- News & Events
October 14, 2013
Quoting U.S. Census Bureau figures that approximately six percent of all retail is done digitally, MasterCard, Visa and American Express jointly announced they were working on a new global standard “to enhance the security of digital payments and simplify the purchasing experience when shopping on a mobile phone, tablet, personal computer or other smart device.”
The proposed standard would replace account numbers with digital payment tokens in online and mobile transactions, and merchants, digital wallet operators et al. would no longer have to store customer account numbers.
According to the release, tokens, which would be available to payment networks and “other payment participants” (whoever they are), contain the following key elements (Note: bulleted items are verbatim from the press release):
Ed McLaughlin, Chief Emerging Payments Officer, MasterCard, offers, “This continued transition from plastic cards to digital is all about providing consumers with the ability to easily and safely make a purchase. They would no longer need to store their actual card account number when shopping online or with a smart device; the token would serve as that stand-in.”
Don’t know if it’s really safer or easier, but according to the release the token would work this way:
“Once a standard is agreed to and implemented, issuers, merchants or digital wallet providers would be able to request a token so that when an account holder initiates an online or mobile transaction, the token – and not the traditional card account number – would be used to process, authorize, clear and settle the transaction in the same way traditional card payments are processed today. Tokens can be restricted in how they are used with a specific merchant, device, transaction or category of transactions.”
Supposedly, tokens and the development of a global standard make it possible to create “a new generation or payment products while “maintaining compatibility with the existing payments infrastructure.”
MasterCard, Visa and American Express explain that the key principles driving the development of a token standard for digital payments are in the words of the release:
The framework that’s been proposed is intended to be presented to other “partners and independent industry bodies. These include The Clearing House, PCI Security Standards Council and EMVCo.”
ThreatMetrix™ secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix™ Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, American Express, Bank Fraud, Botnets, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprinting, Device ID, Device Identification, Digital Payments, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MasterCard, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix, ThreatMetrix Global Trust Intelligence Network, TrustDefender Cybercrime Protection Platform, Visa, Web Fraud