First, I called my credit union. I asked them, it looks like MasterPass is only usable online, and not in stores, is that correct? True. So, that doesn't help me at all with my concerns - what I want is a solution where they have thought out the various ways in which people steal your payment information, and prevent them. This is NOT it.
Then, I asked them the big one: when I make a purchase, does the merchant get my payment information (card number, expiration date, security code, and name)? Or, do they get a unique transaction ID that can only be used once, and doesn't identify me? They didn't know. After about half an hour, going between on hold, and checking sources, he gave me the MasterPass Fraud number, 877-219-5053.
Interestingly enough, when I called them, even they didn't know the answers to these basic questions about how it works - they had to put me on hold, and find out. That, to me, is an indication that I don't want to do business with them. But, they did get me the answer.
Here's what MasterPass really is:
- This is an e-Wallet software
- It adds layers of security protocols, but no real security, on identifying who you are before you make the purchase. But, that is not when identity theft occurs - it always occurs after you make the purchase.
- Then, it transmits your card info to only online retailers. So, it makes it easier to transmit your payment information - in fact, absolutely no different from how Safari web browser does it. But, after your payment information is entered into the retailer's system, it can be hacked, and it is copied in however many retailer systems you used. This is totally non-secure.
- Yes, they do have this "appearance of security" feature, where you get a text message when someone wants to make a purchase, and you have to verify it. But, first of all, this is only happening when they make a purchase using MasterPass, and not just using the plain card info. Second of all, SMS is an inherently insecure system, inherently hackable, and it is so easy to clone phones and have the text messages reach multiple devices simultaneously - your phone, and a clone that a criminal made. So now, all they have to do is cross-reference your payment information with your cell phone IMEI number, and voila - they have a very simple means of circumventing the appearance of security there.