Securing Credit Data

They didn't invent any technology, but MasterCard, Visa and American Express have been pioneering power users, building fortresses of secured customer data.

Nine million miles of communication lines, 85TB of data and a system architecture capable of processing more transactions in one hour than all the stock exchanges in the world handle in one day. That's only part of what it takes Visa International Inc. to deliver on its global promise to be "everywhere you want to be."

There are also fortresslike data centers, massive storage arrays, multiple layers of redundancy and fully mirrored operations. "I'd be surprised if there are more than one or two other companies where the brand promise has been fulfilled to such an extent by the use of information technology," says Visa CIO Scott Thompson. "It's just a very profound statement on how important technology has been to Visa and to our brand."

His point is well taken. Few industries have benefited more from -- or taken better advantage of - technology than credit card companies, including Visa, MasterCard International Inc. and American Express Co.

A quick look at how credit card companies authorize, clear and settle transactions shows just how far technology has moved the industry since Diners Club International Ltd. and New York-based Amex introduced the first major universal credit cards in 1958.

A New age

When consumers first began widely using credit cards in the mid- to late-1970s, they had to wait patiently while the merchant rang up the credit card company, read the account number and got an authorization code clearing the purchase.

For small purchases, the merchant would thumb through books containing lists of bad cards. And transactions were cleared using paper receipts and card imprints.

The primary technological challenge in the early days was to move everything from an off-line world to a real-time electronic authorization and settlement system, says Rob Reeg, senior vice president of systems development at Purchase, N.Y.-based MasterCard. And that meant building a network connecting merchants, their banks and credit card-issuing banks. It meant having some kind of point-of-sale technology capable of capturing credit card information, zapping it over the network and getting the needed authorization back to the merchant.

"For its time, it was a very complex undertaking, in terms of the business relationships that had to be supported through the use of technology," says Chuck Hieronymi, a senior vice president at MasterCard's Global Technology Operations.

Today, much of the processing happens in milliseconds. MasterCard's Banknet and Visa's VisaNet are among the world's largest communications networks. VisaNet is capable of processing up to $60 million in transactions per hour, or more than $1 trillion in global payments annually.

In terms of transaction speeds, Foster City, Calif.-based Visa's clearing system can fly through as many as 4,000 authorization messages per second, or more than 100 billion transactions annually. Operations that used to take nearly a whole minute in the mid-1970s are processed by credit card networks in less than two seconds, on average.

The staggering transaction volumes, lightning-fast processing times, dead-on accuracy and nonstop reliability of these networks are a far cry from the early days, says Jim Van Dyke, an analyst at Javelin Strategy and Research Inc. in Pleasanton, Calif.

"What goes on behind the scenes today is simply amazing," he says.

Big Requirements

For instance, the use of magnetic stripe technology, available since the early 1970s, for storing customer account information, and the growing use of electronic point-of-sale terminals starting in the early 1980s, revolutionized the manner in which credit cards were accepted and authorized.

Similarly, credit card companies have been good at taking advantage of bigger, faster and cooler mainframes, as well as Unix servers, IP-based networks, intelligent routing technologies, storage networking and nonstop, fault-tolerant computers to provide much of the raw horsepower needed to support their networks. VisaNet, for instance, comprises 25 large mainframes and more than 230 midrange systems running more than 50 million lines of code - 2 million to 3 million lines of which are modified annually.

"Over the years, some of the most stringent requirements for performance and reliability have come from credit card companies," says Avivah Litan, an analyst at Gartner Inc. in Stamford, Conn.

In terms of business continuity and disaster recovery -- areas that have come to the forefront since last September's terrorist attacks -- "credit card companies have probably the best facilities after the Department of Defense," Litan says.

Zero Downtime

Both MasterCard and Visa have data centers that are fortified against a variety of natural and man-made disasters. Everything from power grids and standby power supplies to individual systems, processes, networks and entire data centers are backed up - sometimes multiple times, not just at domestic locations but at international ones as well.

As a result of such measures, Visa has had a total of eight minutes of unplanned downtime in the past five years.

"It takes a very special talent, skill and mind-set to do that," says Thompson, whose goal is to push the eight minutes of downtime down to zero, because "there really is not a single moment any day when we can take our systems down."

Credit card companies have also been especially adept at using technology to detect and manage fraud, says Javelin Strategy's Van Dyke.

Technologies such as neural networking, artificial intelligence and pattern recognition have helped to dramatically reduce the fraud that was once almost considered the cost of doing business at these companies, Litan says.

Credit card fraud today accounts for less than 0.06% of all transactions -- 15 to 18 times lower than the rate was about 10 years ago, says Litan.

The ubiquity of automated teller machines, magnetic stripes and tamper-resistant signature strips have all been driven by credit card companies. Similarly, fault-tolerant computing technologies and standards relating to data exchange, consumer-risk rating and fraud detection have benefited enormously from credit card companies, analysts say.


Going forward, expect to see more of the same kind of innovation - but on a much broader scale.

For one thing, credit card use is booming. In 2001, credit and debit cards represented 26.4% of all consumer payments in the U.S., up from 18.5% in 1994, according to Visa's estimates. During the same period, the use of bank checks for making payments dropped below 50% from 57%, while cash payments slipped from 18.6% to 16.4%.

The growth of the Internet and the use of wireless technologies for credit card and bank transactions have introduced new "layers of complexity," even as they have opened up new opportunities, Thompson says.

"It is an evolution in how and where payment transactions can occur," says MasterCard's Reeg.

As a result, networks such as VisaNet and Banknet are being upgraded and adapted to support a wide range of electronic payments through the Internet and various mobile devices.

Expect to see credit card companies move into the "people-to-people" online payment market, where individuals pay each other directly for purchases made -- for instance, at an online auction, Van Dyke says. Telecommunications companies and upstarts such as PayPal Inc. in Mountain View, Calif., have taken an early lead in this potentially huge market, he says.

"I can imagine a scenario not too far from now where, from a technology perspective, we are going to have to double the capacity and the number of transactions per second supported by our network," Thompson says.


Copyright © 2002 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon