Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management ITU Workshop on "Digital Financial Services and Financial Inclusion“ (Geneva, Switzerland, 4 December 2014)

Geneva, Switzerland, 4 December What do most criminals want? Primary Account Data Mag stripe Track 1 + Track 2 data PAN, User Name, Expiry date, CVC1 CVC2 Personal Identification Number (PIN) Personal data

Geneva, Switzerland, 4 December Where is the data? Point of Sale (POS) system Back of House Server (BOH) In Transit

4 Traditional “Four-Party” Model Depiction Issuer Cardholder Merchant Acquirer Goods and Services Statement Transaction Third Parties

July 3, 2015 Page 5 Emerging Trends Technology – Cloud, Mobile New types of entities that we have never worked with before They don’t know us and we don’t know them They don’t understand the rules of the game, Regulation/AML/OFAC/Customer Risk/Fraud Risk appetites are very different

6 Transition to Today’s “n-Party” Model Merchant Issuer Cardholder Acquirer 3 rd -Party Processor Member Service Provider (TPP MSP) 3 rd -Party Processor Member Service Provider (TPP MSP) Independent Sales Organizations (ISO) “Merchant” Types and Devices Data Storage Entity (DSE) 3 rd -Party Processor Member Service Provider (TPP MSP) 3 rd -Party Processor Member Service Provider (TPP MSP)

 Define the Rules  Develop and evolve the rules  Roles and Responsibilities of the various stakeholders  Balanced consideration of all interests Standards Licensing  Allows the licensee to use the brand  Ensures customer is legal, regulated, compliant during on boarding.  Licensee agrees to comply with the MasterCard standards  The Licensee registers all the relevant parties  MasterCard knows who is involved in the payment Eco system Registration Franchise Development  Integrity of the network – Compliance Program – Global Quality Analytics – Dispute Resolution Management  Global interoperability between anonymous parties Compliance 4

Measures of Safety Credential Management: How the payment credentials are protected -Typically measured by: 1.Who provisioned the credentials? 2.What credentials were provisioned? 3.Where were the credentials stored? Transaction Strength: How we maintain authenticity in the transmission of payment information -Typically measured by: 1.How was the cardholder authenticated / identified? 2.Was dynamic data used in the transaction?

1. Strong device authentication for “Face-to-face” and “Remote” 2. Strong and easy-to-use consumer authentication 3. Payment credentials under control of cardholder regardless of use case 4. Hardware and software methodologies supported 5. Dynamic data in all transactions 6. Issuer liable (by and large) converged paradigm to address the digital era Higher quality, safer and more secure transactions Migration of transactions to the devices that consumers’ prefer Seamless integration of payment into high value digital assets – Merchant shopping apps – Mobile banking applications Improved Consumer Experience New Converged ParadigmBenefits

Tokenization – Provided through the MaDigital Enablement Service (MDES) TokenizationDigitization Of a consumer’s payment card credentials Tokenization is the replacement of a consumer card’s primary account number (PAN) with an alternative card number Digitization is the process to deliver “tokenized” card details to mobile devices or servers for more secure payments

Apple Pay is a full implementation new converged paradigm Contactless (EMV) In-app (EMV Over Internet)

…that’s it!