skip to content


The Top 3 Payments Security Threats This Holiday Season

Nearly half of consumers said they would not shop over the holidays at retailers that experiences data breaches, according to a recent survey. Consumers still need reassurance from the retail world that these breaches won’t happen, says Ajay Bhalla, President, Enterprise Safety and Security at MasterCard. PYMNTS recently sat down with Bhalla to get his views on the increasing concern around security this holiday season, the top 3 threats to payments, and which newly designed tools will most efficiently thwart today’s advanced cyber-hacking.

Ajay, you are responsible for enterprise safety and security at MasterCard. From where you sit what are the top 3 security threats to the payments ecosystem today, from issuers to retailers?
AB: Firstly, we’re seeing declining consumer confidence due to data breaches, and the impact on their safety. Not only are retailer data breaches rising, but also they are becoming larger in scale.
The second is a problem within the payments ecosystem and that is the aging system of passwords. The amount of applications we use is proliferating and so are the complex combinations of passwords we’re using to access them. It’s a problem in that we forget them, write them down, or use the same password across multiple apps and sites. It’s a problem for businesses with abandoned shopping baskets and frustrated customers. This hits their reputation and their bottom line.
The third issue is that card declines at the online point of sale are increasing, even when they are genuine purchases. This is what we in the payments business call “false positives” – in an effort to stamp out fraud, there is a tendency to overcompensate. This is particularly true in the e-commerce world, where card declines are five times that when the cardholder is present in a physical store. And yet despite those card declines, there is still three times more fraud.

You have recently released SafetyNet, a global tool designed to reduce the risk of cyber hacking of banks and processors. How does SafetyNet fit in within MasterCard’s overall security strategy?
AB: SafetyNet forms part of our multi-layered approach to protecting against fraud, which spans all parts of the payments ecosystem, for consumers at the physical and virtual point of sale, the retailers, banks and processors. It uses our network to identify potential attacks before they start and in some cases before our partners even know about it. It also uses sophisticated algorithms to spot fraud in real time and decline a transaction before any exposure occurs.
SafetyNet’s integrated into our network and already being used around the globe. It’s the latest addition to the comprehensive suite of tools we’ve built for issuers and merchants to improve the payment security. More than 2 billion online transactions pass through SecureCode each year, and now we’re leading the march on biometric authentication.

In a recently released survey by, 45% of consumers said they would “definitely” or “probably” NOT shop at retailers over the holidays that acknowledged computer breaches to credit card data. Do you believe this? What do you think this means from a macro trend perspective?
AB: Post-holiday spending data will show us whether the sentiment is reflected in behavior. We can’t make predictions about where people will spend, but there are many surveys indicating consumer confidence is down. While consumers need to know that they aren’t liable if their own data is compromised and fraud occurs, they still need reassurance from the retail world that these breaches aren’t going to happen. For those who said they won’t shop at retailers who have been breached, they should also know that they are protected with our Zero Liability promise.

With Apple Pay, the technical capabilities of tokenization are beginning to become more understood. Even so, does there need to be a standard approach to tokenization? If so, where should that standard apply and what happens to current companies who have already invested in their existing technologies?
AB: Regardless of the technology or the partner, payment security needs standards and we actively seek out collaboration with our competitors to work alongside them for the greater good of cardholders and our partners. We are providing standards leadership so that cardholders remain safe even a changing payments landscape.

Source: PYMNTS