Supply chain, Security Staff Acquisition & Development, Risk Assessments/Management

Mastercard launches cybersecurity group focused on third-party risk

A window sticker advertising Visa and MasterCard payments hangs in a window Feb. 25, 2008, in San Francisco. (Photo by Justin Sullivan/Getty Images)

Nobody likes a third wheel, especially when it comes to securing financial data.

U.S. financial institutions are increasingly dependent on external service providers for virtually every element of their operations, from HVAC maintenance to payment processing. But as efficient and cost-effective as this practice can be, it opens banks, credit unions, investment firms and the like up to more potential incursions than they would otherwise encounter directly. Mastercard is hoping to help mitigate that risk.

The Purchase, New York-based card brand announced the launch of its own global “cybersecurity alliance” to help financial firms and their vendors reduce the ever-growing threats they face in this broad web of interconnected dependencies.

“Mastercard’s Global Cybersecurity Alliance Program is an ambitious effort to help businesses manage their cyber risks,” Stephanie Watkins, senior vice president, for global product owners at HSB, part of Munich Re, said in a prepared release.

“With the recent launch of our global partnership with Mastercard to provide cyber insurance using Mastercard’s risk rating data, we’re excited to work with alliance partners to help small businesses everywhere stay ahead of emerging cyber threats," she added.

According to Mastercard, three out of five (60%) of cyberattacks come in through outside vendors. Research from RiskRecon and Cyentia Institute sponsored by Mastercard, pointed out that “multi-party cyber breaches can cause 26 times more financial damage, compared with an attack that affects only one target.”

Indeed, the card brand noted in the release that “understanding third-party risk can be a time-consuming endeavor, as it relies on analyzing a variety of factors that contribute to a company’s overall rating. For many businesses, understanding their own rating is becoming increasingly important as more customers are looking at vendors’ risk profile as a condition of doing business.”

“As the digital landscape evolves, it is becoming more interconnected,” Johan Gerber, executive vice president of security and cyber innovation for Mastercard, said in the release. “Businesses of all shapes and sizes are now working with more companies than ever before to access the services and support they need — and protecting these complex ecosystems can be extremely challenging.”

To that end, Mastercard plans to work with financial institutions and financial technology companies to create new technologies, monitoring and applications to help them improve security for all.

“These insights can then be used to build a scalable, third-party risk reduction program,” according to the release. “The goal of the program is simple: help businesses improve the security of their third parties, thereby helping enhance the security of the digital ecosystem.”

Initial members of the group include Aravo, Archer, Argos Risk, ComplyScore, CyberGRX, Deloitte, EY, HSB / Munich Re, Interos, Kroll, LogicGate, OneTrust, Privva, ProcessUnity, StandardFusion, TealBook, Tech Mahindra, Venminder, Whistic and Wipro.

Alliance partner Bill Diaz, CEO of Archer, commented: “Our collaboration in the alliance and deep integration with Mastercard’s RiskRecon enables organizations worldwide to understand and manage the complete picture of their risk exposure as it extends to their third- and fourth-party supply chains.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.