B2B Payments

MasterCard’s Balfany: There’s No Silver Bullet, But Security Tools Do Work

It goes without saying that the recent data breaches at some of the major U.S. retailers, including Target and Neiman Marcus, have exposed a harrowing reality in the payments space — that fraudsters can and will take advantage of any security flaw they can.

As investigators piece through the wreckage to determine precisely what went wrong, the thinkers and problem-solvers in the payments industry are asking themselves: What is the best solution?

“What we need to think about is that, first of all, there is no one silver bullet to securing the payments environment,” Carolyn Balfany, senior vice president of U.S. product delivery at MasterCard, said in a recent interview with Market Platform Dynamics CEO Karen Webster.

In the interview, Balfany spoke about how the EMV smart card standard can serve a role in protecting customer data by providing an additional level of encryption, making it tougher for would-be fraudsters to benefit from information they steal. While Balfany acknowledges that EMV might not have prevented the Target breach’s impact, it may have altered the outcome (Jump To: 1:00).

“In an [EMV] chip environment, the data is much more secure. … Even if the transaction data is obtained, it is much more difficult, if not completely useless, to attempt to replay that information and create fraudulent transactions,” she said.

Instead of focusing on one particular payments channel, the emphasis should be much broader, Balfany said. (Jump To: 3:20).

“What we need to think about is securing all channels. We need to be employing EMV in a face-to-face environment — terminals in retail locations. We need to be employing it at the ATMs, and we need to be employing other tech and security measures as we think also about the card-not-present channel,” Balfany said.

Asked about EMV pushback on the part of merchants (Jump To: 4:30), Balfany remarked that the past few weeks have seen positive momentum in terms of adoption. The retailer data breaches have “strengthened” this movement, she said.

Balfany also noted that tokenization has a role to play in payments security (Jump To: 6:20), but she sees the technology as part of a wider security approach that incorporates a number of solutions.

“Tokenization will certainly be used globally, but so, too, EMV will exist and has been rolled out on a broad basis in other markets and provides the only globally interoperable standard,” Balfany said. “Again, it’s not all about one solution, as multiple solutions can not only co-exist but complement each other.”

Despite the potential for solutions to reduce risk, consumers are still deeply concerned about the safety of their financial information, their credit and their ability to spend. (Jump To: 12:00) As such, positive messaging and proactive information-sharing on the part of industry players is important for maintaining consumer trust, Balfany says. br>

“It’s incumbent on all of us [in the industry] to come together and re-communicate the facts to consumers — that they are protected, that [the system] is reliable, that there are fraud systems running constantly to protect their data, and that we’re all collaborating around that,” she said.

To learn more about how the payments industry is responding to retailer data breaches and rising consumer concerns about security, listen to the full podcast by clicking below.

*If you have trouble with the audio player above, click here.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment