Effective Date: May 18, 2018

SAFETY IS AT THE HEART OF MASTERCARD’S STORY

Our goal is to constantly protect everyone connected to Mastercard. Our mission is clear. Every day, everywhere, we use our technology and expertise to make payments safe, simple and smart. Whether you are a consumer, merchant, issuer, business, or a public sector organization, you can have peace of mind knowing that your safety and security is our number one priority, and central to everything that we do.  

Payment technologies have never been safer, but criminals have never been smarter and they are further enabled by the shift to digital payments, which is happening at an unprecedented rate.  As technology evolves, Mastercard remains at the forefront of innovation and security to stay one step ahead of criminals and keep you safe.  As more devices become commerce devices, our priority is to ensure their security by encouraging all innovators to build in safety and security from the start, so we can better address the challenge of potential risks.

MULTIPLE LAYERS OF TECHNOLOGY PROTECT EACH TRANSACTION

There is no silver bullet to fight fraud, so we use multiple layers of security to protect every transaction.  Our technologies, processes and expertise enable us to prevent, detect and resolve threats while also enhancing the experience related to the payment device.

We have implemented and operate at four layers to protect the payments system: 

• Prevent: Securing devices, data and networks in a coordinated manner across the industry helps reduce the risk of fraud significantly. EMV, Identity Check, Mastercard Digital Enablement Service (MDES) and tokenization, as well as Risk Based Decisioning, are only a few examples of Mastercard’s broader efforts to fight the persistent threat of fraud.
• Identify: We work to enhance trust, as the changing world of digital connectivity creates new obligations to securely identify individuals. We launched identity verification with biometrics for mobile with our Mastercard Identity Check Mobile and for cards with the Mastercard Biometric Card. In addition, the new 3DS2.0 authentication standard and Risk Based Authentication will help us deliver near frictionless experience authentication experience.
• Detect: We leverage the power of our network to monitor transactions across the globe and identify fraud. Our comprehensive suite of network-wide tools offered to financial institutions, including issuing banks, acquirers and merchants can be tailored to their customer base and include everything from artificial intelligence tools designed to model and predict fraudulent scenarios, to real-time fraud scoring at the point of sale. Such solutions include Safety Net, EMS (Expert Monitoring Solutions), FRM (Fraud Rules Manager), Fraud Dashboard, Decision Intelligence, Early Detection System, Authorisation IQ, Gatekeeper.
• Experience:  The services we offer are all focused on offering the best customer experience possible – including our global $0 liability protection.  We are building frictionless payment experiences and assist our customers to differentiate digital consumer offering with our Mastercard Spend Alerts and to avoid payment declines if a consumer fails to inform the merchant about a replacement card through Account Continuity.   Cardholder lifecycle manager is also a critical component offer through our Account Billing Updater service, helping to provide an easier way to automatically replace cards on file when a new card is issued.

WE PROCESS PERSONAL INFORMATION FOR FRAUD PREVENTION AND MONITORING

For many of our fraud and security activities, we act as a processor on behalf of and under the instructions of financial institutions and merchants. This Fraud and Security Notice applies for the processing activities for which Mastercard is a data controller.

Mastercard International Incorporated and its affiliates (collectively, “Mastercard”) processes various types of Personal Information, as a data controller, to protect you against fraud. If you are located in the EEA or Switzerland, Mastercard Europe SA is the entity responsible for the processing of your Personal Information. “Personal Information” means any information relating to an identified or identifiable individual. This may include:  

• Transaction data, fraud and authentication scores, transaction risk factors, location data, merchant details, items purchased, information about disputed transactions and confirmed fraudulent activity.
• Certain information about you collected via automated means such as cookies and web beacons when you interact with our ads, mobile apps, or visit our websites, pages or other digital assets, such as IP address, browser type, operating system, mobile device unique identifier, geographical area, referring URLs and information on actions taken or interaction with our digital assets.
• Some of our online products and services also include advanced fraud prevention technology using behavioral-based data, such as keystroke timing, scroll position and mouse-location.

We obtain the above categories of Personal Information from various sources: from financial institutions and merchants, directly from you, from third parties as detailed below or from your interaction with our digital assets.

HOW WE MAY USE YOUR PERSONAL INFORMATION

We may use your Personal Information to protect you against, monitor and prevent fraud, unauthorized transactions, claims and other liabilities, authenticate you and manage risk exposure and franchise quality with respect to the integrity and security of our payments networks.  We also aggregate some of your Personal Information to create models to identify past and potential future fraud patterns and offer advanced fraud and security features to financial institutions, merchants, customers and partners.  The use of these fraud models may lead your financial institution or merchant to make decisions as to whether or not to authorize a transaction, or not to grant you access to a product or service, to the extent such automated decision-making is permitted by law.

We may share your data with third parties including identity verification services, fraud data service providers, government entities, utilities, public records, credit bureaus, property files, telecommunications operators, watch lists, geovisualization service providers. We ensure that your Personal Information is only used for the above purposes subject to strict data protection and security obligations through our contracts with such third parties.

We will only process your Personal Information for the above purposes when we have a valid legal ground for the processing. If you are located in the EEA, such legal ground is provided by the legitimate interest that we, or a third party, have in using your Personal Information, including to prevent and protect against fraud, and secure our network and the payment transactions that we process. In addition, our fraud prevention, monitoring and authentication activities may be necessary to comply with legal obligations. We may also process your Personal Information as necessary to provide you with a requested product or service that protects against fraud. Where required under applicable law, we obtain your consent for processing your Personal Information, including for the collection of your Personal Information via the above automated means.

Where we act as a data processor on behalf of financial institutions and merchants, as the data controllers, the financial institutions and merchants are responsible for ensuring a valid legal ground for the data processing. Please refer to their respective privacy policy for more information regarding the processing of your Personal Information.

YOUR RIGHTS, HOW TO CONTACT US, AND ADDITIONAL INFORMATION ABOUT OUR PRACTICES

You have certain rights and choices regarding the Personal Information we maintain about you. This webpage details certain aspects of our Global Privacy Notice for more information about your rights, to contact us, or to learn more about how we share, transfer or protect your Personal Information, please read our Global Privacy Notice.

Some of the security and fraud prevention and monitoring solutions mentioned above may have their specific privacy notices.  Please consult them for more information.  For enquiries about your Mastercard card and your purchase, please contact your financial institution or merchant. More information about how to contact them can be found on their websites.