Mastercard: Why A Truly Connected Economy Needs A New Security Paradigm

Flash back a few years and everyone had one or maybe two connected devices.

There were the smartphones we all had, with a heavy sprinkling of tablets and connected gaming consoles. One could count a computer, although desktops tend to lack portability.

Today, the landscape has changed. The phones, tablets, computers and consoles are still here — but so are smart speakers, smart thermostats, smart appliances, smartwatches, smart televisions and connected cars. And that’s just some of the mainstream stuff; we aren’t even getting into the weird add-ons like smart toothbrushes, smart dental floss and smart egg cartons.

“The IoT [Internet of Things] digital explosion is changing everything that happens around us,” Mastercard Executive Vice President of Security and Cyber Innovation Johan Gerber noted in a recent conversation with Karen Webster.

They were joined by Mastercard Executive Vice President of NuData and EMV/Digital Devices Christopher Bailey.

“How we communicate, how consumers buy products, how they watch content, how they find things — this literally touches every aspect of our lives, and somewhere in that big mountain of stuff is payments and the security around those payments,” Gerber said.

Those payments might be invisible, he noted, but there are still sellers waiting on them — and the challenge is making sure they happen consistently, cleanly and securely on the back end, while keeping the consumer experience delightful on the front end.

It is, according to Gerber, what pushed the January launch of Mastercard’s new Intelligence and Cyber Centre in Vancouver, Canada. The facility will eventually be one of six global technology centers for Mastercard to develop cyber solutions for the payments ecosystem globally. And when Mastercard is considering that global effort, Gerber told Webster, its goals slide into two major buckets: standards and security.

Creating Common Rules

For all the wonderful things that will come with the emergence of the IoT, Gerber said, the reality is that fraudsters will also come along. Security is a big deal because vulnerabilities no one has ever even thought of will pop up. Bailey concurred, referring to a Las Vegas casino that saw its high rollers list get hacked because cybercriminals found an entryway through an unsecured smart thermostat.

“IoT is going to have a massive impact on our lives, but there are no standards in place on how we connect and keep the consumer safe,” Gerber said. “Individual firms are making sure they aren’t getting breached. We also need to figure out how these devices are protected when they are in the hands, houses and business of users.”

Providing leadership around developing those types of standards, according to both executives, is the remit and organizing principle of Mastercard’s new Vancouver center.

It is consistent, Bailey noted, with work Mastercard has been doing for its entire existence — from PCI, to 3D Secure, to tokenization when it comes to creating the standards by which transactions will flow. Once everything is connected, and either directly wired into payments or sitting directly adjacent to something that is in the network, the responsibility of the ecosystem is to make sure what is chosen is stable and secure before it is enabled on a network.

“There are layers of security and tokens to protect data and all of the advances of the last several years that are effective,” Gerber said. “It isn’t all chaos out there.”

But things are evolving so fast, both Bailey and Gerber said, and innovators are moving so quickly that now is a great time for partnerships and standards so that what emerges as the IoT increasingly integrates in consumers’ lives functions both smoothly and securely.

“We aren’t looking to build or be the new center of a standards body; we want to be one of the voices at the table to work with shareholders and like-minded organizations who view consumer privacy and data security as their top priorities,” Bailey said.

The New Commerce Paradigm

Today, transactions basically fall into two categories — in person in store, and card not present online. But the era of the connected economy creates a third possibility: transactions in which neither the consumer nor the card is present. For example, situations in which the refrigerator detects that it is out of eggs and orders more for delivery, or a smart printer automatically orders its own ink when it runs low.

“We have to figure out how we think about trust in that system, and how much leverage do we want to give AI [artificial intelligence] — will the tech be able to not only transact on behalf of the customer, but also price out the goods, and ‘choose’ where to buy from,” Bailey said.

In the fully connected world that appears to be on the horizon, day by day and even second by second, there are going to be transactions and micro-transactions that a consumer has authorized — but isn’t directly aware of. That, Bailey and Gerber noted, will require an entirely new set of standards for authorizing and securing transactions — and building them will require an ecosystem-wide effort simply because of how many touchpoints the connected economy is expanding to.

The new Vancouver center is part of Mastercard’s efforts — but, the two executives noted, many more will come from Mastercard and others before the truly connected economy can get off the ground.

“At the end of the day, this won’t work if consumers have to validate and confirm every single transaction,” Gerber said. “We have to start using the things we’ve already created and build them into a very different security paradigm.”