New technologies are helping to make card programs even more secure.

The explosive growth of online and mobile ecommerce is putting secure payment solutions in the spotlight. Retail ecommerce sales worldwide reached $2.3 trillion in 2017, an increase of almost 25 percent from the previous year.1 Similarly, global mobile commerce sales totaled $1.3 trillion in 2017, rising 40.3 percent from the previous year.1

Growth is expected to continue, particularly for mobile. In the U.S., smartphones’ share of U.S. online retail sales made up almost 32 percent.2

Playing an integral role in each of those transactions are payment solutions, especially credit cards. When people think about payment fraud, credit cards typically come to mind. But credit cards are actually the third biggest target for fraud, behind checks and wire payments.3 New security measures, such as tokenization and EMV,4 as well as enhancements to existing online fraud prevention tools like Visa Secure®5 are working to make credit card transactions more secure. As a result, card issuers who adopt the new technology are seeing a dramatic drop in fraud dollars lost, even as attempts continue.6

To understand why, it helps to explore how the technology works. Here’s a primer on how M&T Bank is using tokenization and EMV to make credit card transactions safer—both for the card issuer and the cardholder.

Tokenization helps keep card data private.

Tokenization works by replacing the sensitive payment information on a credit card, such as the 16-digit account number, with a substitute or “token”. The sensitive information is safely stored in an encrypted database, and the vendor never sees the actual credit card number.7

This is the same technology that helps keep digital wallet services such as Apple Pay®, Google Pay®, and Samsung Pay®, secure. Tokens can be used online, in stores (all the cardholder has to do is wave their device over the payment terminal) or through mobile apps.7,8 For maximum flexibility, M&T’s commercial card programs allow clients to opt out of tokenization. This allows companies to block cardholders from using digital wallets if it is against their company policy.

Tokenization reduces fraud and makes it easy to replace payment data in case of a lost or stolen mobile device. The card issuer doesn’t need to reissue another card because the number itself is not stored on the phone. All that’s been “lost” is the token and that can be reissued right away, without having to change the account number or issue another physical credit card.9

There are additional safety features as well. Tokens are limited to specific devices so the same token cannot be used on multiple mobile devices. Similar to commercial cards, tokens can also be limited to specific merchants or transaction type, further reducing the risk of unauthorized use.9

The EMV Evolution

Though widespread adoption has only started in the last decade, EMV chip cards have become the norm since 2015. In a few short years, the vast majority of ATM terminals and transactions are now using cards with chips embedded in them. There are now 3.1 million EMV Visa locations in the U.S. and nearly 500 million Visa chip cards in the U.S.10

Chips have helped to decrease counterfeit fraud at chip-enabled merchants by 82 percent in the last three years.10 M&T rolled out chip cards to our commercial cards in 2014 and saw a significant reduction in counterfeit card fraud as a result.

Counterfeit fraud, which can stem from data breaches, often at merchant locations, has become a common problem. But EMV chips, which pass a cryptogram that’s unique to each transaction, are proving extremely effective in combating this type of fraud. The chips themselves are extremely difficult for counterfeiters to replicate. Even if there’s a data breach at a merchant, only card issuers have the information needed to create chip cards that work as chip-on-chip transactions. Stealing chip data with the intent to create counterfeit chip cards is ineffective.11

EMV chips also lay a foundation for future payment solutions that include new technology involving biometrics and risk-based authentication.12

Using technology to create a safe card program.

The fast-growing online and mobile commerce markets are making secure card transactions more important than ever. With the help of tokenization and EMV, cardholders can be assured that M&T Bank is using the latest technology to cut down on fraud in the card-present environment, as well as the online and mobile marketplace.

With the success of EMV in preventing card-present counterfeit, fraudsters are now targeting card-not-present and ecommerce transactions. As a result, M&T Bank also uses Visa Secure, which uses advanced technology to help authenticate a user’s identity during an ecommerce purchase. If a user makes an unusually large purchase or uses a new device, for example, Visa Secure can help flag suspicious transactions for more attention, providing an extra layer of protection.5

M&T commercial card programs offer more than 20 different alert types, including suspicious activity notifications, which can be sent via email, SMS text, or voice.13,14,15 Program administrators can choose to send alerts to themselves, cardholders, or allow cardholders to set up their own alerts.

Download Article >

Want to learn more?

To learn more about M&T’s card program, call your relationship manager.

