety, T&A, rostering and more.

Read more...
Hennie Lategan joins Centurion as head of exports
September 2019, Centurion Systems , News, Access Control & Identity Management
Centurion Systems has announced the appointment of Hennie Lategan as the head of the company’s exports department.

Read more...
New AlproMAX7 secures maximum rating
September 2019 , Access Control & Identity Management, Products
Alpro has launched a new range of ultra-secure mechanical mortice deadlocks, the AlproMAX7 which comply with BS EN 12209.

Read more...
ViRDI UBio Tab 5
September 2019 , Access Control & Identity Management, Products
ViRDI Distribution SA (ViRDI Africa) has announced the release of its long-awaited UBio Tablet to the South African market.

Read more...
Visitor access control at Ruimsig Country Club
September 2019, Elvey Security Technologies , Access Control & Identity Management, Products
Cost-effective access control solution that would control the ingress and egress of people, without hindering the traffic throughput of members.

Read more...
Estate-focused visitor management solution
September 2019, Vox Telecom , Access Control & Identity Management, Residential Estate (Industry)
Vox has expanded its cloud-based visitor management solution to cater specifically for the needs of small multi-dwelling unit estates and large residential estates.

Read more...
Biometrics control airport railroad
September 2019, Suprema , Access Control & Identity Management
63 km railroad to Incheon Airport is centrally controlled and secured by Suprema biometric hardware and software.

Read more...
Dual energy X-ray inspection system
September 2019, Regal Distributors SA , Products, Access Control & Identity Management
The ZKX6550 X-ray inspection system increases the operator's ability to identify potential threats; the device is designed to scan briefcases, carry-on baggage, small cargo parcels.

Read more...
ZKTeco parking barrier
September 2019, Regal Distributors SA , Products, Access Control & Identity Management
The PB3000 parking barrier is an ideal automatic car park barrier for parking lot and security control; it can easily integrate with revenue collection and access control systems.

Read more...
ZKTeco automatic bollard
September 2019, Regal Distributors SA , Products, Access Control & Identity Management
The high-quality automatic bollard is used to protect security areas from vehicle intrusion; in case of power failure, the bollard can be lowered manually.

Read more...