Mastercard technology tackles fraud

May 2002 Access Control & Identity Management

With the escalating growth of the Internet as a channel for e-business, security of payment information has never been more critical.

For this reason, MasterCard is focused on ensuring that its member financial institutions, consumers and merchants are protected from fraud in the online world of e-commerce, as well as the offline world, and that their privacy is respected and protected. "The payments industry faces increasing security challenges as payment card counterfeiters and other criminals employ more sophisticated techniques and technologies to defraud financial institutions and their customers," says Eddie Grobler, Senior Vice President and General Manager for MasterCard Southern Africa.

"MasterCard has been an industry leader in the development of security features - such as the first tamper-evident signature panel, the use of three-dimensional holograms, and card validation codes (CVC). "MasterCard's innovative technologies provide protection to consumers and merchants from card fraud and unsafe transactions when purchasing products or services - whether face-to-face, by phone and mail, and now - especially - to meet the unique needs and requirements of the Internet," says Grobler.

Two examples of such emerging technologies are:

Smartcard

Digital identification - and other information - stored on a microchip on a card, produces a portable, security tool. Once consumers have a smartcard embedded with their digital identification, they can take that card anywhere, insert it into any personal computer that has a chip reader, enter their personal identification number (PIN) and begin shopping or receiving information securely. Smartcards offer consumers mobility and added security by ensuring that someone can not sit down at a computer and pose as them simply by logging on, since the physical card must be present and inserted into a card reader. As more and more smartcards are being introduced around the world, hardware manufacturers are installing smartcard readers as a standard feature on their PCs.

Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted
Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted

Biometrics

MasterCard has rolled out a programme with biometrics at its Purchase, NY-based headquarters, featuring finger minutiae. The next step in this approach is to match the image value calculated from the finger minutiae with the value stored on a smartcard. The smartcard, operating on the MULTOS platform, would ultimately combine functionality such as stored value and loyalty to the physical and logistical access applications, and would allow all to coexist on a secure platform.

But even as criminals become increasingly resourceful, MasterCard continues to build on its history of innovation in developing and delivering new security initiatives that strengthen fraud prevention. "MasterCard works proactively through its many fraud-fighting programmes with member financial institutions, the industry and the public to build consumer confidence and increase the overall security of transactions. For instance, towards the end of last year MasterCard announced a solution to assist online merchants in defending against Internet hackers. MasterCard Site Data Protection Service (SDP) is a multitiered set of global e-commerce and financial security services designed to help protect the websites of its members and online merchants," says Grobler.

SDP proactively defends against hacker attacks by identifying possible vulnerabilities in an acquirer's or merchant's online systems, and addresses the security issues that online merchants and their acquiring banks face in the virtual world. This includes Internet fraud, which leads to chargebacks (consumer repudiation of transactions), damage to brand image and consumer concerns about the safety of their account numbers. Another development to fight online fraud. MasterCard's UCAF is a standard, globally interoperable method of collecting accountholder authentication data at the point of interaction across all channels, including the Internet and mobile devices. UCAF is intended to provide the basis for a guaranteed payment to online merchants by presenting collecting and passing cardholder authentication information generated by issuers. "Once collected by a merchant and passed to their acquirer, this information is communicated to the issuer in the payment authorisation request and provides explicit evidence that the transaction was originated by the accountholder. UCAF works with a myriad of security solutions, including Secure Payment Application (SPA), smartcards and more," says Grobler.

Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels
Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels

Similarly, MasterCard's SPA is an online security solution that utilises the UCAF 'railway'. SPA generates a unique transaction token each time a registered accountholder conducts an electronic transaction. This token is referred to as the Accountholder Authentication Value (AAV). This 32-character value incorporates elements specific to the transaction and effectively binds the accountholder to a transaction at a particular merchant for a given sale amount. Other MasterCard programmes aimed at earlier detection and prevention of fraud include RiskFinder, SAFE, and Fraud Velocity Monitoring:

* RiskFinder is MasterCard's proprietary neural network, and is an advanced system for providing accurate predictions enabling fraud detection in near realtime.

* SAFE (system to avoid fraud effectively) is the central repository for fraud data within MasterCard, and supports fraud prevention programmes and security efforts. SAFE generates regular global reports from the information that all MasterCard issuers are obliged to provide at least monthly on fraudulent transactions.

* Fraud Velocity Monitoring is a formidable first line of defence against fraudulent activity, and provides an early warning of suspicious cardholder activity and questionable merchant action.

Several other alert and early warning programmes exist, such as: identifying transactions on accounts that have been classified for credit or fraud reasons; protection against fraudulent card use in non face-to-face transactions; and continual tracking of merchant transactions for fraudulent activity and excessive numbers of counterfeit transactions.

"MasterCard members and staff hold regular Fraud Strategy Forums throughout the world, to provide feedback on security programmes and insight for future efforts. In addition, regional task forces have been established to work with law enforcement to respond to local fraud concerns and other regional issues," concludes Grobler.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Gallagher Security releases OneLink
Gallagher Animal Management Products & Solutions Access Control & Identity Management
Gallagher Security has announced OneLink, a cloud-based solution that makes it faster, easier and more cost-effective to deploy security anywhere in the world, transforming how security can be delivered to remote sites and distributed infrastructure.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
The future of security: intelligent automation
Access Control & Identity Management AI & Data Analytics IoT & Automation
As the security landscape evolves, businesses are no longer looking for stand-alone solutions, they want connected, intelligent systems that automate, streamline, and protect.

Read more...
Smart automation is changing security
SA Technologies IntelliGuard Access Control & Identity Management
Security has come a long way from manual check-ins, logbooks, and standalone surveillance cameras. With the rise of intelligent automation, security is now faster, smarter, and more connected than ever.

Read more...
The future of security in South Africa
ATG Digital Access Control & Identity Management
Security technology is evolving rapidly, but is local innovation keeping pace? Some global players recognise the potential of South African products for international markets, but can our manufacturers and service providers thrive without external support?

Read more...
Integration enhances estate access control
Access Control & Identity Management
With one-third of residential burglaries starting at the front door, the continued seamless integration of Glovent’s estate management platform with Impro access control software is welcome news for estates.

Read more...
T&A in South Africa’s retail sector
ERS Biometrics Access Control & Identity Management
Using existing systems, ERSBio provides a practical and more cost-effective way for businesses to manage operations, reduce payroll mistakes, and enhance overall efficiency through innovative T&A processes.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Paxton opens second experience centre
Paxton News & Events Access Control & Identity Management
Security technology manufacturer, Paxton, has opened a new experience centre in Cape Town on 12 February in partnership with its exclusive distributors, Reditron and Regal Security.

Read more...