Mastercard technology tackles fraud

May 2002 Access Control & Identity Management

With the escalating growth of the Internet as a channel for e-business, security of payment information has never been more critical.

For this reason, MasterCard is focused on ensuring that its member financial institutions, consumers and merchants are protected from fraud in the online world of e-commerce, as well as the offline world, and that their privacy is respected and protected. "The payments industry faces increasing security challenges as payment card counterfeiters and other criminals employ more sophisticated techniques and technologies to defraud financial institutions and their customers," says Eddie Grobler, Senior Vice President and General Manager for MasterCard Southern Africa.

"MasterCard has been an industry leader in the development of security features - such as the first tamper-evident signature panel, the use of three-dimensional holograms, and card validation codes (CVC). "MasterCard's innovative technologies provide protection to consumers and merchants from card fraud and unsafe transactions when purchasing products or services - whether face-to-face, by phone and mail, and now - especially - to meet the unique needs and requirements of the Internet," says Grobler.

Two examples of such emerging technologies are:

Smartcard

Digital identification - and other information - stored on a microchip on a card, produces a portable, security tool. Once consumers have a smartcard embedded with their digital identification, they can take that card anywhere, insert it into any personal computer that has a chip reader, enter their personal identification number (PIN) and begin shopping or receiving information securely. Smartcards offer consumers mobility and added security by ensuring that someone can not sit down at a computer and pose as them simply by logging on, since the physical card must be present and inserted into a card reader. As more and more smartcards are being introduced around the world, hardware manufacturers are installing smartcard readers as a standard feature on their PCs.

Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted
Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted

Biometrics

MasterCard has rolled out a programme with biometrics at its Purchase, NY-based headquarters, featuring finger minutiae. The next step in this approach is to match the image value calculated from the finger minutiae with the value stored on a smartcard. The smartcard, operating on the MULTOS platform, would ultimately combine functionality such as stored value and loyalty to the physical and logistical access applications, and would allow all to coexist on a secure platform.

But even as criminals become increasingly resourceful, MasterCard continues to build on its history of innovation in developing and delivering new security initiatives that strengthen fraud prevention. "MasterCard works proactively through its many fraud-fighting programmes with member financial institutions, the industry and the public to build consumer confidence and increase the overall security of transactions. For instance, towards the end of last year MasterCard announced a solution to assist online merchants in defending against Internet hackers. MasterCard Site Data Protection Service (SDP) is a multitiered set of global e-commerce and financial security services designed to help protect the websites of its members and online merchants," says Grobler.

SDP proactively defends against hacker attacks by identifying possible vulnerabilities in an acquirer's or merchant's online systems, and addresses the security issues that online merchants and their acquiring banks face in the virtual world. This includes Internet fraud, which leads to chargebacks (consumer repudiation of transactions), damage to brand image and consumer concerns about the safety of their account numbers. Another development to fight online fraud. MasterCard's UCAF is a standard, globally interoperable method of collecting accountholder authentication data at the point of interaction across all channels, including the Internet and mobile devices. UCAF is intended to provide the basis for a guaranteed payment to online merchants by presenting collecting and passing cardholder authentication information generated by issuers. "Once collected by a merchant and passed to their acquirer, this information is communicated to the issuer in the payment authorisation request and provides explicit evidence that the transaction was originated by the accountholder. UCAF works with a myriad of security solutions, including Secure Payment Application (SPA), smartcards and more," says Grobler.

Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels
Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels

Similarly, MasterCard's SPA is an online security solution that utilises the UCAF 'railway'. SPA generates a unique transaction token each time a registered accountholder conducts an electronic transaction. This token is referred to as the Accountholder Authentication Value (AAV). This 32-character value incorporates elements specific to the transaction and effectively binds the accountholder to a transaction at a particular merchant for a given sale amount. Other MasterCard programmes aimed at earlier detection and prevention of fraud include RiskFinder, SAFE, and Fraud Velocity Monitoring:

* RiskFinder is MasterCard's proprietary neural network, and is an advanced system for providing accurate predictions enabling fraud detection in near realtime.

* SAFE (system to avoid fraud effectively) is the central repository for fraud data within MasterCard, and supports fraud prevention programmes and security efforts. SAFE generates regular global reports from the information that all MasterCard issuers are obliged to provide at least monthly on fraudulent transactions.

* Fraud Velocity Monitoring is a formidable first line of defence against fraudulent activity, and provides an early warning of suspicious cardholder activity and questionable merchant action.

Several other alert and early warning programmes exist, such as: identifying transactions on accounts that have been classified for credit or fraud reasons; protection against fraudulent card use in non face-to-face transactions; and continual tracking of merchant transactions for fraudulent activity and excessive numbers of counterfeit transactions.

"MasterCard members and staff hold regular Fraud Strategy Forums throughout the world, to provide feedback on security programmes and insight for future efforts. In addition, regional task forces have been established to work with law enforcement to respond to local fraud concerns and other regional issues," concludes Grobler.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Paxton10 for smart buildings
Issue 5 2020, Paxton Access , Access Control & Identity Management
Paxton10, offering access control and video management on one simple platform, is available in the South African market.

Read more...
Suprema enhances cybersecurity
Issue 5 2020, Suprema , Access Control & Identity Management
Suprema BioStar 2 is a web-based, open and integrated security platform that provides comprehensive functionality for access control and time and attendance.

Read more...
A wizz at visitor management
Issue 5 2020 , Access Control & Identity Management
WizzPass is a locally developed software platform for managing visitors to businesses, buildings or business parks.

Read more...
Contactless at the game
Issue 5 2020, IDEMIA , Access Control & Identity Management
IDEMIA partners with JAC to successfully test frictionless biometric access technology at Level5 Stadium in Japan.

Read more...
Focus on touchless biometrics
Residential Estate Security Handbook 2020, Hikvision South Africa, Saflec, IDEMIA , Suprema, Technews Publishing , Access Control & Identity Management
The coronavirus has made touchless biometrics an important consideration for access control installations in estates and for industries globally.

Read more...
Providing peace of mind
Residential Estate Security Handbook 2020, ZKTeco , Access Control & Identity Management
Touchless technology embedded with face and palm recognition sensors provide 100% touchless user authentication for a variety of applications.

Read more...
Frictionless access with a wave from IDEMIA
Residential Estate Security Handbook 2020, IDEMIA , Access Control & Identity Management
Platinum Sponsor IDEMIA displayed its frictionless biometric reader, the MorphoWave Compact, at the Residential Estate Security Conference.

Read more...
Cost effective without compromising security
Residential Estate Security Handbook 2020, Bidvest Protea Coin , Access Control & Identity Management
Bidvest Protea Coin offers a range of services, all integrated to offer a future-proof and cost-effective security solution for estates.

Read more...
Broad range of estate solutions
Residential Estate Security Handbook 2020, Hikvision South Africa , Access Control & Identity Management
Hikvision offers residential estates a range of systems and solutions that deliver security, from the gate to the individual’s own home.

Read more...
Excellerate looks beyond traditional guarding
Residential Estate Security Handbook 2020, Excellerate Services , Access Control & Identity Management
Excellerate Services has a suite of best-of-breed technologies that have been integrated into a sophisticated SLA, incident and people management system.

Read more...