Effective Date: 11/30/2022
SAFETY IS AT THE HEART OF MASTERCARD’S STORY
Our goal is to constantly protect everyone connected to Mastercard. Our mission is clear. Every day, everywhere, we use our technology and expertise to make payments and digital interactions safe, simple and smart. Whether you are a consumer, merchant, issuer, business, or a public sector organization, you can have peace of mind knowing that your safety and security is our number one priority, and central to everything that we do.
Payment technologies have never been safer, but criminals have never been smarter and they are further enabled by the shift to the digital world through digital payments and other digital interactions, which is happening at an unprecedented rate. As technology evolves, Mastercard remains at the forefront of innovation and security to stay one step ahead of criminals and keep you safe. As more devices become e-commerce devices, our priority is to ensure their security by encouraging all innovators to build in safety and security from the start, so we can better address the challenge of potential risks.
MULTIPLE LAYERS OF TECHNOLOGY PROTECT PAYMENT TRANSACTIONS AND DIGITAL INTERACTIONS
There is no silver bullet to fight fraud, so we use multiple layers of security to protect every transaction and, beyond payments, to protect customers across digital interactions. Our technologies, processes and expertise enable us to prevent, detect and resolve threats while also enhancing the experience related to payment devices and digital interactions.
We have implemented and operate at four layers to protect the payments system and our customer’s businesses:
- Prevent: Securing devices, data and networks in a coordinated manner across the industry helps reduce the risk of fraud significantly.
- Identify: We work to enhance trust, as the changing world of digital connectivity creates new obligations to securely identify individuals. Our identity solutions help us deliver a near frictionless authentication experience. We support real-time, seamless identity verification on our customers’ behalf. We offer unique personal digital identity services that can be used by both consumers and customers.
- Detect: We leverage the power of our network and our technologies to monitor transactions across the globe and identify transaction fraud, financial crime, crypto crime, and cyber threats. Our comprehensive suite of tools offered to financial institutions, merchants and other businesses can be tailored to their customer base and include everything from artificial intelligence tools designed to model and predict fraudulent scenarios, to real-time fraud scoring at the point of sale, cryptocurrency intelligence and blockchain solutions and cyber health analysis.
- Experience: The services we offer are all focused on offering the best customer and consumer experience possible – including our global $0 liability protection. We are building frictionless payment experiences and assist our customers to differentiate digital consumer offering and avoid payment declines if a consumer fails to inform the merchant about a replacement card. Cardholder lifecycle management is also a critical component we offer, which helps to provide an easier way to automatically replace cards on file when a new card is issued.
WE PROCESS PERSONAL INFORMATION FOR FRAUD PREVENTION AND MONITORING AND FOR PROVIDING CYBER SECURITY SOLUTIONS FOR OUR CUSTOMERS
For many of our fraud and security activities, we act as a data processor on behalf of and under the instructions of financial institutions and merchants. Mastercard International Incorporated and its affiliates (collectively, “Mastercard”) process various types of Personal Information, as a data controller, to protect you against fraud. If you are located in the EEA, UK or Switzerland, Mastercard Europe SA is the entity responsible for the processing of your Personal Information. “Personal Information” means any information relating to an identified or identifiable individual. This may include:
- Transaction data, fraud and authentication risk scores, transaction risk factors, risk reason codes, location data, merchant details, items purchased, information about disputed transactions and confirmed fraudulent activity.
- Certain information gathered from the blockchain, including blockchain address, other cryptocurrency transaction details and IP address.
- Certain information about you collected via automated means such as cookies and web beacons when you interact with our ads, mobile apps, or visit our websites, pages or other digital assets, such as IP address, browser type, operating system, mobile device unique identifier, geographical area, referring URLs and information on actions taken or interaction with our digital assets.
- Some of our online products and services also include advanced fraud prevention technology using behavioral data based on your device interactions, such as face ID, fingerprints, keystroke timing, scroll position and mouse-location.
- Publicly available data including information technology profile and assets of sole proprietors and cryptocurrency companies, such as domains, location data and cookies, contact details in public web pages or domain registration information, residential IP addresses in reputation lists, sanctions lists, and authorship of published intelligence about cyber security threats.
- Identity verification data such as name, address, national identification number, mobile phone number, age, and nationality.
- Fraud and risk data of sole proprietor, principal owner merchants and cryptocurrency companies, which may include name and contact information of the companies’ management personnel, and fraud reason codes.
We obtain the above categories of Personal Information from various sources: from financial institutions and merchants, from your service providers, directly from you, from third parties as detailed below or from your interaction with our digital assets.
