MasterCard International launched an initiative on Wednesday to help credit card-accepting merchants tighten up their protection of sensitive consumer data.
The credit card association is working with merchants to provide them with information, tools and support to help safeguard consumer data, Chris Thom, MasterCard's chief risk officer, said in a statement. It is part of a broader effort by MasterCard to safeguard payment systems and to improve security in commerce.
"This is a critical part of our strategy for ensuring security in the payments system," Thom said.
The effort is designed to combat credit card fraud amid increasing concerns about identity theft.
It comes after a series of high-profile security breaches involving credit card data, including at retailers. Last year, information on more than 1.4 million credit card transactions and 96,000 check transactions was stolen from 108 DSW shoe stores. In another incident, a problem with point-of-sale software at Polo Ralph Lauren compromised the credit card data of as many as 180,000 people.
A main component of the new initiative focuses on online transactions. MasterCard is providing lower rates to sellers who adopt MasterCard SecureCode, a program that allows cardholders to enter a security code similar to a PIN when they make online purchases.
Online merchants that support SecureCode will be eligible for rates comparable to those for face-to-face transactions, up to a 16 percent reduction, MasterCard said. Typically credit card companies charge merchants more for online transactions.
MasterCard aims to educate vendors about the importance of security through advertising, Web content and online seminars. Rival credit card association Visa USA has itself introduced a similar effort. It even organized a nine-city tour on PCI rules for merchants.
This extra PIN stuff is useless. Its not more than adding 4 additional digits to the 16 digit card number. The big difference to ID thieves would be that they would steal 20 digit fixed CC numbers instead of 16 digits (or actually 23 instead of 19 if you count the securuty code that is required nowadays to make online purchases.)
The business model is wrong. There should not be a need for the consumer to trust the merchant and all the merchants employees in order to pay using a credit card. The information supplied by the consumer to make a payment should not be reusable for any other purpose other than completing that one deal. The way it isw done now one has to give a code, (or several codes, like CC number+security code+PIN+billing address+name etc. that add up to one record) giving whoever receives it, i.e., any merchant you pay to the ability to use it for making additional charges to your card, or to sell the info to a third party that can then use it to make charges to your card. It's a business model that can work only in a world with almost no information flow, and this ended with the internet.
The only way to make secure payments is if the info passed between the two parties to a transaction can only be used for that one particular transaction. So instead of making the effort to "secure the info stored by merchants" (that they shouldn't have in the first place) that can be circumvented by any supermarket employee that can attach a hardware keylogger to a card reading device, the focus should be on replacing the old credit card system with a system where the consumer has a small device that accepts the merchants code, amount to be paid, and produces a hash based on that and on the consumer's CC number and the time and date that is then kept by the merchant to complete the payment. That hash would need much lower level of security and would be useless to whoever can steal it.
You make a great point, but how do we get the credit card companies to absorb the cost of deploying millions of "smart cards"? They barely acknowledge there is a problem in the first place.
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here and what the next steps are.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
The business model is wrong. There should not be a need for the consumer to trust the merchant and all the merchants employees in order to pay using a credit card. The information supplied by the consumer to make a payment should not be reusable for any other purpose other than completing that one deal. The way it isw done now one has to give a code, (or several codes, like CC number+security code+PIN+billing address+name etc. that add up to one record) giving whoever receives it, i.e., any merchant you pay to the ability to use it for making additional charges to your card, or to sell the info to a third party that can then use it to make charges to your card. It's a business model that can work only in a world with almost no information flow, and this ended with the internet.
The only way to make secure payments is if the info passed between the two parties to a transaction can only be used for that one particular transaction. So instead of making the effort to "secure the info stored by merchants" (that they shouldn't have in the first place) that can be circumvented by any supermarket employee that can attach a hardware keylogger to a card reading device, the focus should be on replacing the old credit card system with a system where the consumer has a small device that accepts the merchants code, amount to be paid, and produces a hash based on that and on the consumer's CC number and the time and date that is then kept by the merchant to complete the payment. That hash would need much lower level of security and would be useless to whoever can steal it.