Skip to main content
logo
Mastercard Incorporated (MA)
NYSE: MA · Real-Time Price · USD
495.46
-7.46 (-1.48%)
At close: May 1, 2026, 4:00 PM EDT
495.44
-0.02 (0.00%)
After-hours: May 1, 2026, 7:59 PM EDT
← View all transcripts

Status Update

Sep 19, 2017

Okay. Why don't we all move to our seats so we can get started. I'm Craig Moore with Autonomous for those on the webcast. From Autonomous in the room is my team, Matt O'Neill, Rob Wildhack and Ken Sahaski. We're very lucky to have with us today Mastercard's Johan Gerber, EVP of Security and Decision Products. As everybody knows, Mastercard Services Group has been A hot topic. Everybody wants to discuss it. It's seemingly a huge differentiator versus their main competition. And to have someone from that side of the business is rare in a forum like this. So Johan is 17 years in the industry. I believe you said Mastercard. You joined them through acquisition. So For the benefit of the audience, why don't you tell us a little bit more about your background and role at Mastercard? Great. Well, thank you. And first of all, thank you very much for the opportunity to be here and to speak to all of the investors. Yes, I've been with the company for 17 years. I started out In our European subsidiary at the time called Europa International, which got acquired by NASCAR, I think it was 2,003, And through that acquisition, eventually found myself into the current role moving to the United States, and now I run this group called Security and Decision Products for us. Okay. And FYI, I do want this to be conversational still even though it is being webcast. So if you do want to interject with a question, just put your hand up so Alessia can get So thinking about, obviously, in the name of what of your role, fraud. How do you has Mastercard approached the discussion? Obviously, the Equifax breach has probably had you working overtime to figure out where your risk points are from that. So if you can help us understand a little bit. Sure. And let me say this, We don't view fraud necessarily as a topic on its own. It is we have the strategy of security by design. It's part of everything we do. It's part of our DNA. It's part of how we think when we develop new products, new services, new campaigns. But if I can just take a quick step back, there are 4 main, I would say, topics, drivers that's constantly Helping us to define our strategy. First of all, there's this whole context of intelligent connectivity. The world is this ecosystem, which is intelligently connected, what we call the digital ecosystem. It changes the way we live. How I interact with my house, with my car, nobody is in control of this thing, but it really changes the way we live. It changes the way in which we will conduct commerce. It changes the way in which companies deliver service and product. So this is going to be a big part of our future, and it's a big driver for us as we think through safety and security, because in that environment, the two next topics that are very important is Cyber and then digital identities, because in this digital connected world, those will be the 2 biggest questions that we can have to answer in the future Within the context of safety and security, are you who you say you are when you're trying to attempt this transaction? And are you authorized to do that transaction? So digital intelligent connectivity, Cyber and then digital identity is 2 main things. And then the last one is AI. The importance of having real Smart AI and technology to make sense of how all of these things should interact with each other. That's the 4th thing that's really a big driver for us as we design our strategy. And that brought us to our strategy, and I'm sorry I'm going around and around on 4s, but a 4 pillar strategy, which is basically down to layers. The first pillar is prevent. We do a lot of effort across the industry working with competitors, people across the spectrum around how do we prevent fraud And this goes to standards, it goes to things like EMV, tokenization, those big things that we put in. Then, but just like if you have a house and you have a door with a lock, it doesn't mean you don't have an alarm system. It doesn't mean you don't have a safe inside. We have the second pillar, which is detect. So we constantly monitor the ecosystem to understand, Even though we have those preventative things, is there something else we need to be looking out for? The third thing, and this is one way we differentiate quite a bit, is experience. We put a tremendous effort on fraud, safety and security should have minimal impact on experience. In fact, It should enable the stakeholders to create a unique experience, a differentiated experience. So we put a big effort on that and it's very clearly called out in our strategy. And the last one is around identity. Going into this digitally connected system, identities will be a very, very big part of us. So that's kind of a quick overview of how we look at it. And within the context of the Equifax breach, It's that relentless making sure that you do your updates, making sure that you've got your basics down, making sure that you monitor, Just making sure that those things are done really, really well. Just staying on that for a second. Equifax, you think of them as This huge credit bureau responsible for 100 of millions of individuals' data, you would think that they would be the most aggressive about staying up to date, making sure all the back doors are closed, things like that. How many, in your view, I mean, is this a big When you think about large companies, are there thousands of Equifaxes out there waiting to happen because things just