MasterCard’s Express Lane To Secure Digital Commerce

The modern payments business is just about six decades old. For most of that time, the dominant form factor has been the plastic card. But as payments transactions move from being a plastic card swiped (or dipped) at a fixed terminal to a connected device communicating with another connected device, the requirements to authenticate consumers and secure those transactions becomes increasingly complex – especially as individual consumers use multiple devices to conduct commerce.

And absolutely essential if commerce is to truly move to places that are, according to MasterCard’s Chief Emerging Payments Officer Ed McLaughlin “at the edge of the [payments] network – and beyond.”

“Consumers will have any number of commerce-enabled devices as cars get smarter, as game systems get smarter, and even appliances get smarter. Consumers are and will be managing larger numbers of applications using card account credentials and we just want to make sure they are all secure through tokenization,” McLaughlin told MPD CEO Karen Webster in a recent interview.

And, as of yesterday, a whole lot easier for those who seek to secure digital commerce at scale to make possible.

MasterCard announced the launch of MasterCard Digital Enablement Express, a powerful complement to its MasterCard Digital Enablement Service (MDES) platform. The Express program provides a simple way for digital commerce providers – aka token requestors – to help cardholders conduct safe and secure commerce using MasterCard account credentials on any number of connected devices.

Express provides a consistent, rules-governed set of default terms for using MasterCard’s comprehensive token services platform. Commercial terms, operating rules, program eligibility security, testing, certification and acceptable use of assets like customer data are standardized — thus eliminating the need for token requestors to negotiate individual contracts with issuers.

Express program launch participants include Capital One, Fifth Third Bank, and Key Bank. Android Pay and Samsung Pay are among the first digital partners to participate in the program.

McLaughlin said that Express took the “best of MDES implementations” to create a simple and faster way of onboarding token requestors and token issuers. With Express, issuers need enroll only once, and can then onboard enabled accounts into any participating digital commerce environment regardless of where at the edge of the network they wish to conduct commerce. As McLaughlin described it, the commerce destination may be different for Express program participants and those making the journey may be different, but the basic rules of the road are the same.

“What the Express program provides is a remarkably streamlined way for token requesters – and that can be digital wallets, merchants with card on file systems or the Internet of things providers we’re working with – to easily access MDES by taking advantage of a standard set of default rules governing how commerce is enabled and kept secure in this new environment,” McLaughlin explained.

Put another way, Express is a program that can enable commerce “at the edge” as quickly as innovators create new commerce opportunities and consumers then adopt them.

At the core of both MDES and Express is ensuring the security and integrity of the commerce experience. “I think as you move from plastic into digital environments one of the essential elements is that card data needs to be stored somewhere, McLaughlin emphasized. “The only way to make sure data is safe is to make it useless out of context – and tokens do that.”

MDES made its very public debut just about a year ago as MasterCard’s attempt to get everyone speaking the same connected commerce language, using the payments token as the ecosystem’s Rosetta Stone. An MDES token is a unique card number associated with a MasterCard PAN – that is bound to a particular device. Each device that a consumer has will have a different tokenized credential called a device account number. The provisioning of that device credential is a one-time setup that can only happen once an issuer authorizes that the consumer is in good standing and that it is an account that they wish to have provisioned to a device.

When transacting, MDES allows that device account token to be further secured by generating a unique, one-time security code for each transaction that is further secured with an EMV key. That security code, along with the device account number, is then passed to the acquirer, creating a unique one-time account number for the transaction. The transaction is then processed through the rest of the existing authorization infrastructure for approval.  Because of the EMV key, McLaughlin told Webster, “every transaction can be unique – it can’t be replayed.”

Express may have eliminated the friction associated with enabling secure commerce but has not relaxed participant requirements (a “strong vetting process” remains very much a part of program eligibility), nor the flexibility that issuers will need to support their individual business models. “Issuers still have full choice to do what they do today and how they engage with commercial partners. We are simply giving them a streamlined program they can use,” McLaughlin explained.

But because moving commerce to the edge requires scale, Express with its no fee, consistent operating rules, rapid onboarding and secure transactional underpinning, presents a compelling path to getting there. MasterCard, with Express, just wants to make sure that commercial terms and the foundational aspects of “doing business” in a complicated payments environment doesn’t get in the way of innovators with new ways of enabling commerce doing it in a way that protects consumers, merchants and the payments ecosystem more broadly.

Something that also resonates with its first digital commerce partners.

“We are looking forward to bringing a best-in-class payments experience to consumers with Android Pay. Working with MasterCard’s Express platform will give us a highly scalable way to enable issuing banks to participate in Android Pay, while at the same time launching a service that has broad consumer access,” said Ariel Bardin, Google’s VP of Payments.

“Partnering with MasterCard via Express ensures that Samsung Pay can be brought to millions of consumers globally in a scalable and efficient way that creates value for us and issuers,” said Injong Rhee, EVP of Samsung Electronics, Global Head of Samsung Pay.