Mastercard Ending Use of 16-Digit Card Numbers, Raising Questions About the Future of Card Payments

• Mastercard aims to reduce fraud by removing numbers from credit and debit cards by 2030.
• The company will rely on tokenization and biometrics to process transactions made with numberless cards. 
• The move could bring cost savings to merchants, but the ultimate impact to consumers without a smartphone is unclear.

Mastercard has announced plans to phase out the use of card numbers on credit and debit cards by 2030. The company intends to use a combination of tokenization and biometrics to identify the card used in a transaction.

Tokenization transforms payment information into a digital representation — or token — that is unique to the cardholder and the merchant where the cardholder is making a payment, meaning criminals who access the token can’t use it to complete separate purchases. Tokens can be generated through an app cardholders download on their mobile device.

Biometric authentication in card payments relies on an individual’s physical characteristics, such as their fingerprint, to verify their identity.

The move is the latest strategy Mastercard is employing to lessen fraud on card transactions. 

Fraud is a significant impediment to the security of card transactions. Increasing fraudulent activity on credit and debit card purchases makes a strong case for implementing tighter security measures for obtaining, storing, and transmitting card data. 

More than 80% of adults in the U.S. own at least one credit card. According to a recent study, 62 million U.S. consumers experienced fraudulent activity on their credit or debit cards within the past year, but only 8% of fraudulent charges resulted from cases where a card had been lost or stolen. The remaining fraudulent activity occurred when a criminal accessed cardholder information remotely.

Mastercard is making its initial foray into numberless cards in Australia, where approximately 25% of the global fraud detected by Mastercard originates, according to Johan Gerber, Mastercard’s Executive Vice President of Security and Cyber Innovation. In a conversation with The Sydney Morning Herald, Gerber shed some light on the company’s strategy in moving away from printing digits on physical cards.

“We’re trying to render the data useless to cyber criminals so there’s just no desire to hack it any more,” Gerber told The Herald. “Our investments in security are paying off, but we cannot stop investing.”

Consumers stand to be big winners if Mastercard’s strategy works. Recovering from identity theft can be a significant drain on a fraud victim’s time and money, not to mention the stress that can accompany having one’s identity stolen.

But merchants also can benefit from Mastercard’s plans to increase card security. In today’s environment, merchants have to set aside funds to purchase, build, and implement security systems to prevent hackers from illegally accessing stored company data. When their systems are breached, merchants must take time to assess what went wrong and fortify any security deficiencies that are vulnerable to additional hacks. 

More than 40% of small businesses in the U.S. experienced a cyberattack in 2023, nearly doubling the percentage of businesses that faced similar attacks in 2021. Businesses suffer financial setbacks when a cyberattack successfully penetrates their security firewalls. In addition to rectifying system deficiencies, they must communicate with customers impacted by a breach. 

They may also face expenses that aren’t easy to quantify, including the cost of reputational harm that makes potential customers think twice about engaging with them in the future. But, if numberless credit and debit cards allow merchants to end the practice of storing customer payment information, then merchants could realize savings on fraud prevention and restoration practices.

Angela Tuzzo, Vice President at MRB Public Relations, has experience in the cybersecurity sector. Tuzzo told us that, although removing numbers from credit and debit cards may be a positive step in combatting fraud, some stakeholders may suffer.

“Removing numbers from credit cards potentially would close the door on the vast databases of ill-gotten card numbers which can attempt to be used in fraudulent transactions,” Tuzzo said. “This has the possibility of leaving out large numbers of people that do not use mobile banking.”

Mobile phones are a fixture of daily life for many people around the world, and 9 out of 10 adults in the U.S. own a smartphone. But smartphone usage varies significantly by age.

The overwhelming majority (97%) of individuals between the ages of 18 and 49 own a smartphone, meaning they have the hardware to transact with a numberless credit card.

But only 76% of adults aged 65 or older own a smartphone.

With nearly a quarter of senior citizens in the U.S. unequipped to complete a transaction using a smartphone, it begs the question of what will happen to these individuals’ ability to transact in a numberless-card environment.

In Pennsylvania, lawmakers passed legislation in 2024 requiring schools to accept cash for entry into school-sponsored events. Pennsylvania Senator Cris Dush, who sponsored the legislation, explained his motivation to back the initiative.

“While the mandatory cashless option is much more convenient for some and greatly streamlines the accounting process at the ticket office, for the elderly and others living on fixed incomes, it can make routine attendance at school-sponsored activities much more difficult or impossible,” Dush said.

Schools no longer accepting cash payments is different from Mastercard’s move to numberless cards, but we can draw inferences from lawmakers’ reactions to the former issue that may impact the latter. 

Directing organizations to accept cash for purchases is a workable solution when the charges in question are nominal. But don’t expect lawmakers to suggest that those without smartphones carry enough cash in their wallets to make more sizable purchases, including those for groceries, gifts, and medical appointments. In the coming years, legislators may step in with measures that allow people without a smartphone to continue transacting with a credit card. 

It’s worth keeping an eye on how Mastercard’s move to numberless cards progresses in Australia. The year 2030 is still half a decade away, and much is likely to change in the meantime. Legislators and regulators have plenty of time to make their mark on the role numberless cards will play in the U.S. by the time the 2020s wrap up.