Mastercard is considering the privacy concerns of cardholders in building a digital identity scheme that promises to be both decentralized and universal. The global payments company is hoping to help banks and merchants gain greater confidence in transactions by creating a single standard. One that does away with multiple solutions and providers.

There are things I like about Mastercard ID. On the surface, its emphasis on privacy could potentially drive adoption. Its eventual marketing will likely strike a similar tone set by Wells Fargo with their launch of “Control Tower," giving consumers control over their own information in a way that blends elements of card control, financial fitness, and security.

There are also things I do not like. Practically, the identity platform seems dependent on bank adoption, which – at least in the U.S. – guarantees it will not work everywhere. If that holds true, Mastercard ID may not be available to all bank customers. (Though, Mastercard may be planning on routing banks through its plans to collaborate with Samsung on delivering better ways “for people to conveniently and securely verify their digital identity on the mobile devices they use every day.”)

Read More About Control Tower: Why Wells Fargo’s Control Tower Signals the Future of Digital Banking

Regardless, Mastercard is setting its sights on digital identity at a time when there’s little question account takeover is the future of fraud. The incidence of which has more than doubled over the past three years. On a recent call with analysts, Mastercard executives said about half of all login attempts in December were considered high-risk.

That same month, Mastercard and Microsoft announced a “strategic collaboration” to improve how we all manage our online identities. According to a recent report in Wired, it will eventuall5y work like this:

  • Customers will visit their bank – or other participating financial institution – to sign up for their Mastercard ID.
  • The FI will combine points of identification, biometrics, dynamic data from financial institutions, or certifications (such as a university degree), for instance, to create a collage of information.
  • A person’s ID will be provisioned on that consumers’ device as a digital token. One that replaces a person’s sensitive documents with a mathematical representation similar to how online shops store customer card numbers. (Mastercard is using a similar method to enable its Mastercard Digital Enablement Service (MDES))

The process keeps Mastercard in the dark. The company never stores or sees any of a consumers’ documents. It does not store them.

Wired Report: Mastercard Wades Into Murky Waters With Its New Digital ID

Mastercard White Paper: Restoring Trust in a Digital World

The approach is not necessarily unique. In principle, it seems similar – if not identical – to the one SecureKey now offers in Canada. The Toronto-based startup worked with IBM, using the tech giant’s blockchain, to create what it calls an “identity and attribute sharing network.”

Since SecureKey’s model (Verified.Me) relies on a private, cryptographic ledger, which only participating FIs, governments, and businesses can contribute to, no party exchanges any customer's details. The system relies on the agreements and trust enabled by SecureKey, which is blind to the details of transactions because of the technology’s underlying blockchain.

Gemalto is also advertising a digital identity platform – Trust ID Network – based on blockchain. In a brochure, the payment processor says no sensitive information will be stored in a centralized database. Instead, "members of the network" using a digital wallet can decide "what information is confidential and should stay between the hands of the customers." (This, too, reminds me of Wells Fargo’s Control Tower. The bank’s decision to allow customers to revoke access to payment and personal information to third parties is rooted more in privacy than personal financial management.)

Meanwhile, Mastercard is sure to build adoption for its digital identification scheme beyond merchants and issuers. Potentially offering its use in industries like healthcare and insurance, expanding its answer to the issues plaguing authentication. Helping us all prove that we are who we say we are, online. 

Related Report: Digital Identity as a Bank-Delivered Service

Related Blog Post: Could Microsoft and MasterCard Solve Digital Identity?


About Sean Sposito

Sean Sposito is an analyst in the fraud & security practice at Javelin Strategy & Research. His primary focus is the intersection of retail banking and information security. The topics he’s keenly interested in are vulnerability disclosure, cybersecurity insurance, threat intelligence, and the overall challenges facing security executives inside financial institutions. 

Before joining Javelin, Sean worked as a reporter at the San Francisco Chronicle, the Atlanta Journal-Constitution, and American Banker, among others. As a content strategist at the Christian Science Monitor, he counseled security vendors, PR agencies, and in-house communications executives on storytelling techniques and media engagement. 

He has moderated panels at the Visa Security Summit, the ATM Debit & Prepaid Forum, the Emerging and Mobile Payments Card Forum, the Mobile Banking and Commerce Summit, and the Mobile Payment Conference, among others. He holds a bachelor’s degree from the University of Missouri’s School of Journalism. 

Stay in Touch!