B2B Payments

MasterCard’s Balfany: There’s No Silver Bullet, But Security Tools Do Work

It goes without saying that the recent data breaches at some of the major U.S. retailers, including Target and Neiman Marcus, have exposed a harrowing reality in the payments space — that fraudsters can and will take advantage of any security flaw they can.

As investigators piece through the wreckage to determine precisely what went wrong, the thinkers and problem-solvers in the payments industry are asking themselves: What is the best solution?

“What we need to think about is that, first of all, there is no one silver bullet to securing the payments environment,” Carolyn Balfany, senior vice president of U.S. product delivery at MasterCard, said in a recent interview with Market Platform Dynamics CEO Karen Webster.

In the interview, Balfany spoke about how the EMV smart card standard can serve a role in protecting customer data by providing an additional level of encryption, making it tougher for would-be fraudsters to benefit from information they steal. While Balfany acknowledges that EMV might not have prevented the Target breach’s impact, it may have altered the outcome (Jump To: 1:00).

“In an [EMV] chip environment, the data is much more secure. … Even if the transaction data is obtained, it is much more difficult, if not completely useless, to attempt to replay that information and create fraudulent transactions,” she said.

Instead of focusing on one particular payments channel, the emphasis should be much broader, Balfany said. (Jump To: 3:20).

“What we need to think about is securing all channels. We need to be employing EMV in a face-to-face environment — terminals in retail locations. We need to be employing it at the ATMs, and we need to be employing other tech and security measures as we think also about the card-not-present channel,” Balfany said.

Asked about EMV pushback on the part of merchants (Jump To: 4:30), Balfany remarked that the past few weeks have seen positive momentum in terms of adoption. The retailer data breaches have “strengthened” this movement, she said.

Balfany also noted that tokenization has a role to play in payments security (Jump To: 6:20), but she sees the technology as part of a wider security approach that incorporates a number of solutions.

“Tokenization will certainly be used globally, but so, too, EMV will exist and has been rolled out on a broad basis in other markets and provides the only globally interoperable standard,” Balfany said. “Again, it’s not all about one solution, as multiple solutions can not only co-exist but complement each other.”

Despite the potential for solutions to reduce risk, consumers are still deeply concerned about the safety of their financial information, their credit and their ability to spend. (Jump To: 12:00) As such, positive messaging and proactive information-sharing on the part of industry players is important for maintaining consumer trust, Balfany says. br>

“It’s incumbent on all of us [in the industry] to come together and re-communicate the facts to consumers — that they are protected, that [the system] is reliable, that there are fraud systems running constantly to protect their data, and that we’re all collaborating around that,” she said.

To learn more about how the payments industry is responding to retailer data breaches and rising consumer concerns about security, listen to the full podcast by clicking below.

*If you have trouble with the audio player above, click here.



B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.

Click to comment