Mobile World Congress is filled with many exciting announcements in the payments and commerce space. And none more important than how to keep payments and commerce safe in a mobile world.
That happened to be the topic of conversation today during a session entitled “Digital Identity for Connected Societies,” featuring MasterCard President of Enterprise Security Solutions Ajay Bhalla. He introduced MasterCard’s IQ Series, which uses both “visible” and “invisible” means to prevent fraud from occurring. Before Bhalla took the stage, PYMNTS recently caught up with him to dive deeper into what he and MasterCard are doing to help fight one of the biggest sources of friction in payments and commerce: false declines in an online world.
While recognizing that digital commerce (referring to card-not-present, card present, eCommerce and mobile commerce) is still small, Bhalla notes that it’s expanding “at a very fast pace.”
Making the fact that 50 percent of all fraud globally is associated with digital commerce “a big problem” — a problem, Bhalla points out, that will only multiply as the Internet of Things (IoT) gains a stronger presence in the world “and more and more devices are being used for transactions and those transactions are automated.”
It’s a problem, explains Bhalla, that inspired MasterCard and its IQ Series.
Two products have been launched so far in the series.
The first solution is Authorization IQ, a system that monitors the behavior of a consumer's account over a rolling 12-month period and can authorize payments using algorithms based on that very behavior.
Referring to research done by Javelin, showing that while $9 billion a year in fraud was taking place in the U.S., $188 billion dollars in transactions were being incorrectly flagged as such (and therefore declined), Bhalla believes that Authorization IQ “will standardize the consumer experience at point of sale globally and ensure that fewer legitimate transactions are declined.”
The second solution launched as part of the IQ series is Assurance IQ, which Bhalla notes “solves specifically for the devices world.”
He attributes that one in six transactions via devices are declined largely to the fact that “there’s very little information being passed between the merchant to the issuing bank when a transaction is in the process of being authorized.”
“Because the issuing bank doesn’t see any of this information” — meaning the specific device, its IP address, etc. — he continues, “they tend to become nervous about approving the transaction.”
Assurance IQ solves for this, explains Bhalla, by allowing merchants to pass all of the aforementioned information to MasterCard through an API. MasterCard will then use the information in its databases, combine all the other information that we have about the transaction — for instance, the merchant, the ATM, where it's used — and then provide a score to the issuing bank.
“We believe this will ensure that the merchant intelligence is actually reaching the issuing bank that has to approve the transaction,” adds Bhalla, “and we believe this will actually remove a lot of declines.”
Bhalla associates a particular value for Assurance IQ within the IoT because, “in a way, we are getting into the mode of creating digital identities of consumers” — without, he points out, having any personally identifying information about the consumer.
“That digital identity we create without knowing any of those details [such as card, category, device, browser, IP address, et al.] will come in very handy when we move full speed ahead to a world characterized by the Internet of Things,” says Bhalla.
To add to the capabilities of the IQ Series, MasterCard has also introduced Location Intelligence solutions. These are predicated on the fact that, in Bhalla’s words, “when a consumer travels, his or her bank doesn't know that, and they get nervous when they see an overseas transaction and they don't approve it.”
Location Intelligence will allow consumers to authorize their banks to allow MasterCard to know their location so that, explains Bhalla, “we can make sure that the issuing bank then knows that the particular U.S. cardholder is currently in Spain, for example.”
Two technologies are being implemented by MasterCard to achieve this. One is through its partnership with a company called Zumigo. That technology, which is embedded into a consumer's mobile banking app, allows MasterCard to pick up GPS coordinates on a consumer’s phone and send it in an authorization message to the bank. The other is through its partnership with Syniverse.
Launching in the U.K. this month, that technology will tell MasterCard, based on a consumer's roaming signal, what particular country he or she is in. “All of this works very beautifully in cross-border situations,” says Bhalla, while “the Zumigo technology works beautifully everywhere.”
“We are building the whole digital identity for a consumer — behavioral identity, device identity and location identity,” he continues. “All of this has helped create a better user experience.”
In all of this, shares Bhalla, another “critical piece” of the puzzle is MasterCard Identity Check, which allows consumers to shop using biometrics.
The service was launched as a pilot with ICS in the Netherlands in Aug. 2015. According to a survey that MasterCard conducted among consumers participating in that trial, 92 percent of them rated Identity Check as being more convenient than passwords, while 80 percent found it to be more secure; additionally, 60 percent of respondents reported that they would strongly recommend Identity Check to family or friends.
MasterCard is now looking to expand Identity Check — which, Bhalla says, already had a “very successful” pilot program in the U.S. — to other markets, as more banks are continuing to request to be a part of it.
“This all comes together,” notes Bhalla, “as layers and layers of security are being added."
Regarding the particulars of those biometrics, Bhalla shares that the elements used for Identity Check’s pilot in the Netherlands relied on fingerprints and/or selfie photographs, while MasterCard is ‘testing many other technologies” in that regard.
In Canada, for example, with Nymi, MasterCard is testing the application of heartbeat biometrics — “unlike any other biometric, there is the opportunity to constantly authenticate the consumer to a device; the consumer never has to go to the trouble of taking an extra step of a selfie or a fingerprint,” says Bhalla.
In all of the security-focused solutions that MasterCard is unveiling, Bhalla makes it clear that the company “want[s] to make sure that the user experience is outstanding.”
“The idea of having various layers of security — the idea of having products like Safety Net, Authorization IQ, Assurance IQ, a chip in the card, Identity Check to do your selfie,” he concludes, “these are all layers that we are adding to actually ensure that the transaction can happen smoothly.”
These solutions work hard in the background so that consumers, merchants and their banks don’t have to work so hard to enable commerce.