The Federal Trade Commission on Friday ordered Mastercard to end “illegal business tactics” the company allegedly employed to block competitors’ access to customer information needed to process debit card transactions. 

What You Need To Know

  • The Federal Trade Commission on Friday ordered Mastercard to end “illegal business tactics” the company allegedly employed to block competitors’ access to customer information needed to process debit card transactions

  • The FTC alleged in its statement that Mastercard flouted the law by preventing other networks from processing transactions made with cards saved in e-wallets

  • The FTC alleged Mastercard was in violation of a 2010 provision of the Dodd-Frank Act, which requires at least two unaffiliated networks be enabled for all debit card transactions

  • In a statement provided to Spectrum News, a spokesperson for Mastercard confirmed the company has “entered into an agreement with the Commission"

The FTC alleged in its statement that Mastercard – one of the country’s largest payment card networks, along with Visa – flouted the law by preventing other networks from processing transactions made with cards saved in e-wallets, some of which may have had lower fees than Mastercard’s own network. 

According to the FTC, Mastercard employed a system called “tokenization” to encrypt users’ account information. Used in many online transactions to protect customer information, the process typically works like this: a customer makes a purchase, the merchant sends an encrypted token to the customer’s bank for approval, the bank sends the token to a payment network which associates the token with the customer account number for payment. 

In its statement, the FTC alleged Mastercard “refuses to provide conversion services to competing networks for remote ewallet debit transactions [...] thereby making it impossible for merchants to route their ewallet transactions on a network other than Mastercard.” 

The complaint relates mostly to cards saved in e-wallets like Apple Pay, Google Pay and Samsung Wallet. The FTC alleged Mastercard was in violation of a 2010 provision of the Dodd-Frank Act, which requires at least two unaffiliated networks be enabled for all debit card transactions – essentially meaning transactions should not be forced through one particular network. 

“This is a victory for consumers and the merchants who rely on debit card payments to operate their businesses,” Holly Vedova, director of the FTC’s Bureau of Competition, said in a statement. “Congress directed the FTC to enforce this part of the Dodd-Frank Act and prevent precisely this kind of illegal behavior. We take this responsibility seriously, as demonstrated by our action today.”

Friday’s order, which was agreed to by a 4-0 vote from members of the commission, will require Mastercard to provide other payment processing networks with personal account information corresponding to transaction requests. 

In a statement provided to Spectrum News, a spokesperson for Mastercard confirmed the company has “entered into an agreement with the Commission regarding the routing of tokenized debit card transactions at online merchants.”

“We believe that our existing routing practices are lawful and have always provided choice to merchants,” the statement continued in part. “We will continue the work to update our processes to comply with the consent order and provide even greater choice.”

The Wall Street Journal reported in October that the FTC was investigating both Mastercard and Visa for their security token practices and how they might impact online payment routing.