get lost along the way? It's kind of hard to say if there are thousands of Equifaxes out there to happen, but I think cybercrime and the cyber threat is here to stay, is growing bigger. We see it taking on various forms. We see it taking on the form of stealing data and then exploiting it later on for various purposes. But we also see to we've seen the attacks against consumers. It's not even just against organizations and institutions. It's against consumers Stealing their data, ransomware is a big deal for us, but we also see attacks going against financial institutions, not to steal data, but actually manipulate the systems in order to commit fraud and to get direct financial gain out of that. So I do believe there are the attacks are relentless. The financial industry particularly are under attack, so we should be more vigilant than ever. It's hard for me to comment to say how many people are vulnerable out there and that kind of thing. But it's a very big concern. It keeps us up at night every night. Yes. Speaking of attacks, I remember years ago, I was visiting Visa's newer data center, and they had commented that they We're being attacked 100 of 1000 of times a day from China and Russia in terms of hacking attempts. I mean, I would imagine that's only escalated. So can you talk about how Mastercard delineates their systems? We can see what you have on your website, but how is the back end protected? I mean, that's not connected to what we can see. Yes. So The area of our cybersecurity strategy is not really in my area. That's a person by the name of Ron Green, who manages the whole he's our CISO. But I can tell you that we have a very, very strong strategy around how we protect against cyber, and we don't take anything for granted. While we put up it's the same strategy of prevent, detect and monitor and continuously improving that whole process. We are There's a big drive to kind of separate environments so that if there is in the event of a breeze, there's very limited exposure. The typical strategies you will find in most big companies, So I can't really go into any of the details. That's not really my area, but I can tell you the same principles that are there is basically applies to ours as well. So In such a digitally connected world, how are you Mastercard has talked a lot about AI. And how are you integrating that into what you're doing? So AI is a core component of us and especially for the future. In this digital environment, how do you connect the dots between all of these devices? How they interact? What are the relationships between consumers and their devices, devices between devices? What kind of connections make sense? Which ones doesn't? You need AI to really help you make sense of that data. We have embedded AI into our network. Every single transaction that goes through our network gets AI applied to it. And we basically use it at 2 main levels. First of all, if you think about We can at any point in time, we have a view through AI of every single transaction across the globe in real time. So think of it as a table where you constantly have a shift of how our transactions flow. And then the AI looks for pockets of risk. So if there, for instance and I'm just going to make it up, if there's a pocket of risk starting to emerge between Hong Kong and Australia, for instance, The AI will see that and then it's programmed that it will actually automatically intervene, surgically cut down that specific area of risk and cause the risk. In the past, we had humans, alarms going off, pages going out, emails and everybody would run-in and try to triage the whole problem. What we've done now is we actually have a place where AI does that automatically for us. By the time we get on the phone and we start looking at the system, most of the risk has already been mitigated, shut down. It's been a great, great evolution for us from that point of view on the global network level, but then we also look at AI on every single transaction. And this is actually an interesting piece because we've kind of evolved from the old previous AI users or machine learning more so than AI was Understanding the risk associated to every transaction. We've gone from that risk assessment to what we call prescriptive analytics. So what is the right decision? Not just looking at risk, because risk without context doesn't mean a lot. I understand this transaction has a high risk, but is this a high net worth customer? Is this something she or he Regularly do what is my risk of attrition if I get this wrong. So we're piling all those additional pieces of information into that equation, Then we come up with a prescriptive decision rather than, hey, what is the risk associated with this? So for us, AI is a really, really core component of driving More profitability in our transactions, better decisions, better consumer experience and obviously, the underlying safety and security, which is inherent in there. What does Brighterion bring to the table for Master Garden? Yes, so that's an interesting relationship. We started back in 2,005 with them, Took minorities investment in them, I think it was 2,008, and eventually the acquisition took place in July. But really what they brought to us are, I would say 3 main things. AI at scale has been a tough thing for the industry to deliver. We've heard many things around AI, beautiful algorithms that can do beautiful things. But to deploy that at scale at thousands of transactions a second, milliseconds throughput, Continuously 20 fourseven, to do AI at scale is really, really hard. Criterion brought us that. And then the other one is Flexibility in AI, the ability to develop and