AI Powers Mastercard’s New Authentication Process
Have you ever had a legitimate credit card transaction declined on the Web or your smartphone? It’s a real hassle, to be sure. But now, thanks to a new payment protocol being introduced by Mastercard that relies on deep learning to authenticate purchasers, you should see fewer false positives, less fraud, and faster approvals to boot.
Billions of dollars are on the line in the battle for control of the nation’s electronic payment byways. Fraudsters are eager to exploit any technological weakness to steal others’ hard-earned money, while banks, retailers, and consumers just want to make transactions as simple and secure as possible.
The latest round of battle in the United States saw the introduction of chip and PIN technologies in the 2016 timeframe. This technology (which has become more chip and less PIN) made it much easier to identify cards that were stolen or fake cards loaded with legitimate data from stolen cards. Thanks to the greater cryptographic horsepower embedded into the cards themselves, fraud rates for “card present” transactions plummeted, and the good guys were happy (provided they didn’t have to remember that dreadful PIN).
But the fraudsters weren’t done. As the good guys clamped down with chips and PINs, cyber thieves figured out new and nefarious ways of exploiting weaknesses in “card not present” transactions, such as those conducted electronically over the Web, using a mobile phone, or purchased in an application, where the chip offers no protection.
In response, folks in the electronic payment industry put their heads together and came up with a new way to thwart the bad guys and keep the world safe for online commerce. EMVCo, the consortium that was originally founded by Europay, Mastercard, and Visa, created 3D-Secure 2.0, which is an updated iteration of the three-domain secure (3DS) protocol that has been in place for some time.
Chris Reid, Mastercard’s executive vice president of services for North America, recently briefed Datanami on its implementation of 3D-Secure 2.0, dubbed Mastercard Identity Check, and – most importantly for our readers — how big data and AI factor in the new process.
“We’re making it much easier from a consumer perspective and much better from a merchant and issuer perspective,” Reid says. “How we’re doing that is we’ve dramatically increased the data that is going to enable the issuer and the merchants to make the right decision on the transaction.”
According to Reid, the Mastercard Identity Check program will utilize up to 150 different data fields in its algorithmic decision-making processes. That’s 10x more than previous methods fed into the automated sytems.
“There’s a large amount of data elements that the merchant has, and a large amount of data elements that the bank has, and what we’re aiming to do is to piece these together and let the merchant and the issuer make the right decisions around authorizing those transactions,” he says. “The more data that you can apply into making a decision, the greater level of confidence you can have about that decision, and as a rule the more accurate you’re going to make that decision.”
The new program will enable banks to take into account a lot more information than previously, such as:
- Whether a buyer has authenticated himself into the merchant’s environment;
- The bill-to and ship-to addresses, and whether the buyer has used them before;
- Whether there have been problems with buyer’s previous purchases;
- If the buyer is using expedited shipping;
- The value of the item being purchased;
- The IP address of the computer where the purchase originated from;
- Whether the buyer is shopping during normal times of day;
- The brightness of the handheld device’s screen;
- Whether device owner gestures match historical patterns;
- And other pieces of data.
Mastercard needed the power of neural networks to be able to process all of this data quickly at the point of sale. “We’re able to apply newer technologies and advance computing power to crunch the incremental data,” Reid says.
The new program will also reduce friction by providing so-called “one-way” data flows for certain merchants. Today’s transaction typically has a two-way flow of data, but merchants increasingly want a one-way flow of data, where banks make the ultimate determination to approve or deny, because it reduces latency, although merchants also have the option of doing “step up” validation for certain transactions, Reid says.
“So what we’re seeing with the frictionless flow is the transaction being orders of magnitude quicker than traditional flow, powered by AI, because it can ingest data, make a decision, and pass it through into a trust score,” he says.
As a result of processing up to 150 data fields, Mastercard will be more confident in the identity and authenticity of card-not-present transactions, which will result in lower false positive and false negatives too. In places where the Mastercard Identity Check has been rolled out, the company has seen an 11% increase in approvals and a reduction in fraud, Reid says.
It’s a win for all participants in the payment chain, Reid says. “Merchants, retailers, airlines, digital players will see more transactions going through successfully,” he says. “And for issuing banks, you’ll be able to have a greater level of confidence that they’re making the right transactions and that they have less friction on the back-end for potential fraud, or customer disruption associated with a decline of a genuine transaction.”
As for the fraudsters themselves, the new AI-based authentication techniques will likely hit them in the pocketbook, and force them to find more clever ways of stealing people’s money. Perhaps it will also cause them to seek more gainful employment?
“You live in hope,” Reid admits. “I’d love to believe that it would cause them to see the light, but I’m slightly too cynical for that.”