Disclosures

1 eMarketer Worldwide Retail and E-commerce Sales: eMarketer’s Updated Forecast and New M-commerce Estimates for 2016—2021; Published Jan. 29, 2018; Executive Summary; https://www.emarketer.com/Report/Worldwide-Retail-Ecommerce-Sales-eMarketers-Updated-Forecast-New-Mcommerce-Estimates-20162021/2002182

2 Business Insider; Mobile commerce is on the rise in the U.S. and it already accounts for most sales in several other countries; Jan. 4, 2019; https://www.businessinsider.com/mobile-commerce-drove-us-q3-ecommerce-growth-2019-1

3 Association for Financial Professionals; Payments Fraud and Control Survey; https://commercial.jpmorganchase.com/jpmpdf/1320732417358.pdf

4 Visa; Payment Security is Embedded in Everything we do; https://usa.visa.com/visa-everywhere/security/payment-security.html

5 Visa; Visa Secure; https://usa.visa.com/pay-with-visa/featured-technologies/verified-by-visa.html?ep=v_sym_verifiedbyvisa&symlinkref=https%3A%2F%2Fwww.google.com%2F

6 Visa; Chip technology has helped reduce card-present counterfeit payment fraud by 82 percent; https://usa.visa.com/visa-everywhere/blog.entry.html/2018/11/27/chip_technology_has-u1kX.html

7 Visa; All you need to know about Tokenization;
https://usa.visa.com/dam/VCOM/download/security/documents/visa-security-tokenization-infographic.pdf

8 Apple; Apple Pay; https://www.apple.com/apple-pay/

9 Visa; Tokens are good for you. Want to know why?; https://usa.visa.com/visa-everywhere/security/why-tokens-are-good-for-you.html

10 Visa; Visa Chip Card Update; https://usa.visa.com/visa-everywhere/security/visa-chip-card-stats.html

11 Visa; Visa Chip Technology Confidence in a Smarter World; https://www.visa.com/chip/personal/security/chip-technology/index.jsp

12 Visa; EMV at the Pump’ https://usa.visa.com/visa-everywhere/security/emv-at-the-pump.html

13 Suspicious activity alerts notify customers of certain potentially fraudulent activity on their M&T Debit Card. M&T Bank is not liable for any losses customers may incur due to an alert not being delivered. Alerts are designed to be a helpful account management tool, but they do not identify all potential fraudulent activity and are not a substitute for security and fraud precautions including, but not limited to, verifying statements and being aware of your outstanding payments and available balance. For your protection, “suspicious activity” and “debit card PIN change” email alerts cannot be disabled.

14 Additional data charges may apply.

15 Voice alerting only available for fraud alerts.

Apple®, the Apple logo, iPhone®, Apple Pay®, Touch ID® and Face ID® are trademarks of Apple Inc., registered in the U.S. and other countries. Google and Google Pay are trademarks of Google LLC. Samsung and Samsung Pay are registered trademarks of Samsung Electronics Co., Ltd. M&T Bank is not affiliated with, endorsed, sponsored, or otherwise authorized by Samsung Electronics Co., Ltd., Apple Inc. or Google LLC. Visa® is a registered trademark of Visa International Service Association.

All products and services are subject to eligibility and restrictions may apply. Unless otherwise specified, all advertised offers and terms and conditions of accounts and services are subject to change at any time without notice. After an account is opened or service begins, it is subject to its features, conditions and terms, which are subject to change at any time in accordance with applicable laws and agreements. Please contact an M&T representative for full details.

This article is for informational purposes only. It is not designed or intended to provide financial, tax, legal, investment, accounting, or other professional advice since such advice always requires consideration of individual circumstances. Please consult with the professionals of your choice to discuss your situation.

Awesome!

Share this page

If you are interested in sending this page to a friend or relative, please enter the following:

* Indicates required fields
+ Add another

No personal information (including e-mail addresses) about you or your friend will be collected from this e-mail notification feature offered by M&T Bank.

Please Note:

By clicking "ok" below, you will leave mtb.com and enter a Third-Party Website.

Please note that:

  • The Third-Party Website is governed by a different set of terms and conditions and privacy policy than mtb.com and you should review those terms, conditions and privacy policy prior to reviewing the content of the Third-Party Website
  • M&T is providing a link to the Third-Party Website as a convenience and does not necessarily control the content of, or endorse, the Third-Party Website, it's owner/operator or any information, products or services that are made available on or through it
  • M&T makes no representations or warranties regarding the information, products or services provided through the Third-Party Website

Such Third-Party Website's owner/operator may be regulated by governmental entities and laws that are different than those that regulate M&T.