design unique models and run multiple of these things concurrently in real time. And we have the criterion technology brings us more than one machine learning technology. There's the typical neural networks, but they've got things like Decision trees and case based reasoning and a whole bunch of other types of technologies. And basically, depending on the problem we're trying to solve, We package different types of technologies together. So flexibility and scale are 2 probably of the biggest things that they brought to us. And then the ability to Now expand beyond our own industry, but also start delivering services and value to nascent industries around things like anti money laundering, financial services and stock exchanges, health care fraud. So we now have the ability to also go a little Broader than our typical industry as well. And New Data, which was also an acquisition earlier this year. So if you go back to the original picture that I painted in the beginning, we've got this digitally connected world. We need to know a lot more about machines, how they interact, the detail of how these communications happen, and that's when new data comes in. So New data is a capability for us that really helps us to gain a lot better insight into what we call the point of interaction. The minutiae is what device it is, what IP address it is. Is it malware that's actually intervening or is it a human that's interacting or is it the machine? So really getting into that Minutiae of detail of what's happening when these machines are talking to one another or when a human is interacting with her or his device. Is that a human or is it really you? So in the long term, they're going to play a really, really important part for us Understanding this whole digital ecosystem and that data will then feed into the AI technology to make it stronger. In the short term, they help us solve 3 big problems. One is around automated attacks. So one of the fastest growing attacks today is the whole notion of automated attacks. The criminals write scripts and they just have a little computer program which take all these identities that they've stolen at, let's say, Equifax or Take the username and passwords that were compromising the Yahoo breach and they will take those credentials and they will fire them off at any website Around the world that accepts a username and password to see is there a chance that the consumer used the same set of credentials at another site. That automation attacks is a big part of our growing problem. So what they can do is they can pick those things up very, very quickly, shut them down, just get them out of the way. That's one problem, it's automated attacks. The other one is what we call account takeover and account origination, so synthetic identities. This is where somebody is trying to go into a system, pretend that you take over the account, transfer your money out or order something new Or just if they for instance, they take your Social Security number, they take my address, they take somebody else's email address and they create the synthetic identity, try to open up an account At a financial institution and then commit fraud. So those are some of the short term wins that we get with them. They can solve a real big problem. But in the longer term, it's really about How do we understand the digital ecosystem? How do we make the best decisions to allow our stakeholders to differentiate, Great economic value and create that consumer experience that we all want with inherent security embedded into it. When we think about security, security has different layers, whether it's the consumer, it's corporate level security. Biometrics are a big piece of where consumer security is going because of ease of use and the Pretty much unique nature of them. A, how does Mastercard view biometrics? B, how do you view Apple's change away from fingerprint to facial recognition. So on the first one, big fan of biometrics. I think Mastercard is a really, really big fan. You would have noticed our press announcements around what we call IdentityJig Mobile, also called selfie pay and a bunch of other stuff. That was a big, big deal for us. We do believe the concept of a password should be eliminated from our lives. So we totally believe that. There's this concept that we have that we call intelligent friction. So think about you apply new data, you apply The AI technologies that we have through Viterion, and you come up with a transaction that seems to be high risk. The only way to really mitigate that risk is To reduce friction into that process, meaning asking the consumer, I need to verify that you are who you say you are, that you really want to do this transaction. How to then mitigate that friction? The easiest possible way today is via passwords. For us in the future, that will be a biometric. The form of biometric, I think our approach has always been we want to support whatever the consumers and the business feels there are important. So Our IdentityCheck mobile supports voice, it supports fingerprint, it supports facial recognition. So we're totally good with those various forms. I'm very positive about the move that Apple made. I think it will further help enhance. It makes our lives a lot easier to just look at it. There are certain parts of the world which may find facial recognition better or preferable than fingerprint. So I won't say we're going to say this is a winner versus something else, But we're definitely a big supporter by Apple and other companies doing those kind of things. It really helps us to get better, broader adoption of these technologies as we move forward. And then we can use them in