Mastercard is considering the privacy concerns of cardholders in building a digital identity scheme that promises to be both decentralized and universal. The global payments company is hoping to help banks and merchants gain greater confidence in transactions by creating a single standard. One that does away with multiple solutions and providers.
There are things I like about Mastercard ID. On the surface, its emphasis on privacy could potentially drive adoption. Its eventual marketing will likely strike a similar tone set by Wells Fargo with their launch of “Control Tower," giving consumers control over their own information in a way that blends elements of card control, financial fitness, and security.
There are also things I do not like. Practically, the identity platform seems dependent on bank adoption, which – at least in the U.S. – guarantees it will not work everywhere. If that holds true, Mastercard ID may not be available to all bank customers. (Though, Mastercard may be planning on routing banks through its plans to collaborate with Samsung on delivering better ways “for people to conveniently and securely verify their digital identity on the mobile devices they use every day.”)
Read More About Control Tower: Why Wells Fargo’s Control Tower Signals the Future of Digital Banking
Regardless, Mastercard is setting its sights on digital identity at a time when there’s little question account takeover is the future of fraud. The incidence of which has more than doubled over the past three years. On a recent call with analysts, Mastercard executives said about half of all login attempts in December were considered high-risk.
That same month, Mastercard and Microsoft announced a “strategic collaboration” to improve how we all manage our online identities. According to a recent report in Wired, it will eventuall5y work like this:
- Customers will visit their bank – or other participating financial institution – to sign up for their Mastercard ID.
- The FI will combine points of identification, biometrics, dynamic data from financial institutions, or certifications (such as a university degree), for instance, to create a collage of information.
- A person’s ID will be provisioned on that consumers’ device as a digital token. One that replaces a person’s sensitive documents with a mathematical representation similar to how online shops store customer card numbers. (Mastercard is using a similar method to enable its Mastercard Digital Enablement Service (MDES))
The process keeps Mastercard in the dark. The company never stores or sees any of a consumers’ documents. It does not store them.
Mastercard White Paper: Restoring Trust in a Digital World
The approach is not necessarily unique. In principle, it seems similar – if not identical – to the one SecureKey now offers in Canada. The Toronto-based startup worked with IBM, using the tech giant’s blockchain, to create what it calls an “identity and attribute sharing network.”
Since SecureKey’s model (Verified.Me) relies on a private, cryptographic ledger, which only participating FIs, governments, and businesses can contribute to, no party exchanges any customer's details. The system relies on the agreements and trust enabled by SecureKey, which is blind to the details of transactions because of the technology’s underlying blockchain.
Gemalto is also advertising a digital identity platform – Trust ID Network – based on blockchain. In a brochure, the payment processor says no sensitive information will be stored in a centralized database. Instead, "members of the network" using a digital wallet can decide "what information is confidential and should stay between the hands of the customers." (This, too, reminds me of Wells Fargo’s Control Tower. The bank’s decision to allow customers to revoke access to payment and personal information to third parties is rooted more in privacy than personal financial management.)
Meanwhile, Mastercard is sure to build adoption for its digital identification scheme beyond merchants and issuers. Potentially offering its use in industries like healthcare and insurance, expanding its answer to the issues plaguing authentication. Helping us all prove that we are who we say we are, online.
Related Report: Digital Identity as a Bank-Delivered Service
Related Blog Post: Could Microsoft and MasterCard Solve Digital Identity?