Exclusive Series

MasterCard’s Balfany: There’s No Silver Bullet, But Security Tools Do Work

It’s the big question being asked in the post-Target breach environment: How do we stop the next one? As Carolyn Balfany, senior vice president of U.S. product delivery at MasterCard, points out, the reality is that there’s no single solution. A proactive, multi-pronged approach, however, can have a lasting impact on both payments security and consumer trust.


It goes without saying that the recent data breaches at some of the major U.S. retailers, including Target and Neiman Marcus, have exposed a harrowing reality in the payments space — that fraudsters can and will take advantage of any security flaw they can.

As investigators piece through the wreckage to determine precisely what went wrong, the thinkers and problem-solvers in the payments industry are asking themselves: What is the best solution?

“What we need to think about is that, first of all, there is no one silver bullet to securing the payments environment,” Carolyn Balfany, senior vice president of U.S. product delivery at MasterCard, said in a recent interview with Market Platform Dynamics CEO Karen Webster.

In the interview, Balfany spoke about how the EMV smart card standard can serve a role in protecting customer data by providing an additional level of encryption, making it tougher for would-be fraudsters to benefit from information they steal. While Balfany acknowledges that EMV might not have prevented the Target breach’s impact, it may have altered the outcome (Jump To: 1:00).

“In an [EMV] chip environment, the data is much more secure. … Even if the transaction data is obtained, it is much more difficult, if not completely useless, to attempt to replay that information and create fraudulent transactions,” she said.

Instead of focusing on one particular payments channel, the emphasis should be much broader, Balfany said. (Jump To: 3:20).

“What we need to think about is securing all channels. We need to be employing EMV in a face-to-face environment — terminals in retail locations. We need to be employing it at the ATMs, and we need to be employing other tech and security measures as we think also about the card-not-present channel,” Balfany said.

Asked about EMV pushback on the part of merchants (Jump To: 4:30), Balfany remarked that the past few weeks have seen positive momentum in terms of adoption. The retailer data breaches have “strengthened” this movement, she said.

Balfany also noted that tokenization has a role to play in payments security (Jump To: 6:20), but she sees the technology as part of a wider security approach that incorporates a number of solutions.

“Tokenization will certainly be used globally, but so, too, EMV will exist and has been rolled out on a broad basis in other markets and provides the only globally interoperable standard,” Balfany said. “Again, it’s not all about one solution, as multiple solutions can not only co-exist but complement each other.”

Despite the potential for solutions to reduce risk, consumers are still deeply concerned about the safety of their financial information, their credit and their ability to spend. (Jump To: 12:00) As such, positive messaging and proactive information-sharing on the part of industry players is important for maintaining consumer trust, Balfany says.

“It’s incumbent on all of us [in the industry] to come together and re-communicate the facts to consumers — that they are protected, that [the system] is reliable, that there are fraud systems running constantly to protect their data, and that we’re all collaborating around that,” she said.

Carolyn Balfany, Senior Vice President, U.S. Product Delivery, MasterCard Worldwide

Carolyn Balfany is senior vice president, U.S. product delivery, at MasterCard Worldwide. She has led the development and management of the product delivery function since 2005 and continues to be responsible for the team of experts that guide MasterCard issuers, merchants and processors through the successful implementation of MasterCard products and services. Her responsibilities include the delivery of all consumer credit, debit, commercial, prepaid and innovations platforms solutions within the U.S. markets. Before moving into U.S. markets, Balfany held the position of vice president, MasterCard Rewards Services, with MasterCard Advisors.

To learn more about how the payments industry is responding to retailer data breaches and rising consumer concerns about security, listen to the full podcast by clicking below.


*If you have trouble with the audio player above, click here.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment