Geneva, Switzerland, 4 December 2014

Evolving Payments into The Digital World

Richard Smith,Vice President, MasterCard

Customer Fraud Management Richard_smith@mastercard.com

ITU Workshop on "Digital Financial Services and Financial Inclusion“

(Geneva, Switzerland, 4 December 2014)

Geneva, Switzerland, 4 December 2014 2

What do most criminals want?

Primary Account Data Mag stripe Track 1 + Track 2 data PAN, User Name, Expiry date, CVC1

CVC2

Personal Identification Number (PIN)

Personal data

Geneva, Switzerland, 4 December 2014 3

Where is the data?

Point of Sale (POS) system

Back of House Server (BOH)

In Transit

4

Traditional “Four-Party” Model Depiction

Issuer

Cardholder Merchant

Acquirer

Goods and Services

Statement

Transaction

Transaction

Third Parties Third Parties

April 19, 2023

Page 5

Emerging Trends

Technology – Cloud, Mobile

•New types of entities that we have never worked with before

•They don’t know us and we don’t know them

•They don’t understand the rules of the game, Regulation/AML/OFAC/Customer Risk/Fraud

•Risk appetites are very different

6

Transition to Today’s “n-Party” Model

Merchant Merchant Merchant

Issuer

Cardholder

Acquirer

3rd-Party Processor Member Service Provider

(TPP MSP)

IndependentSales

Organizations(ISO)

IndependentSales

Organizations(ISO)

“Merchant”Types and Devices

Data StorageEntity (DSE)

3rd-Party Processor Member Service Provider

(TPP MSP)

Define the Rules

Develop and evolve the rules

Roles and Responsibilities of the various stakeholders

Balanced consideration of all interests Standards

Licensing Allows the licensee to use the brand

Ensures customer is legal, regulated, compliant during on boarding.

Licensee agrees to comply with the MasterCard standards

The Licensee registers all the relevant parties

MasterCard knows who is involved in the payment Eco systemRegistration

1

2

3

Franchise Development

Integrity of the network– Compliance Program

– Global Quality Analytics

– Dispute Resolution Management

Global interoperability between anonymous parties

Compliance

4

Measures of Safety

Credential Management: How the payment credentials are protected

-Typically measured by:1. Who provisioned the credentials?2. What credentials were provisioned?3. Where were the credentials stored?

Transaction Strength: How we maintain authenticity in the transmission of payment information

-Typically measured by:1. How was the cardholder authenticated / identified?2. Was dynamic data used in the transaction?

1. Strong device authentication for “Face-to-face” and “Remote”

2. Strong and easy-to-use consumer authentication

3. Payment credentials under control of cardholder regardless of use case

4. Hardware and software methodologies supported

5. Dynamic data in all transactions6. Issuer liable (by and large)

converged paradigm to address the digital era

• Higher quality, safer and more secure transactions

• Migration of transactions to the devices that consumers’ prefer

• Seamless integration of payment into high value digital assets

– Merchant shopping apps– Mobile banking applications

• Improved Consumer Experience

New Converged Paradigm Benefits

Tokenization – Provided through the MaDigital Enablement Service (MDES)

Tokenization Digitization

Of a consumer’s payment card credentials

Tokenization is the replacement of a consumer

card’s primary account number (PAN) with an

alternative card number

Digitization is the process to deliver “tokenized” card details to mobile devices or servers for more secure

payments

Apple Pay is a full implementation new converged paradigm

Contactless (EMV)

In-app (EMV Over Internet)

…that’s it!