MasterCard Urges People to Store Data Remotely to Boost Security at Home

Rampant data breaches have taught consumers that it is not always wise to store payment data with a third party, but soon such behavior may become the safer way to transact.

Intel Corp. is building an ability in its devices to generate dynamic data for each transaction made from a digital wallet funded by a MasterCard Inc. product. Unlike the payment data used in most e-commerce transactions today, dynamic data is designed to be impossible to reuse if it is stolen.

Intel's machines will also support contactless MasterCard PayPass payments generated by a card or a mobile phone; these also use dynamic data.

"It used to be, things that make it more convenient sometimes would lessen security [and] things you did to make it much more secure were often an impediment to the consumer. We can now move both things in parallel: Make it more convenient and more secure," says Ed McLaughlin, MasterCard's chief emerging payments officer.

The dynamic-data capability provides a similar measure of security as the one-time password tokens used to log in to some bank accounts, he says. Users are also protected against keylogging software, since card data is stored remotely in a digital wallet instead of typed for each new merchant.

Some Intel devices already generate dynamic data. The contactless payment capability will be added next year, starting with Intel's Ultrabook line of thin portable computers.

Consumers would not need to use a contactless card when shopping from home if they already use the digital wallet — the contactless payment capability is more appropriate for kiosks and other merchant devices.

Intel focused first on its thin laptop line "because they are handy on-the-go devices" that complement smartphones, says Gordon Dolfie, general manager of Intel Identity Protection Technology.

The Ultrabook line, which will later get touchscreen capabilities, is designed as "a hybrid tablet and notebook PC," Dolfie says. Some merchants today already use tablets to accept payments.

With Intel's technology, a merchant must first switch on the PayPass capability with MasterCard, McLaughlin says. Banks that already issue PayPass cards would not need to make any substantial changes.

This is in contrast to a similar payment technology from SecureKey Technologies Inc., a Toronto company that allows contactless payments to be made from home computers by using a USB device.

In SecureKey's model, the issuing bank that offers SecureKey payments must be set up to accept the dynamic data it generates. The merchant, under SecureKey's model, can be totally oblivious to this process since the dynamic data is submitted in one of the checkout page's normal fields.

McLaughlin would not say whether MasterCard is working with SecureKey.

The payment capability MasterCard is supporting with Intel will eventually be opened up to include the other card networks, but MasterCard will have an initial period of exclusivity, McLaughlin says. He would not say how long that exclusivity would last.

There is a clear security benefit to MasterCard's plan, says Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc.

"It's much better to have a dynamic code and it's a good idea not to store data on your PC," she says.

However, she warns, no security is perfect. A dynamic code can be stolen in real time and used for fraudulent transactions before the legitimate customer can use it, she says.

Even so, "it's definitely a step up from what we do today," she says.

For reprint and licensing requests for this article, click here.
Bank technology Consumer banking
MORE FROM AMERICAN BANKER