FTC Orders MA to Detokenize

Posted on by

Short blog

Today the FTC issued an order to Mastercard to Detokenize eCom transactions (detailed order here)

Analysis

  • Expected. Both Visa and Mastercard allow for approved processors to detokenize card present transactions. Visa also allows for detokenization of eCom transactions, MA does not. While we don’t know specifics, it is likely MA’s resistance is NOT technical but rather due to the fact that they provide a liability shift for all tokenized transactions globally. Visa does not provide a liability shift for eCom in the US.
  • MA’s US debit volume is very low (est <20% that of Visa), and tokenized debit is also very low at less than 5% of MA US debit volume (ApplePay, plus merchants that have tokenized debit COF for eCom)
  • I see no impact to debit GDV for either MA or V
  • The real impact will be to force open tokenization, which will increase industry fraud.
  • A more innovative approach would be to give processors wishing to detokenize a pseudo PAN that they can used in PIN networks to keep the FPAN from leaking in fraud vectors.

Please Login to Comment.