Mastercard technology tackles fraud

May 2002 Access Control & Identity Management

With the escalating growth of the Internet as a channel for e-business, security of payment information has never been more critical.

For this reason, MasterCard is focused on ensuring that its member financial institutions, consumers and merchants are protected from fraud in the online world of e-commerce, as well as the offline world, and that their privacy is respected and protected. "The payments industry faces increasing security challenges as payment card counterfeiters and other criminals employ more sophisticated techniques and technologies to defraud financial institutions and their customers," says Eddie Grobler, Senior Vice President and General Manager for MasterCard Southern Africa.

"MasterCard has been an industry leader in the development of security features - such as the first tamper-evident signature panel, the use of three-dimensional holograms, and card validation codes (CVC). "MasterCard's innovative technologies provide protection to consumers and merchants from card fraud and unsafe transactions when purchasing products or services - whether face-to-face, by phone and mail, and now - especially - to meet the unique needs and requirements of the Internet," says Grobler.

Two examples of such emerging technologies are:

Smartcard

Digital identification - and other information - stored on a microchip on a card, produces a portable, security tool. Once consumers have a smartcard embedded with their digital identification, they can take that card anywhere, insert it into any personal computer that has a chip reader, enter their personal identification number (PIN) and begin shopping or receiving information securely. Smartcards offer consumers mobility and added security by ensuring that someone can not sit down at a computer and pose as them simply by logging on, since the physical card must be present and inserted into a card reader. As more and more smartcards are being introduced around the world, hardware manufacturers are installing smartcard readers as a standard feature on their PCs.

Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted
Digital identification and other information is stored on a microchip on a card to produce the ultimate, portable security tool. Smartcards offer consumers convenience through mobility and total security by ensuring that the physical card must be inserted into a card reader before the transaction is accepted

Biometrics

MasterCard has rolled out a programme with biometrics at its Purchase, NY-based headquarters, featuring finger minutiae. The next step in this approach is to match the image value calculated from the finger minutiae with the value stored on a smartcard. The smartcard, operating on the MULTOS platform, would ultimately combine functionality such as stored value and loyalty to the physical and logistical access applications, and would allow all to coexist on a secure platform.

But even as criminals become increasingly resourceful, MasterCard continues to build on its history of innovation in developing and delivering new security initiatives that strengthen fraud prevention. "MasterCard works proactively through its many fraud-fighting programmes with member financial institutions, the industry and the public to build consumer confidence and increase the overall security of transactions. For instance, towards the end of last year MasterCard announced a solution to assist online merchants in defending against Internet hackers. MasterCard Site Data Protection Service (SDP) is a multitiered set of global e-commerce and financial security services designed to help protect the websites of its members and online merchants," says Grobler.

SDP proactively defends against hacker attacks by identifying possible vulnerabilities in an acquirer's or merchant's online systems, and addresses the security issues that online merchants and their acquiring banks face in the virtual world. This includes Internet fraud, which leads to chargebacks (consumer repudiation of transactions), damage to brand image and consumer concerns about the safety of their account numbers. Another development to fight online fraud. MasterCard's UCAF is a standard, globally interoperable method of collecting accountholder authentication data at the point of interaction across all channels, including the Internet and mobile devices. UCAF is intended to provide the basis for a guaranteed payment to online merchants by presenting collecting and passing cardholder authentication information generated by issuers. "Once collected by a merchant and passed to their acquirer, this information is communicated to the issuer in the payment authorisation request and provides explicit evidence that the transaction was originated by the accountholder. UCAF works with a myriad of security solutions, including Secure Payment Application (SPA), smartcards and more," says Grobler.

Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels
Transactions on the Internet and by mobile devices are protected by MasterCard’s Universal Cardholder Authentication Field (UCAF) – a standard, globally interoperable method of passing accountholder authentication data, at the point of interaction across all channels

Similarly, MasterCard's SPA is an online security solution that utilises the UCAF 'railway'. SPA generates a unique transaction token each time a registered accountholder conducts an electronic transaction. This token is referred to as the Accountholder Authentication Value (AAV). This 32-character value incorporates elements specific to the transaction and effectively binds the accountholder to a transaction at a particular merchant for a given sale amount. Other MasterCard programmes aimed at earlier detection and prevention of fraud include RiskFinder, SAFE, and Fraud Velocity Monitoring:

* RiskFinder is MasterCard's proprietary neural network, and is an advanced system for providing accurate predictions enabling fraud detection in near realtime.

* SAFE (system to avoid fraud effectively) is the central repository for fraud data within MasterCard, and supports fraud prevention programmes and security efforts. SAFE generates regular global reports from the information that all MasterCard issuers are obliged to provide at least monthly on fraudulent transactions.

* Fraud Velocity Monitoring is a formidable first line of defence against fraudulent activity, and provides an early warning of suspicious cardholder activity and questionable merchant action.

Several other alert and early warning programmes exist, such as: identifying transactions on accounts that have been classified for credit or fraud reasons; protection against fraudulent card use in non face-to-face transactions; and continual tracking of merchant transactions for fraudulent activity and excessive numbers of counterfeit transactions.

"MasterCard members and staff hold regular Fraud Strategy Forums throughout the world, to provide feedback on security programmes and insight for future efforts. In addition, regional task forces have been established to work with law enforcement to respond to local fraud concerns and other regional issues," concludes Grobler.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Facial access control for ministry
Issue 1 2020, ZKTeco , Access Control & Identity Management
The Ministry of Culture in Saudi Arabia has adopted ZKTeco’s facial recognition technology and fingerprint biometrics to manage access control into its building.

Read more...
New Door Pilot app from dormakaba
Issue 1 2020, dormakaba South Africa , Access Control & Identity Management
With new dormakaba Door Pilot, automated doors can also now be operated on the basis of remote control technologies. The system, comprising the Door Pilot app for smartphones and a Wi-Fi interface for ...

Read more...
Identity lifestyle
Issue 1 2020, Suprema , Access Control & Identity Management
Once the technology of the future, biometrics has quietly snuck into our daily lives through smartphones and access controls into our places of work.

Read more...
Securing BP’s new head office
Issue 1 2020, ISF SFP , Access Control & Identity Management
ISF SFP was awarded the contract to secure the first development phase for Oxford Parks, the new head office for BP South Africa.

Read more...
Combining aesthetics and access control
Issue 1 2020, Turnstar Systems , Access Control & Identity Management
Prestigious law firm Bowman Gilfillan recently upgraded its physical security with the addition of four Turnstar Speedgate Express access control lanes.

Read more...
Video doorbells from Ring
Issue 1 2020 , Access Control & Identity Management
Ring has a number of video doorbells available in South Africa that run off batteries or power and enable users to answer their doors from anywhere.

Read more...
Centurion to unveil new product
Issue 1 2020, Centurion Systems , Access Control & Identity Management
Centurion Systems will be hosting its third Access Automation Expo this year, with dates confirmed for Durban, Johannesburg and Cape Town.

Read more...
Looking ahead with mobile access technologies
Access & Identity Management Handbook 2020, Technews Publishing, HID Global, dormakaba South Africa, Salto Systems Africa, Suprema, Gallagher , Access Control & Identity Management, Integrated Solutions
Given the broad use of smartphones around the world and the numerous technologies packed into these devices, it was only a matter of time before the access control industry developed technology that would ...

Read more...
Mobile access is more secure than card systems
Access & Identity Management Handbook 2020 , Access Control & Identity Management
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new technology.

Read more...
This is the future. This is what we do.
Access & Identity Management Handbook 2020, ZKTeco , Access Control & Identity Management
ZKTeco has created a unique range of visible light facial recognition products combined with a flexible Android platform.

Read more...