MasterCard, Visa Launch Cross-Industry Payment Security Effort

Will strive to develop "actionable roadmap" for increased, accelerated security

Published in CSP Daily News

NEW YORK -- MasterCard and Visa have formed a new cross-industry group focused on enhancing payment system security to keep pace with the expectations of consumers, retailers and financial institutions. The group will initially focus on the adoption of EMV (Europay, MasterCard and Visa) chip technology in the United States, in addition to addressing other security-related topics, including tokenization, point-to-point encryption and broader needs of the region.

With reservations, the National Retail Federation (NRF) called it an "important step in the right direction."

This new group will include a diverse group of participants in the payments systems including banks of all sizes, credit unions, acquirers, retailers, point-of-sale (POS) device manufacturers and industry trade groups. The formation of the group is a public recognition of the importance of all parties to work together and will ensure all voices can contribute to the strategic direction of payment security, Visa and MasterCard said.

"The recent high-profile breaches have served as a catalyst for much-needed collaboration between the retail and financial services industry on the issue of payment security," said Ryan McInerney, president of Visa Inc. "As we have long said, no one industry or technology can solve the issue of payment system fraud on its own. These conversations will serve as a useful forum to share ideas, break down barriers and spur the adoption of next generation security solutions for the benefit of all."

"One of the critical roles we play is to protect consumers and businesses against criminals and fraudsters," said Chris McWilton, president of North American markets for MasterCard. "Only through industry collaboration and cooperation will we address the real and immediate issue of security and maintain consumer confidence and trust. EMV will be the next step in these efforts, alongside enhanced security solutions for online and mobile channels."

With a priority on delivering meaningful solutions that benefit consumers, merchants and financial institutions of all sizes, this group will focus on a broad range of security-related topics, including:

  • Advancing the migration to EMV in the United States. Chip technology generates a unique code for every transaction, making it nearly impossible for criminals to use the card for counterfeit fraud.
  • Promoting additional security solutions like tokenization and point-to-point encryption. While EMV addresses the physical point of sale, the need to protect mobile and online transactions is critical. In tokenization, a unique digital payment code replaces the traditional account number, providing an additional layer of security.
  • Developing an actionable roadmap for securing the future across all segments of the payments industry.

MasterCard and Visa expect this group will complement and engage with other efforts across the industry, including proprietary risk councils, EMV task forces and the standard management bodies.

In a statement responding to the announcement, NRF senior vice president and general counsel Mallory Duncan said:

"We remain insistent that U.S. retailers' customers be given the same protections as consumers in more than 80 countries who have both a chip and a PIN securing their credit and debit cards. There is no single solution to the complex issue of criminal hacking and we know PIN and Chip is just a bridge on the long road to a safer payment system, but it is an important step in the right direction.

"We appreciate being involved in meetings with other stakeholders such as the one hosted by Visa and MasterCard last week. While we certainly agree that speed is of the essence, we don't believe that is an obstacle to introducing PIN and Chip cards since the technology is well established and the cards are widely used around the globe.

"Easy-to-forge signatures are a virtually worthless form of authentication. Insisting on chip-and-signature cards is like installing an alarm on the front door of a home while leaving the back door wide open. It doesn't make sense when the technology exists to secure the entire house."