Behind Mastercard’s approach to data security and privacy

Fingerprint scan (Photo credit: Flickr / CPOA)

Mastercard has unveiled a series of principles that underline its approach to data security and privacy.

In a report about global data responsibility, the payments company outlined six guiding principles that companies can abide by when protecting their customers’ data. Mastercard’s principles include security and privacy, transparency and control, accountability, integrity, innovation, and social impact.  

The principles are based on research it carried out on consumer perceptions on how financial institutions protect customer data. The survey was conducted with 2,487 individuals and 830 business leaders across the world in Brazil, Germany, India, Spain and the United States from July to August 2019.  

JoAnn Stonier, chief data officer at Mastercard explained that the principles give the payments company a framework for expanding or rolling out new digital capabilities.

“Consumers want to trust the organizations that they give data to and so MasterCard wants to step forward. Security is core to operating our network,” she said. “The next step in the journey is saying, what are the data practices that you want to espouse as you innovate.” 

See also: How RBC Capital Markets revamped its data management efforts

According to Mastercard’s survey, only 26% of customers believed that financial institutions were doing a good job at handling user data. If a company used the data responsibility principles when protecting a customer’s personal data, more than 90% of consumers would trust that particular company. However, only a fourth of customers believe that companies are able to deliver on those principles, suggesting that users are unsure about data safety.

In order to implement the principles, Mastercard is expanding its data portal for cardholders which is called “My Data Portal.” Through it, cardholders in Europe can review their personal data repository and make changes to it under certain circumstances. Mastercard is currently working on expanding it to all of the markets in which it operates. Its goal is to make it available to cardholders outside of the EU by 2020, according to Stonier.

Mastercard isn’t alone among financial institutions that are giving customers more control over their data. For example, one year ago, Wells Fargo rolled out its “Control Tower” platform which gives customers access to how their data is being used and offers opportunities to make changes.

The Mastercard data portal, according to the company, was launched for European cardholders due to the EU’s open banking regulations, specifically the PSD2 deadline last September which required institutions to open up account information via APIs to third parties. Mastercard stated that by expanding the My Data portal to all cardholders, this puts it ahead of regulations the company believes will eventually spread to other jurisdictions.

Ultimately, Mastercard wants to set an example on good data usage practices and hopes that its moves will incentivize other companies to do the same.

“If other companies align with us on best practices, it will make our operations more efficient,” Stonier said. “More individuals will trust our network, our partners. There’s a mutual benefit for Mastercard, our partners, and hopefully society.” 

Bank Innovation Build, on Nov. 6-7 in Atlanta, helps attendees understand how to “do” innovation better. It is designed to offer best practices, to guide the innovation professional to better results. Register here