Mastercard is ramping up its initiative to eliminate credit card numbers in online shopping as part of its strategy to combat fraud.
A decade after launching a technology that substitutes consumers’ card numbers with tokens, Mastercard is now processing 1 billion tokenized transactions weekly, according to CEO Michael Miebach in a recent interview. It took the company three years to reach its first billion transactions using this method.
Looking ahead, Mastercard plans to further enhance this technology by replacing traditional security measures such as passwords with biometric identification like fingerprints or facial recognition, Miebach noted.
This move reflects the financial sector’s efforts to address the growing problem of online payment fraud, which is projected to exceed $91 billion by 2028.
“Ten years ago, the prevailing mindset was to keep things safe by protecting data and transactions with passwords,” Miebach stated during his visit to Mastercard’s London offices. “That was effective for a time, but eventually, it became a vulnerability rather than a reliable safeguard.”
Mastercard and its competitor, Visa, introduced token technology around a decade ago after a series of high-profile breaches affecting U.S. retailers like Target and Best Buy, where the credit card data of millions of consumers was compromised.
Initially, the focus of this technology was on replacing card numbers with a token that only the payment networks can decrypt, rendering it useless if obtained by hackers.
The rise of payment services like Apple Pay significantly contributed to reducing in-store fraud. However, online criminals are now increasingly targeting e-commerce platforms that require customers to manually enter their card details for transactions.
Additionally, hackers are exploiting websites in regions like India that rely on one-time passwords (OTPs) for security. These OTPs, sent by retailers and banks to verify consumer identity, have become more susceptible to fraud, according to Miebach.
To address this, Mastercard will collaborate with banks and payment providers globally to replace OTPs with tokens derived from consumers’ biometric data. The company launched this service in India this week as part of partnerships with PayU and Axis Bank, among others.
“The root of the problem is that if data is exposed and breaches occur, this information can be misused,” Miebach explained. “The digital economy is hindered by the risks of data breaches and fraud, and tokenization is a significant tool to mitigate these issues.”
Mastercard anticipates that by the end of the decade, all e-commerce transactions in Europe will be tokenized.