In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance security.
Mastercard has been integrating biometric authentication into its payment ecosystem since 2022, allowing transactions to be completed with a smile or a hand wave. Now, the next phase involves replacing card numbers with tokens, which transform the 16-digit identifier into a unique digital code stored on devices. This ensures that card details are never exposed during online or contactless transactions.
The initial rollout of these numberless cards will be in collaboration with AMP Bank, with additional financial institutions expected to adopt the technology in the coming year.
Receiving a suspicious transaction alert from the bank can be alarming, and for good reason—payment fraud has been on the rise. In Australia, fraudulent card transactions amounted to A$868 million in 2023-24, up from A$677.5 million the previous year.
Data breaches continue to expose sensitive financial information, with major incidents involving Marriott, Starwood Hotels, and Ticketmaster affecting hundreds of millions of customers worldwide. In Australia, card-not-present fraud—where transactions occur without the physical card—accounts for 92% of all card fraud, increasing by 29% in the last financial year.
Although the Card Verification Value (CVV) was introduced to verify physical card possession, its effectiveness has diminished over time.
By removing the card number, Mastercard aims to reduce unauthorized transactions and minimize risks associated with data breaches. Without stored payment details, compromised databases will no longer expose customers’ financial information.
This move aligns with broader industry concerns about data storage and privacy, highlighted by incidents such as the 2022 Optus data breach, which leaked historical customer data. Eliminating stored card details prevents future attacks from leveraging outdated information.
Challenges in Adopting the New System
While digital banking users may find the transition seamless, concerns arise regarding accessibility. Elderly consumers and individuals with disabilities who rely on traditional banking methods might struggle with the shift to mobile authentication.
Additionally, shifting security reliance from physical cards to mobile devices introduces new risks. SIM swapping and impersonation scams already enable criminals to take over victims' phone accounts, and these tactics could escalate as digital payment systems evolve.
Biometric authentication presents another challenge—unlike credit card details, biometric data is immutable. If compromised, it cannot be changed, increasing the stakes of potential identity theft. Previous breaches, such as the BioStar 2 security lapse and Australia’s Outabox facial recognition exposure, highlight the risks of biometric data leaks.
As contactless payments continue to grow, physical cards may soon become unnecessary. In 2023, mobile wallet transactions in Australia surged 58%, reaching $146.9 billion. By October 2024, nearly 44% of transactions were conducted via mobile devices.
Retail innovations like Amazon’s Just Walk Out technology are accelerating this trend. Currently deployed across 70 Amazon-owned stores and 85 third-party locations, the system uses AI-powered cameras and weight sensors to enable checkout-free shopping. Companies like Trigo, Cognizant, and Grabango are also developing similar smart retail solutions, with trials underway in major supermarket chains like Tesco and ALDI.
However, even in frictionless shopping experiences, consumers must initially enter card details into payment apps. To eliminate the need for cards and numbers entirely, biometric payments—such as facial recognition transactions—are gaining traction as the next frontier in secure digital commerce.
