The head of MasterCard Worldwide’s chip centre of excellence talks to Michelle Price about how the company is attempting to combat global online card fraud through its two-factor authentication model.

Few technological retail banking innovations have proved as spectacularly successful as the humble payment card. From London to Taiwan, the payment card has achieved a status that is both truly mass, and truly global. But the ubiquity of the payment card necessarily brings with it major security challenges: indeed, the ongoing rise of card fraud remains an intractable problem for the global banking industry.

One individual who has keenly observed this trend is Toni Merschen. As head of MasterCard Worldwide’s chip centre of excellence, he is tasked with developing, managing and deploying chip card technologies that enable MasterCard to continue to differentiate itself: this means developing cards that are not only multi-functional but also secured against a number of fraudulent activities.

Card not present

Of these, ‘card not present’ fraud – in which the details on or relating to the card are used fraudulently in its absence – has grown substantially in recent years, driven largely by the emergence of e-commerce. Mr Merschen says: “This is something that the banks in the UK in particular have not focused on.”

Instead, he says, UK banks have tended to devote their efforts to combating domestic counterfeit fraud and stolen card fraud. But the emerging, online global trade in credit card details means that ‘card not present’ fraud is becoming an ever-pressing concern.

For this reason, argues Mr Merschen, both online banks and e-commerce providers should move towards a two-factor authentication model, based on the chip and PIN card infrastructure that has been rolled out during the past few years in the UK and Europe.

In a two-factor authentication model, the identity of the card user is verified through the use of two combined but independent factors: in the case of chip and PIN, this is something that the user has – the chip card – and something that the user knows – their PIN.

In online transactions, this has not traditionally been possible. But during the past 18 months, a handful of major banks and building societies, including Barclays, Royal Bank of Scotland and Nationwide, have begun migrating their online customers to a two-factor authentication model, wherein the customer deploys chip and PIN at home using a hand-held reader, in order to authenticate their banking session. In recent years, MasterCard – a leader in this area – has strongly promoted the use of this model across a vast spread of e-commerce providers as well, in its Chip Authentication Programme (CAP).

Gaining traction

Two-factor authentication is gaining considerable traction globally. It is widely regarded by many banks as a logical and positive step forward in the battle to secure online financial trans- actions. Increasingly, many banks are “seriously” considering rolling out the model with MasterCard’s CAP programme, not only for online banking but for e-commerce too.

However, controversy still remains as to whether the model is truly sustainable, not least because it forces the onus of responsibility, to a large extent, on to the user. Furthermore, two-factor authentication degrades the ‘frictionless’ online user-experience – originally the channel’s key point of differentiation over the physical branch or store.

Mr Merschen rejects these arguments. Research by MasterCard, he contests, suggests consumer attitudes towards online security are fast-maturing: “People have become comfortable with the chip and PIN experience on the high street: this is just chip and PIN at home.”

Industry polls

In its industry polls, MasterCard has also found that distribution of chip and PIN home devices in Europe is growing, with between 10 million and 15 million in circulation. Mr Merschen argues: “Consumers know how to do this: chip and PIN at home is, we therefore feel, a proper balance between ease and convenience and security on the commerce site.” However, he adds that the success of chip and PIN at home will not only be a function of familiarity. In his view, the consumer now actively seeks reassurance when transacting online. He says: “It is something that needs to be there: you want to have confidence in executing commerce in a medium where you do not have a face-to-face encounter.”

Research has suggested that there are some demographic and age-related variations in the way that consumers regard online security controls, but a fundamental theme can be discerned throughout. Mr Merschen says: “The basic underlying result was that people will transact more online if they feel comfortable with the security.”

More broadly, he adds, raising consumer confidence in online transactions is not a question of improving short-term profitability. Rather, rolling out chip and PIN at home specifically – and the global push towards two-factor authentication in general – is an important means by which to secure global commerce, the future of which could well be undermined if consumers lose confidence in the online transaction process.

CAREER HISTORY

2002: Head of MasterCard Worldwide’s chip centre of excellence in Waterloo, Belgium, overseeing business, product and deployment aspects of chip-based solutions for MasterCard’s global advanced payments department.

1998: Head of Citigroup’s global competence centre for chip card-enabled solutions, mobile financial services, public key infrastructure and biometrics.

1984: Prior to Citibank, he held various roles at IBM, where he worked for 14 years.

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter