NAFCU Services Blog

Originally posted on Cashless Pioneers blog

Guest post written by James Anderson, Group Head and SVP, Mobile and Emerging Payments, MasterCard

MasterCard is the NAFCU Services Preferred Partner for Credit, Debit, and Prepaid Branded Products.

In bringing Apple Pay to consumers, Apple wanted to deliver the highest quality transactions possible. So who did they turn to? Those who’ve built the scalable payment infrastructure that is the envy of others – MasterCard.

We believe that payments should always be a simple proposition to the consumer – but once you get under the hood, there’s a very sophisticated network in place that enables any of us to walk into a store and make a purchase – trusting that our cards will work as we expect them to. We realize that consumers don’t care about that – but what they do want to know is that their information and their money are secure.  Through the work that MasterCard did with Apple and with the active engagement of the first four issuers – we’ve delivered the most secure combination of technologies that we’ve ever deployed:

Top Things to Know About Apple Pay and the Security of Our Digital Payments Platform:

1. Apple Pay Transactions Will Work Just Like Any Other MasterCard Transaction

Transactions that originate from Apple Pay will work the same as any other MasterCard transaction. The consumer will see the card they wish to use in their iPhone from the issuer that they are used to doing business with, the merchant sees a MasterCard transaction – either the familiar contactless form in store or Digital Secure Remote Payment for in-app. Apple is never in the transaction path.

2. Built with the Most Secure Technology

In building a secure payment experience, we’ve taken advantage of industry-standard EMV cryptology, in our digital enablement service and in Apple Pay, to ensure transactions are fully in line with the U.S. EMV migration and can take full advantage of the most secure payments technology in the world. We’ve taken this crown jewel of payment technology and put it at the heart of the program.

3. And We’ve Added an Extra Layer of Protection

In order to further protect consumers, we’ve added an additional layer of security to the digital payment process through tokenization. This means that the number stored in the Secure Element in a consumer’s iPhone 6 is not the same number as on their card. In the (unlikely) event that someone is able to pick up the data off of a transaction – what they’re going to get is a 16-digit token number and a cryptogram (a long number unique to each transaction). If they try to use the token without a cryptogram, we’ll reject the transaction. And they can’t generate a crypotgram without the EMV keys that are stored safely in the Secure Element on the iPhone. A lot of technical talk – but added together it simply means that we’ve put the right protections in place to keep consumers safe.

4. Authenticating with Biometrics

Until now authentication on a mobile device was always a PIN. Apple viewed Touch ID as a critical asset for payments as a cardholder authentication. Within Apple Pay, consumers simply confirm a transaction with one touch. Those who prefer not to use Touch ID can revert to using a passcode.

Apple came to MasterCard with a strong vision for building a user-friendly, secure payments service that aligned with where we were focused as a company and allowed us to leverage the foundational technologies that we’d developed over the last ten years – EMV, contactless, tokenization, and DSRP. Apple knows how to deliver great user experiences, but they also respected MasterCard’s knowledge and expertise. We were able to bring insights on how consumers view payments and what elements were going to be important to ensure they view this as a secure experience representing the brands that they trust.