payments as well. So all these things are interesting, but at the end of the day, the guys in the room are interested And how Mastercard makes money, right? So in terms of what you've just told us, what is differentiated from competitors, what's part of Mastercard Secret Sauce per se? And how is that helping you win contracts? So I think the biggest driver for us is this notion that our technology has to be enabler for our stakeholders to differentiate and be profitable. So when we walk into a contract negotiation, we want to say we are your best technology partner that will allow you to differentiate from your competitors become successful in your business and make the Mastercard brand the most profitable brand out there without compromising on security. So I think at a very high level, that's a very big If you look at our acquisitions of New Data and Brighterion, our innovation around the biometrics space, It means that you can clearly see our vision is this digital connected world and how do we make best sense and how do we allow these So be that a merchant that's trying to sell you a service or drive a product through this channel, be that a consumer who wants to consume it, be it a finance Tushin, who's trying to create a very unique consumer experience, how do we enable that differentiation? We're sitting in the middle trying to navigate this whole ecosystem. And I think our role is how do we standardize those things and then really allow them to innovate while you can plug into a core set of security that's there ultimately. So Embedded AI into our network, we're really the only network that's out there. We're the only network who's got the capability that new data brings for us. From the beginning, When we started playing with AI, we thought our strategy to be better to go after who's in the industry, who we think is best in the industry, rather than trying to organically grow it inside our organization. So we've always had this notion of, let's take the best that we can find out there And put those things together versus just trying to do everything ourselves. And that's been a big approach. And then with the ultimate goal of How do we allow the marketplace around us and our customers to then become successful and really show that differentiation? We've seen in the digital evolution of Mastercard and Visa, we've definitely seen different Strategies take hold at each company. And the idea of data security, data collection Also seems to be a little bit different. Where I'm going with this is Visa checkout requires direct consumer input. So Visa is therefore capturing personal data even though historically the networks have always just had Anonymized account numbers, but now they're connecting those dots. With Masterpass, you seem to be more of white labeling the solution, letting others collect that data, keeping it within the banks. Could you talk a little bit about how that decision was made with Masterpass versus the obvious competitors' decision. Yes, it kind of goes back to what I explained to you, the same way of differentiating Our security services as well. It's around enabling our banks to create differentiation from each other And to create their own business strategies. If everything is owned by 1 owner, there is no real competitive differentiation for those who play within that ecosystem, If you think about that, what we create is we will facilitate the creation of a Masterpass wallet set up at a finance institution, but they control The consumer experience, they control they're the custodians of that data. You just have to think about Equifax for a minute and think the burden that you get of bringing all of that data in house a single place. But the we see our view, we are never going to go consumer direct. That's not our remit. Our agreement is to enable our financial institutions to be that service delivery. That's the place where they stay. And how do we create an environment where they can really differentiate, be themselves and Create a better business strategy than somebody else. So that's the fundamental change where there may be some things that makes it easier to implement and so forth. But ultimately, in the long term, the business strategy is what we believe will win and how banks can create that unique experience for their own customers. So I wanted to ask your opinion on different data privacy regulations around the world because one thing really jumps to mind, which is Mastercard recently won the digital wallet. It's now going to be the digital wallet solution for La Caixa with Masterpass. La Caixa is almost entirely a Visa issuer. And from what I understand, it was because Visa Checkout wasn't compliant with European data privacy rules. So can you talk about how that's a challenge globally, how you have to adapt to each region, especially with things like China and Russia and others now requiring on soil processing. Yes. So Data privacy and data compliance is a really, really big part of my life every day because if you think about all of these AI and And data products that we do, it's all about data. So the compliance of that is a credit component, which is why It's fundamental to our business as well. We don't try to take shortcuts when it comes to privacy just because ultimately our brand and The reputation of our brand is way too important on that. We are working very closely with a number of regulators around the world when it comes to what we call data nationalism, understand where they're coming from. But there is also a lot that we can bring to those scenarios. So for instance, in many of the countries where those are active projects going on, We provide