MasterCard joins the other two dominant card brands in announcing an acquisition of a fraud mitigation technology company. MasterCard announced today their acquisition of Nudata Security, an ecommerce and online banking fraud detection named by Gartner as a “Cool Vendor” in 2015. See MasterCard acquires NuData Security.
This announcement follows Amex’s and Visa’s December 2016 announcements of their respective acquisitions of inAuth and Cardinal Commerce, two innovative mobile and online authentication and fraud detection vendors. (Unlike the companies Amex and Visa acquired, NuData has been focused on back end fraud detection and not also on front end user authentication involving user credentials).
This series of acquisition announcements is totally reminiscent of the three card brands’ 2010 acquisitions of new breed (at the time) merchant epayment gateway and online fraud detection companies: Visa acquired Cybersource, Amex acquired Accertify and MasterCard acquired DataCash. These three card brand acquisitions were all announced within months of each other, just like the acquisition round this time.
So what is the impetus for the acquisitions? PSD2
Frankly, it is very similar to the past round — motivated this time I think by renewed dis-intermediation threats posed by PSD2, a payments/authentication mandate that is rolling out across Europe in 2018. In that sense, market dynamics are very similar seven years later after 2010, when card brands were threatened by emerging mobile payment players. To their credit, the card brands have managed to retain their stronghold in electronic payments over this period. But will things be different this time around?
Just to repeat our slightly updated 2010 analysis, which I think is still relevant (see Amex follows Visa and MasterCard and buys a Merchant Ecommerce Vendor ):
The card brands and the banks that issue credit and debit cards are seriously concerned that new alternative payment methods — for example potentially lower- cost secure payments enabled by PSD2 in Europe — will erode their monopoly-like hold on the electronic consumer payments market.
By acquiring vendors that service banks and merchants directly and who enable ‘safer’ epayments, the card brands likely believe they will be able to use these value adding services to retain their foothold and stronghold with the all-important payment acceptors and issuers. These players can help drive consumer choice at the payment user interface level so that consumers choose more of the plastic payment cards and less of the alternative emerging payments.
Safe and secure payments are surely VERY important, but I think the main driver for merchant payment preferences is lower merchant rates — period. That goes straight to their bottom line. On the consumer side, consumers have and will always been driven by convenience, strong financial protections, loyalty programs and responsive service.
All of these factors are what alternative payment players are going to try to provide — and if they additionally offer payments at lower prices to merchants, they will likely take market share away from the entrenched card brand giants.
The card brands each bought very innovative vendors – distinct from one another in their value proposition but who commonly understand how to fight online and mobile payments fraud. They have each generally developed advanced methods to stop it. The rest of the security market has a lot to learn from these acquired vendors in terms of advanced analytics and continuous transaction risk assessments. It’s good to see the card brands rise to the occasion by injecting innovative security into their product suites.
However, great security alone may not be enough to retain the business. Changes being driven by EU regulators and PSD2 could very well shake up the market and significantly reduce the card brands’ stronghold, at least in Europe. In a sense, that’s the intention of the new law – i.e. freeing up the market and making it easier to innovate new ways of making payments. Running payments through central controlling networks does seem a bit archaic in this day and age, though as a consumer card holder, I must admit I love the protections and safety it affords.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.