HOW WE MAY USE YOUR PERSONAL INFORMATION
We may use your Personal Information for the purposes set out below. We will only process your Personal Information for the below purposes when we have a valid legal ground for the processing in accordance with applicable law, depending on the country in which you are located. However, please note that even though the chart below may not list consent as a legal basis for each processing activity, in some countries consent is the only or most appropriate legal basis for the processing of Personal Information, and in those countries we rely on consent for all processing activities. In certain cases, this consent may be obtained from you on our behalf by your financial institution, merchant, service provider, or another partner.
The chart below describes the processing activities for which we act as a data controller. Where we act as a data processor on behalf of financial institutions, merchants, or other partners who operate as data controllers, the financial institutions, merchants, or other partners are responsible for ensuring a valid legal ground for the data processing. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information.
|
Legal Basis for Processing (where required under applicable law)
|
- Protect you and others against fraud, cyber incidents and strengthen the cyber resilience of your operations, and manage risk exposure and franchise quality.
|
- You consented to the use of your Personal Information; or
- The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
- The processing is necessary for entering into, or performance of, a contract to which you are a party; or
- We, or a third party, have a legitimate interest in using your Personal Information for the purpose of preventing and protecting against fraud, securing our network and the payment transactions that we process.
|
- Monitor and prevent fraud, unauthorized transactions, claims and other liabilities on our payment network, as well as monitor and prevent fraud on the blockchain in relation to cryptocurrency.
|
- You consented to the use of your Personal Information; or
- The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
- The processing is necessary for entering into, or performance of, a contract to which you are a party; or
- We, or a third party, have a legitimate interest in using your Personal Information for the purpose of monitoring and preventing against fraud.
|
- Authenticate you and verify your identity.
|
- You consented to the use of your Personal Information; or
- The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
- The processing is necessary for entering into, or performance of, a contract to which you are a party; or
- We, or a third party, have a legitimate interest in using your Personal Information for the purpose of authenticating you and verifying your identity.
|
- Maintain the integrity and security of our payment networks.
|
- The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
- We, or a third party, have a legitimate interest in using your Personal Information for maintaining the integrity and security of our payment networks.
|
- Comply with legal obligations, including under applicable anti- money laundering legislation.
|
- The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
- We, or a third party, have a legitimate interest in using your Personal Information for compliance with legal obligations.
|
- Conduct internal research and development which aim at evaluating and enhancing our fraud detection, prevention, monitoring and cyber resilience operations and products.
|
- We, or a third party, have a legitimate interest in using your Personal Information for the purpose of conducting internal research and development with the aim of preventing and protecting against fraud, securing our network and the payment transactions that we process.
|
- Aggregate some of your Personal Information to create rules-based or artificial intelligence models to identify past and potential future fraud or money laundering patterns to offer advanced fraud prevention, AML and security features to financial institutions, merchants, customers and partners. We use machine learning to analyze and identify fraudulent or illegal transactions. The use of these models may lead your financial institution, merchant or service provider to make decisions whether or not to verify your identity or authorize your payment.
|
- We, or a third party, have a legitimate interest in using your Personal Information for the purpose of aggregating Personal Information and creating models to identify, prevent and protect our customers and the payment ecosystem against fraud.
|
HOW WE SHARE YOUR PERSONAL INFORMATION
We may share your data with third parties including financial institutions, identity verification service providers, fraud data service providers, government entities, utilities, public records, credit bureaus, property files, telecommunications operators, watch lists, geo-visualization service providers. We ensure that your Personal Information is only used for the above purposes subject to strict data protection and security obligations through our contracts with such third parties.
YOUR RIGHTS, HOW TO CONTACT US, AND ADDITIONAL INFORMATION ABOUT OUR PRACTICES
You have certain rights and choices regarding the Personal Information we maintain about you. For more information about your rights, to contact us, or to learn more about how we share, transfer, retain or protect your Personal Information, please read our Global Privacy Notice. You, or a party authorized to act on your behalf, can exercise your rights that are detailed in the Global Privacy Notice by emailing us at: privacyanddataprotection@mastercard.com.
This Fraud and Security Notice provides further information about certain aspects of the processing of Personal Information covered by our Global Privacy Notice. Some of the security and fraud prevention and monitoring solutions mentioned above may have their specific privacy notices. Please consult them for more information. For enquiries about your Mastercard card and your purchases, please contact your financial institution or merchant. More information about how to contact them can be found on their websites.