education. We provide infrastructure. We provide best practices. How do you run a domestic system like this in a domestic level? What kind of infrastructure? How do you embed safety and security in behalf? So we still see ourselves as a big player in those areas. So and we'll be supportive of whatever those governments want to do there to make sure that we are adhering. Ultimately, If we can't provide a business model that allows that kind of flexibility across the world, how do we really see our future So our future strategy is built on allowing those stakeholders, be they governments, be they banks, to allow them because that's always going to happen. We're not in a world where everything goes around the same way. So It's a big part of our strategy and it goes it almost goes back to what I told you about safety and security being there to help Stakeholders to differentiate, Masterpass being there to say we recognize the bank's role in this relationship, their custodianship of the data. And this place is the same. We recognize that certain governments have specific strategies and we will still provide technology, we'll still provide best practices, we'll still provide education, infrastructure And help them to actually get going on those things and make a success out of it. Ultimately, our goal is this war on cash. And if that means we work with governments locally to facilitate that electronification of commerce, we'll be right there and we'll play a role. So in thinking about attacking these new territories and also rule changes in existing territories, We've been talking about this for a very long time since the IPO, but it didn't become a real topic until recently. Mastercard's network architecture is different from Visa's. You have a distributed architecture versus Visa's hub and spoke network architecture. And I believe There's something Bob Seelander put in place a long, long time ago, foreseeing a lot of this. But how does that help you with speed into market, with the need for new investment into market. It seemed that when discussions were out there around Russia and China, Mastercard consistently had a lower investment lower new investment need than Visa did. Was this because of the way the networks are architected. Yes, so if you think about that, for those of you who don't understand a distributed network, basically we have Thousands of endpoints spread all across the world. And a transaction basically takes the shortest route. It never goes through it doesn't have to go through a center. So there's no central point that where every transaction has to go through in real time all the time. Except through cross border, right? Well, even on the network. Transactions could go between China and Sydney without going through the United States, for instance. You can just stay on the shortest possible path, Where the star network, our competitive network out there is what we call a star, everything has to go through the center and then out. So it always does this where we can simply take the shortest path. We've actually created what we call a hybrid network, which is a lot of transactions go central when we need to apply a service like safety and security, like loyalty or something else. And the ones that don't, take the shortest path. And so by nature of that, we have a lot of intelligence at the edge, Which means that our edges are far more intelligent. So we can do a lot more in China. We can do a lot more with lower investments. So I think the architecture of the network Played a big role in that. And the fact that it's a hybrid network, we can still work with local authorities and local customers to say, If some of them require services that can only be supplied in the center, those transactions can then on demand can be routed to the center, get the service applied and then get back to them. So I think the flexibility obviously, I think that played a very, very big role in our speed and margin as well as the investment required to get in there. And do you see the majority of territories globally going to an on soil processing stance? That's interesting. I wish I had that crystal ball. It's definitely there's definitely a trend that we see more and more of that. Whether that ultimately where everybody ends up, I'm not sure about that. That's a hard question to answer, but there's definitely a trend that more and more countries are asking for. The whole notion of data nationalism is definitely a trend that we see growing in the industry. And what complications does it introduce for Mastercard when You have to start working with like an NSP Con Russia or a domestic switch that you have to, To a degree, trust with the transaction. Yes. The 2 things. On safety and security, there is a concern. We're fighting against criminals who are operating globally. So when you isolate your view of safety and security Very specific market that makes it harder to see global attacks and really respond to them as fast as you want to. So we're in constant discussions with regulators when they do these things to say, How do we help you to also make sure we don't lose the safety and security blanket that we can provide from a global network point of view? What if The attack doesn't happen cross border, but the attack happens domestic and we can't apply all of this beautiful AI and the new data technology that we have. So there's a lot of discussions on how do we ensure That we have that safety and security blanket across it. And then also, you want to make sure that the consumer who's interacting with the brand has a consistent experience no matter where they are in the world. And so for that reason is why we're so actively