Let's translate them, it is not really that they want to protect users against fraud, but they want to put themselves up in the payment chain to try to secure their monopolistic position.
The goal is to go up the chain up to the bank account owner. For example you will need an app provided by Mastercard to do the 2fa, or the bank will have to use Mastercard technology/stack in their own apps and transmit more data about their users to Mastercard.
In India and other countries that skipped the credit card phase (eg. China, Vietnam, Phillipines, Indonesia, Thailand, Pakistan, Bangladesh, Kenya, etc), most non-cash payments are done directly via an e-wallet and OTP.
This is an attempt by Mastercard to try and merge that payment flow into their environment, otherwise they face a low adoption rate in growth markets across Asia and Africa.
Most vendors do not offer payment via card, and those that do will almost always also offer e-wallet as a payment method.
It’s rarely about protecting the user from fraud but more about protecting MC from fraud as they usually shoulder these costs. Replacing passwords with tokens isn’t much different to passkeys instead of passwords.
Yes this is correct and there isn’t an alternative. Worse, both MasterCard and Visa also take moral or political positions on what transactions are allowed. For example you may have trouble collecting payments for porn. A more serious example is when they banned donations to Wikileaks in 2010 [link below], as a coordinated action doing the state’s bidding. This was in response to the release of diplomatic cables, which is just plain old journalism. In my opinion, this issue of control and freedom is worse than the transactional cost.
You have a toxic mix of fraud risks, money laundering risks, and the potential risk of accidently enabling legally radioactive CSAM when supporting pornography.
This is way too much risk to bank an industry that is smaller than most other sectors.
In the Wikileaks case, the lack of redaction meant Wikileaks and its enablers could face multiple national security and espionage related charges. That is too much risk.
At the end of the day, if you are a payment processor you will have to assume liability for abetting your customers actions. And if you do not moderate well enough, as an executive your head is personally on the line for plenty of civil and even criminal charges.
While we’re at it why not get rid of MasterCard and Visa? I don’t see why a duopoly due to network effects should be allowed. It would be nice to see legislation everywhere that forces use of some open payment protocol that allows competition and choice. I personally don’t see the point of accommodating big changes in how credit cards work and not just going further to this logical step instead.
Well as I understand it, the best answer to that is a government controlled (and subsidized) entity like UPI in India, which was developed together by public banks, private banks, the govt, the reserve bank and Big Tech. For all the concerns about privacy, I'm not really concerned about my less than $2K transactions I carry out via UPI, and the cut that the companies take out of it (which right now is zero, but eventually will be charged).
Quite frankly why haven't we gotten to the point I can tap my phone against my computer to finish up a payment, or slap my EMV chip-enabled card into a reader and securely pay online that way?
Why did we just... basically skip what parts of the world rolled out? I would have loved a JP Suica/IC-card style payment system in the US where I could hook a reader into my PC and just tap-to-pay. I thought it was amazing to see Japanese people using it for Amazon purchases and on the Nintendo eShop by just tapping against the game console!
Isn’t that just what Apple Pay / Google Wallet do but with extra steps and hardware?
I can already click a Pay button on the Internet and just press a button on my watch, phone or computer to confirm the payment. Secured with my Fingerprint or FaceID.
The goal is to go up the chain up to the bank account owner. For example you will need an app provided by Mastercard to do the 2fa, or the bank will have to use Mastercard technology/stack in their own apps and transmit more data about their users to Mastercard.