Effective Date: 11/30/2022
SAFETY IS AT THE HEART OF MASTERCARD’S STORY
Our goal is to constantly protect everyone connected to Mastercard. Our mission is clear. Every day, everywhere, we use our technology and expertise to make payments and digital interactions safe, simple and smart. Whether you are a consumer, merchant, issuer, business, or a public sector organization, you can have peace of mind knowing that your safety and security is our number one priority, and central to everything that we do.
Payment technologies have never been safer, but criminals have never been smarter and they are further enabled by the shift to the digital world through digital payments and other digital interactions, which is happening at an unprecedented rate. As technology evolves, Mastercard remains at the forefront of innovation and security to stay one step ahead of criminals and keep you safe. As more devices become e-commerce devices, our priority is to ensure their security by encouraging all innovators to build in safety and security from the start, so we can better address the challenge of potential risks.
MULTIPLE LAYERS OF TECHNOLOGY PROTECT PAYMENT TRANSACTIONS AND DIGITAL INTERACTIONS
There is no silver bullet to fight fraud, so we use multiple layers of security to protect every transaction and, beyond payments, to protect customers across digital interactions. Our technologies, processes and expertise enable us to prevent, detect and resolve threats while also enhancing the experience related to payment devices and digital interactions.
We have implemented and operate at four layers to protect the payments system and our customer’s businesses:
- Prevent: Securing devices, data and networks in a coordinated manner across the industry helps reduce the risk of fraud significantly.
- Identify: We work to enhance trust, as the changing world of digital connectivity creates new obligations to securely identify individuals. Our identity solutions help us deliver a near frictionless authentication experience. We support real-time, seamless identity verification on our customers’ behalf. We offer unique personal digital identity services that can be used by both consumers and customers.
- Detect: We leverage the power of our network and our technologies to monitor transactions across the globe and identify transaction fraud, financial crime, crypto crime, and cyber threats. Our comprehensive suite of tools offered to financial institutions, merchants and other businesses can be tailored to their customer base and include everything from artificial intelligence tools designed to model and predict fraudulent scenarios, to real-time fraud scoring at the point of sale, cryptocurrency intelligence and blockchain solutions and cyber health analysis.
- Experience: The services we offer are all focused on offering the best customer and consumer experience possible – including our global $0 liability protection. We are building frictionless payment experiences and assist our customers to differentiate digital consumer offering and avoid payment declines if a consumer fails to inform the merchant about a replacement card. Cardholder lifecycle management is also a critical component we offer, which helps to provide an easier way to automatically replace cards on file when a new card is issued.
WE PROCESS PERSONAL INFORMATION FOR FRAUD PREVENTION AND MONITORING AND FOR PROVIDING CYBER SECURITY SOLUTIONS FOR OUR CUSTOMERS
For many of our fraud and security activities, we act as a data processor on behalf of and under the instructions of financial institutions and merchants. Mastercard International Incorporated and its affiliates (collectively, “Mastercard”) process various types of Personal Information, as a data controller, to protect you against fraud. If you are located in the EEA, UK or Switzerland, Mastercard Europe SA is the entity responsible for the processing of your Personal Information. “Personal Information” means any information relating to an identified or identifiable individual. This may include:
- Transaction data, fraud and authentication risk scores, transaction risk factors, risk reason codes, location data, merchant details, items purchased, information about disputed transactions and confirmed fraudulent activity.
- Certain information gathered from the blockchain, including blockchain address, other cryptocurrency transaction details and IP address.
- Certain information about you collected via automated means such as cookies and web beacons when you interact with our ads, mobile apps, or visit our websites, pages or other digital assets, such as IP address, browser type, operating system, mobile device unique identifier, geographical area, referring URLs and information on actions taken or interaction with our digital assets.
- Some of our online products and services also include advanced fraud prevention technology using behavioral data based on your device interactions, such as face ID, fingerprints, keystroke timing, scroll position and mouse-location.
- Publicly available data including information technology profile and assets of sole proprietors and cryptocurrency companies, such as domains, location data and cookies, contact details in public web pages or domain registration information, residential IP addresses in reputation lists, sanctions lists, and authorship of published intelligence about cyber security threats.
- Identity verification data such as name, address, national identification number, mobile phone number, age, and nationality.
- Fraud and risk data of sole proprietor, principal owner merchants and cryptocurrency companies, which may include name and contact information of the companies’ management personnel, and fraud reason codes.
We obtain the above categories of Personal Information from various sources: from financial institutions and merchants, from your service providers, directly from you, from third parties as detailed below or from your interaction with our digital assets.
HOW WE MAY USE YOUR PERSONAL INFORMATION
We may use your Personal Information for the purposes set out below. We will only process your Personal Information for the below purposes when we have a valid legal ground for the processing in accordance with applicable law, depending on the country in which you are located. However, please note that even though the chart below may not list consent as a legal basis for each processing activity, in some countries consent is the only or most appropriate legal basis for the processing of Personal Information, and in those countries we rely on consent for all processing activities. In certain cases, this consent may be obtained from you on our behalf by your financial institution, merchant, service provider, or another partner.
The chart below describes the processing activities for which we act as a data controller. Where we act as a data processor on behalf of financial institutions, merchants, or other partners who operate as data controllers, the financial institutions, merchants, or other partners are responsible for ensuring a valid legal ground for the data processing. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HOW WE SHARE YOUR PERSONAL INFORMATION
We may share your data with third parties including financial institutions, identity verification service providers, fraud data service providers, government entities, utilities, public records, credit bureaus, property files, telecommunications operators, watch lists, geo-visualization service providers. We ensure that your Personal Information is only used for the above purposes subject to strict data protection and security obligations through our contracts with such third parties.
YOUR RIGHTS, HOW TO CONTACT US, AND ADDITIONAL INFORMATION ABOUT OUR PRACTICES
You have certain rights and choices regarding the Personal Information we maintain about you. For more information about your rights, to contact us, or to learn more about how we share, transfer, retain or protect your Personal Information, please read our Global Privacy Notice. You, or a party authorized to act on your behalf, can exercise your rights that are detailed in the Global Privacy Notice by emailing us at: privacyanddataprotection@mastercard.com.
This Fraud and Security Notice provides further information about certain aspects of the processing of Personal Information covered by our Global Privacy Notice. Some of the security and fraud prevention and monitoring solutions mentioned above may have their specific privacy notices. Please consult them for more information. For enquiries about your Mastercard card and your purchases, please contact your financial institution or merchant. More information about how to contact them can be found on their websites.