involved in these things to make sure that we provide technology, that we provide best practices to ensure we can keep some level of input to ensure that level of consumer experience. And with every smartphone essentially becoming an endpoint for the network, That also must introduce a whole layer of complication. Yes, look, it's a beautiful thing. We truly believe every device is a potential commerce device, So that's Shout's opportunity. It's Shout's opportunity of converting cash into electronic payments, but it does raise Every point now is a vulnerable point to a cybercriminal, to somebody who's trying to take over a device. And that is where this whole strategy of new data, Get insights into what's going on, on that device, understand is it a human interacting, is it the right human, things like behavioral biometrics. One of the things that they do with new data is Just by the way you type on your phone, we can say it's you or it's not you. How hard do you press on the glass? Do you hold it like this? Are you right handed, left handed? Do you type with 2 fingers, 1 finger, do you hold it flat? So all sorts of different points. So all of these things and then you need AI to really understand when something is happening, be that at a device level, at a merchant level, at a network level, To get this, so that's why our investments in these technologies are really geared towards these risks that you rightfully highlight. They are big concerns, but the opportunity is massive, and that's why we think we're well positioned for that. Okay. Stepping outside of your out of Mastercard for a minute. Can you talk about cryptocurrencies, what type of risk that might pose to the network, might not pose to the network and how Mastercard might deal with that. Yes. Look, I we always look at these things very, very carefully, right? There's always because the payment space is So big. You always need to be very careful of people that are trying to get in there. So from a competitive point of view, yes, We are very, very acutely aware of them. We are looking at them. The thing is, I think there's this perception that cryptocurrencies provide a level of safety and security That normal payments cannot provide. I think that is simply not true. If you look about look what's happening with this, I'm going back to this digital ecosystem where cyber and identity become your 2 biggest things. We've seen the media reports lately where criminals have taken over a user's device, They're susceptible to exactly the same risk of a cyber attack, of an identity theft, somebody taking over an account and then performing those actions. So We're no different in those areas. And those will be the areas we are putting a lot of investment and effort into making sure that we don't have that we can at least mitigate Those risks as they come up and that we have a way to identify new risks coming up and that we can quickly respond to them. So I do think we are acutely aware of them. I'm not going to dismiss them at all. They're very real, but I don't think the notion that we need them because safety and security is not adequate. EMV tokenization, that inherent security It's as good as anything else in terms of the everyday transaction. When it comes to cyber and authentication, the playing fields are equal. And that's why our investment in that technology is so critical for us to make sure that we have a good handle on that. In that investment, do you need the banks to be playing along? I mean, there is They're obviously the contact point for the consumer. Yes. Very, very important point. So we go about this two ways. There are several of these things where we actually need the banks to cooperate. They need to drop something onto the device onto their website in To help us to collect the data, they need to connect to our systems. But there are several places where we can actually just put it inherently into the network. Like for instance, the AI That we where we scan our entire network. We don't need the banks to do anything. This is completely whether they there is no zero implementation. It's us sitting from a network point of view, having AI looking at everything that's happening in real time all the time and then finding these areas of risk and mitigating them. But there are some of the finer areas where you do need the banks to play. So that is an important role. But even things like 3DS 2.0, There are certain industry standards, EMV, are places where we standardize this technology to make that implementation easier. You will never do away with it. Look, implementation and IT resources, you're always in that constant battle. So this is a really hard thing. But we do ultimately believe that Getting a standard across the industry is a big strong motivation for the banks to get there. So just to cut down on the answer and not to make it too long, Some of the things we need the banks for and some of them we do at a network level and we basically embed it at our network level. I want to see if there are any questions in the room. Chris? Card, I think back in April and was trialing it in South Africa. My understanding is that chip card, that credit card with a biometric Again, it costs about $20 I'm just curious how the trial is going and what you see as the potential for adoption In the next year or 2 among financial institutions globally. Yes, so thank you for that question. It's actually a good point. I should have brought that up earlier when we had the discussion around biometrics, but The trial is going really, really well. We see a lot more demand outside of the trial area and other areas. And interestingly enough, Some of our banks