Nearly half of consumers said they would not shop over the holidays at retailers that experiences data breaches, according to a recent survey. Consumers still need reassurance from the retail world that these breaches won’t happen, says Ajay Bhalla, President, Enterprise Safety and Security at MasterCard. PYMNTS recently sat down with Bhalla to get his views on the increasing concern around security this holiday season, the top 3 threats to payments, and which newly designed tools will most efficiently thwart today’s advanced cyber-hacking.
Ajay, you are responsible for enterprise safety and security at MasterCard. From where you sit what are the top 3 security threats to the payments ecosystem today, from issuers to retailers?
AB: Firstly, we’re seeing declining consumer confidence due to data breaches, and the impact on their safety. Not only are retailer data breaches rising, but also they are becoming larger in scale.
The second is a problem within the payments ecosystem and that is the aging system of passwords. The amount of applications we use is proliferating and so are the complex combinations of passwords we’re using to access them. It’s a problem in that we forget them, write them down, or use the same password across multiple apps and sites. It’s a problem for businesses with abandoned shopping baskets and frustrated customers. This hits their reputation and their bottom line.
The third issue is that card declines at the online point of sale are increasing, even when they are genuine purchases. This is what we in the payments business call “false positives” – in an effort to stamp out fraud, there is a tendency to overcompensate. This is particularly true in the e-commerce world, where card declines are five times that when the cardholder is present in a physical store. And yet despite those card declines, there is still three times more fraud.
You have recently released SafetyNet, a global tool designed to reduce the risk of cyber hacking of banks and processors. How does SafetyNet fit in within MasterCard’s overall security strategy?
AB: SafetyNet forms part of our multi-layered approach to protecting against fraud, which spans all parts of the payments ecosystem, for consumers at the physical and virtual point of sale, the retailers, banks and processors. It uses our network to identify potential attacks before they start and in some cases before our partners even know about it. It also uses sophisticated algorithms to spot fraud in real time and decline a transaction before any exposure occurs.
SafetyNet’s integrated into our network and already being used around the globe. It’s the latest addition to the comprehensive suite of tools we’ve built for issuers and merchants to improve the payment security. More than 2 billion online transactions pass through SecureCode each year, and now we’re leading the march on biometric authentication.
In a recently released survey by CreditCards.com, 45% of consumers said they would “definitely” or “probably” NOT shop at retailers over the holidays that acknowledged computer breaches to credit card data. Do you believe this? What do you think this means from a macro trend perspective?
AB: Post-holiday spending data will show us whether the sentiment is reflected in behavior. We can’t make predictions about where people will spend, but there are many surveys indicating consumer confidence is down. While consumers need to know that they aren’t liable if their own data is compromised and fraud occurs, they still need reassurance from the retail world that these breaches aren’t going to happen. For those who said they won’t shop at retailers who have been breached, they should also know that they are protected with our Zero Liability promise.
With Apple Pay, the technical capabilities of tokenization are beginning to become more understood. Even so, does there need to be a standard approach to tokenization? If so, where should that standard apply and what happens to current companies who have already invested in their existing technologies?
AB: Regardless of the technology or the partner, payment security needs standards and we actively seek out collaboration with our competitors to work alongside them for the greater good of cardholders and our partners. We are providing standards leadership so that cardholders remain safe even a changing payments landscape.
President, Enterprise Safety and Security, MasterCard
Ajay Bhalla is president, Enterprise Safety and Security. In this role, he touches all aspects of the business, working to keep MasterCard at the leading edge of safety and security, both via the technologies visible to all and those behind the scenes, equally critical to a leading global network. As such, he and his team support the fundamental promise MasterCard makes to its cardholders and partners: safety and security of electronic payments, the number one priority every day, everywhere and on every device.
Having joined MasterCard in 1992, Mr. Bhalla has held a number of key positions around the world. Prior to his current position, he served as president of DataCash, the subsidiary delivering advanced payment technology to merchants and banks. Under Mr. Bhalla’s leadership, the business processed one billion transactions each year, while preventing billions of dollars of potential fraud.
Prior to DataCash, Mr. Bhalla led the early rollout of MasterCard’s PayPass™ contactless technology in 14 Asian markets. He also established ground-breaking partnerships, one of which enabled commuters to make contactless MasterCard payments on Singapore’s public transport network. Mr. Bhalla created MasterCard Titanium, a card aimed at affluent consumers. He also developed numerous retail strategies that have enabled MasterCard to dominate Asian markets.
Before joining MasterCard, Mr. Bhalla held key marketing positions at HSBC and Xerox. He studied in India, earning a degree in Commerce from the University of Delhi, and a Masters in Management Studies from the University of Bombay.