Visa, MasterCard follow Apple Pay's lead in security

Visa, MasterCard follow Apple Pay’s lead with beefed-up security


A war for mobile wallet dominance is on the horizon. Apple Pay. Photo: Jim Merithew/Cult of Mac
The industry is embracing tokenization and biometric security, both of which are Apple Pay's marquee strengths. Photo: Jim Merithew/Cult of Mac

Apple wasn’t kidding when it said Apple Pay would transform mobile payments. Built around easy of use and security, Apple Pay is the industry’s first solution that benefits users and banks.

The security aspect of Apple Pay has been especially crucial to its early success, and now the big credit card companies have been spurred to follow suit. Today both Visa and MasterCard announced new security initiatives to protect against cyberattacks. Visa in particular has borrowed one of Apple Pay’s key ideas: tokenization.

When a transaction is made with Apple Pay, the customer’s card number is never shared. Instead, a unique, one-time character string (token) is created to validate the transaction with the bank. This prevents hackers from intercepting sensitive financial data and effectively kills the possibility of identity theft.

Visa introduced its own tokenization technology around the same time as Apple Pay, and today it announced that it will continue to expand the security measure with more online partners throughout 2015.

“One of the most innovative and promising technologies we’ve seen in decades”

“Removing card account numbers from the processing and storage of payments represents one of the most innovative and promising technologies we’ve seen in decades,” said Charlie Scharf, chief executive officer, Visa Inc. “This, combined with chip card technology, advances in account holder authentication through analytics and biometrics, and more sophisticated risk monitoring, will allow Visa account holders to enjoy new, secure payment experiences.”

MasterCard announced a $20 million investment into cybersecurity measures, namely its MasterCard Safety Net technology. The fraud protection service “provides an independent layer of security on top of the tools and policies of financial institutions, by monitoring and blocking specific transactions based on selected criteria.”

Along with First Tech Federal Credit Union, MasterCard will also test a pilot program to let customers authenticate transactions with biometric security, like “facial and voice recognition and fingerprint matching.”

How that will exactly pan out remains to be seen. It’s doubtful that there will anything like fingerprint scanners in normal payment terminals anytime soon.

The industry is, however, turing to the more secure EMV chip standard for credit and debit cards in the U.S. in 2015. Projections are that half of all cards and 47% of terminals will be chip-enabled by the end of the year, according to MasterCard. Apple Pay will likely work at all those terminals, as merchants will have to upgrade their hardware to newer, typically NFC-equipped systems.

The U.S. government gave Apple Pay its seal of approval today with the announcement that the service will be used with federal cards. Tim Cook gave a brief speech at today’s White House cyber security summit in which he reiterated that Apple’s business is “based on selling the best products in the world, not your personal data.”