are really looking towards this as a big play in the affluent consumer portfolio, in really underlying places where trust And integrity really means a lot. So we see a lot of interest, so that's going well, the trial is going well. And as the demand grows, we believe the I'm not sure that $20 is accurate, quite frankly. I don't have the amount with me, but I'm not sure I've heard a lower amount, but it's still it's higher than what we want it to be. Like with anything, the moment you introduce scale, that unit cost will come down. So we're pretty confident that, that will make a big difference for us in the future as well. So the banks, those who you are relying on to make investment, are they investing enough? Are they on board with the level of due diligence and investment in new technology that you would like to see them be at? I would always love to see more. But I think with most of our banks, we are in a place where they understand the importance of safety and security specifically. They are making the right decisions. And we work with them on a constant basis to just get the minimum bar to So we have different ways of doing it. In most of the cases, we work very closely with our banks. And where we see inadequate protections, We will go in with some of our franchise rules and really try to get that compliance to get up. So we have different ways. But in general, I think most of our banks are really good at this because they all understand the importance of this. And these events like what happened with Equifax will again for why this is so important that banks invest in this. So I would say in general, we're very happy with it. Can we do better? Absolutely, Absolutely. And we put programs in place to continuously put that bar higher and higher to make sure we also help them with that prioritization. So that brings me to my next question, which is how do you get entities motivated? Do you think regulators should be involved? Does Mastercard want to see regulators involved in creating minimum standards for all entities to meet because it would seem that without a fixed minimum bar of security going forward, We have no chance of normalcy in terms of data privacy. Yes. It's an interesting question, Craig. So in most of our cases, if not all of them. We've been working very, very effectively with regulators to move that bar. If you think about what's happening in Europe with The Payment Service Directive 2, PSD 2, as everybody calls it, if you look at what happened in India with the government there, With their level of security authentication and biometrics, we welcome those kind of things because to your point, It just drives up the minimum standard and then it levels the playing fields for everybody to compete there. So I think we welcome regulators to get involved in this. Obviously, we want to be working with them to be smart because ultimately, we want to have a balance in the regulation so that while security is critical, They just don't lose sight of the consumer experience. And for instance, in Europe, we've been working very actively with regulators there to bring in the concept Risk based authentication. Why should I do an authentication for every single transaction, even if it's €2,000,000 and it's something that I regularly do or My subscription payment that goes off every month, how do we deal with those things? So we when we can get into a dialogue with the regulators, We always find that things comes out in the benefit of the industry and how that evolves. Okay. So taking that forward, What risk does well, actually, go ahead, Joe. Just on fraud risk, I think 6 or 7 basis points of volume, we've seen some stats like that. If that goes up or has it been increasing? And who's on the hook for the fraud risk? Is it the banks that are making the loans? Or do other parties could Equifax or Mastercard one day have to share the burden of future fraud risk. So right now Mastercard has no liability on the fraud risk. So just to Put that one out there first, because that came into your last part of your question. But if you look at the everyday transaction, the answer is really it depends. There's a general rule That the party with the lowest end of security carries the burden of the risk. So for instance, if the consumer has an EMV enabled card, The merchant doesn't have the ability to accept that highest level of security, then liability will flow to the lowest level of security entity. But there are so many nuances around these things that it's really hard to give you a definitive answer. But at a higher level, Liability typically goes to the area with lowest level of security. That's the rule of thumb. In cases like Equifax, There are a number of programs that we do run depending on how many accounts has been compromised, What are the costs involved of the banks to reissue and monitor these accounts? And there is typically, we get to some agreement with these entities on how to navigate that level of liability make sure that parties are compensated for now having to address that kind of risk. But in your everyday transaction, the general rule of thumb is lowest level of security Carries liability, so it's sometimes the merchant and it's sometimes the bank, just depending on how that plays out. But in all fairness, there are so many nuances to this. You really have to we can go in for a fairly long time looking at each one of those. But at a general level, that's kind of how it plays out. Can you talk about what level of risk is introduced to the system by 3rd party wallets, things like Alipay and WeChat Pay and PayPal. I mean, obviously, you have the agreement with PayPal, so you have a better