Visa Checkout and MasterCard MasterPass: An in-depth look
Online digital wallets -- not to be confused with mobile wallets such as Apple Pay or Samsung Pay -- are growing in popularity. They allow you to store your card information, then pay via the wallet at checkout when you shop online. That can be more secure than typing your card number into various websites.
If you're tempted to try such a wallet, you should go in armed with knowledge of how they work and what the security risks are. We've taken a look at two popular digital wallets, Visa Checkout and MasterCard MasterPass.
MasterPass debuted in 2013, and Checkout quickly followed suit in 2014. Both services allow you to store your credit or debit card information (from any provider), along with billing and shipping information. MasterPass also lets you store loyalty card information.
If you're shopping online -- whether from a computer, phone or tablet -- and you see the MasterPass or Checkout symbol, you can enter your login information for whichever service you use to make a purchase, rather than entering your credit card information. That means you don't have to enter your credit card number into every site where you shop.
In this way, using MasterPass or Checkout is similar to PayPal. Unlike PayPal, though, MasterPass and Checkout will fill in your shipping and billing information at checkout as well. In addition, you may receive additional discounts when you use either service.
"What both MasterCard and Visa are trying to do here is consolidate the payment activity that they're doing online so they have a chance to inject a bit of extra security," says Eric Skinner, vice president of solutions marketing for Trend Micro, a global security software company. "It's a great opportunity for them to do more fraud protection and reinforce a more controlled checkout process."
Digital wallet safety
Of course, with any payment technology, security is a concern.
Both MasterCard's MasterPass and Visa Checkout store information on a cloud server and use tokenization. Tokenization assigns a unique account number to represent the card number during transactions, exposing no personal information, says Jason Davies, vice president of emerging payments for MasterCard.
Because your personal information isn't transferred, tokenization is a secure method of protection, says Avner Levin, director of the Privacy & Cyber Crime Institute at Ryerson University.
MasterPass also gives you the option of receiving a text message containing a one-time use security code that you must enter before a transaction can go through.
For Checkout users, a tokenized digital account number can be device-specific, meaning payments will only be allowed from that specific device, Marina Chernyak, head of retail merchant sales and solutions for Visa Canada, said in an emailed response to questions. This means if you lose a cellphone that has the Visa Checkout app installed, you can disable that device's Checkout account number. You won't have to get new payment cards, and you could still make purchases from your other Checkout-enabled devices, such as your desktop or tablet.
Visa also offers fraud-monitoring systems that use your past purchasing behaviour to determine the risk level of a transaction. And you'll get an extra security prompt from your card issuer to confirm an authorized purchase.
How to stay safe
The amount of information stored in these digital wallets makes them prime targets for hackers, but Checkout and MasterPass offer better security because of tokenization, says TrendMicro's Skinner.
Levin counters that while tokenization is secure, you're still putting your information on another platform, and the more your information is shared, the higher chance you have of it being compromised. While a hacker might not be able to break into the servers storing the credit card information, they can still look for "backdoor" database opportunities, such as employee emails.
There are other threats, too. Hackers may create fake websites to trick users in giving up their wallet's information, says Skinner. So if you choose to use these digital wallets, you still need to be careful when shopping online. Be aware of the websites you're using and verify whether they are legitimate. Look for "https" in the address bar, or the lock symbol in the address bar to confirm a secured site.
Protecting your passwords is also a critical step in your security, says Davies. This includes never sharing your password with anyone, using unique, hard-to-guess passwords and changing your password frequently.
As with many products, there's a delicate balance between security and usability, and you never end up with a perfect solution that satisfies both, says Skinner. "Customers need to consider whether the usability benefits are worth it for them," says Skinner.
Most recent All credit card news Stories
- Having 'the talk' about money with your spouse -- Building trust in a relationship means being honest about finances. Here's how to have that hard conversation ...
- Is increasing your credit limit a good idea? -- It's hard to say no to an offer to raise your credit limit -- it's often packaged too nicely to turn down, or you feel you've earned it. On the other hand, you don't want to mess with your credit score. What's the best solution? ...
- What would a world without NAFTA mean for Canadians? -- Donald Trump promised to withdraw the U.S. from NAFTA. What would this mean for Canadian consumers? ...