Visa Checkout and MasterCard MasterPass: An in-depth look

Online digital wallets -- not to be confused with mobile wallets such as Apple Pay or Samsung Pay -- are growing in popularity. They allow you to store your card information, then pay via the wallet at checkout when you shop online. That can be more secure than typing your card number into various websites.

If you're tempted to try such a wallet, you should go in armed with knowledge of how they work and what the security risks are. We've taken a look at two popular digital wallets, Visa Checkout and MasterCard MasterPass.

MasterPass debuted in 2013, and Checkout quickly followed suit in 2014. Both services allow you to store your credit or debit card information (from any provider), along with billing and shipping information. MasterPass also lets you store loyalty card

If you're shopping online -- whether from a computer, phone or tablet -- and you see the MasterPass or Checkout symbol, you can enter your login information for whichever service you use to make a purchase, rather than entering your credit card information. That means you don't have to enter your credit card number into every site where you shop.

In this way, using MasterPass or Checkout is similar to PayPal. Unlike PayPal, though, MasterPass and Checkout will fill in your shipping and billing information at checkout as well. In addition, you may receive additional discounts when you use either service.

"What both MasterCard and Visa are trying to do here is consolidate the payment activity that they're doing online so they have a chance to inject a bit of extra security," says Eric Skinner, vice president of solutions marketing for Trend Micro, a global security software company. "It's a great opportunity for them to do more fraud protection and reinforce a more controlled checkout process."

Digital wallet safety
Of course, with any payment technology, security is a concern.

Both MasterCard's MasterPass and Visa Checkout store information on a cloud server and use tokenization. Tokenization assigns a unique account number to represent the card number during transactions, exposing no personal information, says Jason Davies, vice president of emerging payments for MasterCard.

Because your personal information isn't transferred, tokenization is a secure method of protection, says Avner Levin, director of the Privacy & Cyber Crime Institute at Ryerson University.

MasterPass also gives you the option of receiving a text message containing a one-time use security code that you must enter before a transaction can go through.

For Checkout users, a tokenized digital account number can be device-specific, meaning payments will only be allowed from that specific device, Marina Chernyak, head of retail merchant sales and solutions for Visa Canada, said in an emailed response to questions. This means if you lose a cellphone that has the Visa Checkout app installed, you can disable that device's Checkout account number. You won't have to get new payment cards, and you could still make purchases from your other Checkout-enabled devices, such as your desktop or tablet.

Visa also offers fraud-monitoring systems that use your past purchasing behaviour to determine the risk level of a transaction. And you'll get an extra security prompt from your card issuer to confirm an authorized purchase.

How to stay safe
The amount of information stored in these digital wallets makes them prime targets for hackers, but Checkout and MasterPass offer better security because of tokenization, says TrendMicro's Skinner.

Levin counters that while tokenization is secure, you're still putting your information on another platform, and the more your information is shared, the higher chance you have of it being compromised. While a hacker might not be able to break into the servers storing the credit card information, they can still look for "backdoor" database opportunities, such as employee emails.

There are other threats, too. Hackers may create fake websites to trick users in giving up their wallet's information, says Skinner. So if you choose to use these digital wallets, you still need to be careful when shopping online. Be aware of the websites you're using and verify whether they are legitimate. Look for "https" in the address bar, or the lock symbol in the address bar to confirm a secured site.

Protecting your passwords is also a critical step in your security, says Davies. This includes never sharing your password with anyone, using unique, hard-to-guess passwords and changing your password frequently.

As with many products, there's a delicate balance between security and usability, and you never end up with a perfect solution that satisfies both, says Skinner. "Customers need to consider whether the usability benefits are worth it for them," says Skinner.

See related: Mobile banking trends help branchless banks evolve; 3 common online financial security mistakes for young adults; Canadian banks integrate Apple Pay; Samsung Pay on the way


Published August 26, 2016

Most recent All credit card news Stories