footing with them, but in general? Yes, I think it's like everything else. It's how do we make sure that we have that same bar of safety and security that's in there. And ultimately, it boils down to consumer trust in the electronic payment system and the integrity of the payment system. So if you have a 3rd party with a very low Focus on the risk and something happens that shakes the confidence of the consumer, that's a concern for us. But what we've seen traditionally is that most of these 3rd parties that come in, they do have a fair amount of focus on fraud and risk, as it should be. But It's with anything else, even in our existing ecosystem, in this whole connected world that we're out there. Every new point that comes in is a potential point of vulnerability. But within a framework where we know what's going on, where we can monitor it, I think we can mitigate those risks and maintain them to a certain at least to a point. But yes, 3rd party is introducing risk. That is something else that keeps us up at night. We do look at those very, very carefully, and we have to be mindful of them. And especially if they're outside of our industry, What will be the impact on the consumer confidence? Ultimately, that's our biggest concern. I'm a subscriber to Brian Krebs' blog, so I get an alert So you don't sleep every now and then. Every other day, you're getting an alert about a retailer that's been breached, whether it's a hotel, the targets of the world, whoever. How do you work with those entities? And have they improved at all since the days of the target breach or even well before that. We've seen big improvements overall. I think The awareness in the industry is at a much higher level than it's ever been. So the answer on that one is we see the right strides are going there. The problem you have is, for cyber criminals, it's an arms race, right? There's always something new. There's always a new evolution with a new point of vulnerability. And so for that reason, if you go back to the strategy under what we call our prevent pillar, things like tokenization and EMV, ultimately, the answer is That data should be rendered useless. And I think that's something we as an industry has now completely Mastercard, Visa, all of us Are heading down this path of how do we get to a point that that data is rendered useless because the strategy of trying to protect that at all times can only be so effective. Ultimately, the core will be take the value out, create that unique piece of data that has to go with every So that you remove the incentive for criminals to really go in and put and go after those technologies. I think if you speak to folks like Brian and others, They would tell you, if with the right level of equipment and focus, it's really hard for these retailers to protect 100% around what's going on. So really, the answer If the strategy is not stronger and stronger protection, the answer is just render the data useless, get it into the core and get the incentive out of the way. How willing are large cards on file merchants like Amazon, Walmart and others, Netflix, how willing are they to tokenize their cards on file base? Are they willing to work with you in that regard? We are actively working with a number of merchants out there. In fact, I was in India last week with Netflix on stage, Talking about the benefits of tokenization, they're actively working with us to do that. A great partner of ours in that sense, tokenizing their entire Card On Fire portfolio. So it's an active discussion with these merchants. There are some operational implications Of doing this, I need to make sure that there's a card order, you still recognize your card, what does a token mean, so all of those things. So we have to work through all of the operational issues. But in general, the conversation has been very, very strong. And like with partners like Netflix, I think we've seen a very, very positive movement. And they're going out on public talking about the benefits of this, Not just of the security component, but also about the component of the consumer convenience. Every time one of these breaches happen and we get our cards reissued, I have to go to 14, 15 more places to go and change out my card, make sure the payments go through. So Another product that or another area that we focus on really hard is what we call card continuity. How do you make sure that, that card is always available when we issue a new one The consumer experience will not be interrupted. And we have a very strong strategy around, if it's a token, that's pretty easy. We'll just replace the token. The token at the merchant can remain the same. If your card is replaced, what Netflix will have will remain the same, and there's no risk there. If Netflix gets compromised, we'll replace that token. So we've got a very good way of managing tokens. And then on our normal open plans, We have a product called automated billing updater, where banks and merchants will subscribe. Netflix is a big subscriber to that. So automatically, when your bank issues you a new card, we will update at all these merchant places. We'll tell the merchant we placed this card out. All of that is done to kind of protect that consumer experience at the end of the day. Okay, I think we're about out of time. But I would imagine with everything going on in the news, when you put your hand up in budget meetings, Martina is more than happy to recognize actually these days. But thanks again for joining us, and we look forward to hearing from you again in the future. Appreciate that. Thank you very much, Greg, and thanks for the audience. It's a really good opportunity for us. Thanks.