MasterCard's Digital Identity Verification

Table of Contents

1. Can Digital Identity Prevent Chargebacks?
2. What is MasterCard's Vision for Digital Identity?
3. What Will the Digital Identity Program Involve?
4. But How Does Digital Identity Actually Work?
5. What Other Effects Might Digital Identity Have?
6. What Is Your Digital Identity?
7. What Are The Components of a Digital Identity?

When you’re trying to prevent credit card fraud, one of the key challenges is answering a deceptively simple question: how do you know that the cardholder is who they say they are? In a card-present transaction, you can make use of PINs, EMV chips, and government-issued identification verified by human eyes. Online, in the card-not-present world of eCommerce, it’s less easy. Security tools can interrupt transactions to interrogate the cardholder to prove their identity, but this is an inelegant and frequently off-putting solution. While third party offerings have done much to tame the eCommerce landscape, sometimes it takes action from the major card networks to solve the biggest challenges. Could it be that MasterCard has found an answer to the problem of verifying digital identities?

Back in March of 2019, MasterCard presented a consumer-centered framework for establishing and managing digital identity in a paper titled Restoring Trust in a Digital World. Last year, they announced their plans to begin testing a pilot program for real world applications of their model for digital identity.

In April, MasterCard announced it is acquiring Ekata, a company that uses machine learning to enhance identity verification, in order to further support its digital identity program. The deal is expected to be finalized sometime this fall.

Once in place, a standardized global system for verifying cardholder identities could be quite the game changer where chargebacks are concerned. Not only would a better system for identity verification close up many of the authentication loopholes through which true fraud is perpetrated, it would make it much more difficult for cardholders to get away with "friendly fraud" by falsely claiming that they didn't authorize the purchase.

Can Digital Identity Prevent Chargebacks?

Many friendly fraud disputes are escalated to chargebacks because existing identity verification methods are imprecise and leave some margin of error that allow cardholders to argue that otherwise valid-looking transactions weren’t really made by them. These sub-optimal processes remain in place because merchants believe that more demanding verification methods (such as two-factor authentication) lead to abandoned shopping carts and lost sales.

This belief isn't without reason, either. Research has shown that just about every obstacle, however minor, in between a customer and the checkout process increases the likelihood of shopping card abandonment. This is one of the reasons why many major eCommerce businesses, such as Amazon, have implemented one-click checkout, despite the fact that it can lead to an increase in chargebacks.

This leaves merchants in a catch-22 situation: tighten up verification methods and lose customers, or keep things as they are and deal with the resulting chargebacks.

MasterCard is proposing nothing less than a paradigm shift in the way we handle individual identity online, and the ramifications could be huge.

As merchants who've survived other technological revolutions can tell you, however, every big change brings with it unintended consequences. Will MasterCard's vision for digital identity stop the credit card thieves and friendly fraudsters, or will it expose merchants to an entirely new set of challenges? It’s far too soon to tell, but we can take a closer look at what MasterCard has planned for their pilot program and see how the details of their new model for digital identity will impact merchants.

What is MasterCard's Vision for Digital Identity?

Before we get into the nitty-gritty details of MasterCard's pilot program, let’s review the guiding principles of its vision for digital identity. As outlined in Restoring Trust in a Digital World, MasterCard is starting from the premise that having control and ownership over your digital identity is a fundamental individual right.

Following from that, they determined that any workable scheme for digital identity management should be inclusive, simple and intuitive to use, confidential, and transparent. The individual should own their own digital identity and personal data, their right to confidentiality and privacy must be protected, and their consent should be sought before using or sharing their personal data.

Entities that make use of that data should practice transparency, maintain high levels of cybersecurity, and use personal data only for fair and non-discriminatory purposes. Under MasterCard's model, individuals would have the right to access, correct, and delete their personal identity data, and would be able to choose their digital identity provider or opt out of the system entirely.

For those familiar with the policies of major data-gatherers like Facebook, this may seem like a radically consumer-oriented approach, but it makes sense for MasterCard to take this approach for two reasons.

First, unlike companies like Facebook and Google, which harvest massive amounts of consumer information to sell to advertisers, MasterCard's business model isn't built on selling information. Its primary interest in collecting customer data is facilitating transactions and reducing fraud. Thus, it benefits MasterCard to assuage public fears about the collection of personal information as much as possible. Limiting what it can do with that data and giving customers more control over their information can increase public trust in the program without significantly impacting MasterCard's bottom line.

Second, data privacy ownership is increasingly a topic of public concern, and many countries, particularly those in the EU, have already taken action on data rights. Its likely that regulations around data-collection and storage will only get tighter in the future, so building a digital identity program that places customer rights at the forefront makes sense from a future-proofing perspective as well. MasterCard doesn't want to invest years of time and money into the program only to find it legislated out of existence.

What Will the Digital Identity Program Involve?

The program is being launched in Australia, in cooperation with Australia Post and Deakin University. Two separate initiatives will test out the system’s functionality.

In the first phase of the test, Deakin University used MasterCard's digital identity verification system in their student registration process and online exams. Instead of relying on obsolete identification methods like single-factor passwords or cross-referencing numbers from government-issued ID documents, students log in to the university’s registration and exam servers through MasterCard's system.

In addition to this, MasterCard integrated their methodology with Australia Post’s existing digital ID system, giving users new options for logging in and identifying themselves in order to access postal products and services online.

After these successful tests, MasterCard expanded the testing stage to Australian telecom Optus and Lumedic Exchange, among others.

But How Does Digital Identity Actually Work? 

The essential concept of MasterCard's model is that digital identity resides with its owner, not in the database of some external, centralized authority.

To verify a user’s identity, the system relies upon a distributed network of trusted sources, combined with information residing in the user’s own internet-connected device, to validate that they are who they say they are.

The outside sources queried might include banks, government agencies, or other participating organizations that can authenticate unique personal data.

MasterCard wants to avoid aggregating identity data—the system isn’t designed to add to an ever-increasing stack of identifying data that follows users around, but rather to minimize the amount of data that gets shared and exchanged and use only as much as is needed to verify identity. The goal is to protect the user’s privacy at every step in the process and ensure that they understand and consent to the ways in which their data will be utilized.

What Other Effects Might Digital Identity Have?

MasterCard's plan looks promising, and it certainly seems to be built upon a foundation of pro-privacy values that should make it appealing to consumers. Adopting this new method of digital identity verification will not only help to reduce fraud and identity theft, it could also create a plethora of opportunities for seamless shopping and banking, streamlined account management, and greater accessibility to a wide range of online services.

Access to government systems and other online services that require a high level of security could be greatly improved, as many currently protect their users’ data by employing burdensome ad hoc identity verification procedures that many users find too much of a hassle to bother with.

Once again, we’re cautiously cheering on a big card network’s attempts at bold innovation, and we’re optimistic that if their plan takes hold, merchants will see a reduction in chargebacks and other benefits.

FAQ