At the end of March, MasterCard announced they had entered into an agreement to acquire NuData Security, the behavioral biometric and behavioral monitoring vendor based in Vancouver, Canada, for an undisclosed amount. A pioneer in the behavioral monitoring space, NuData offers MasterCard valuable technology and patents related to performing authentication covertly across all types of devices. This was the third major acquisition of a risk management solution provider by a card association in less than six months, and the second time that has happened in the past six years.
Maybe it’s coincidence, but things tend to come in three’s. After Visa acquired CardinalCommerce and American Express acquired InAuth, each in December, 2016, MasterCard announced a major risk management acquisition before the end of the first quarter. It’s not the first time the three have acquired major risk vendors around the same time. In 2010 Visa acquired CyberSource for $2 billion, MasterCard purchased DataCash for $520 million, and American Express acquired Accertify for $150 million. While terms from each of these acquisitions were public, the financial terms have not been disclosed for the three more recent deals announced by these card associations.
These acquisitions signal the significance of securing digital payments and card not present transactions. On two separate occasions separated by a period of about six years, Visa has a made a significant eCommerce risk management acquisition and the next two largest card associations have followed suit.
While each of the recent acquisitions are very different companies, there is a common thread around a focus on authentication. InAuth is the smallest and youngest of the three newly acquired organizations. They have a focus on mobile devices offering strong device identification and two-factor authentication. NuData has been around since 2008, recently being recognized as the 2016 MRC METAward winner in the Established fraud vendor category. Their flagship service, NuDetect, provides passive forms of authentication that occur behind the scenes, via behavioral biometrics and behavioral monitoring analytics. Finally CardinalCommerce is the most established and longstanding vendor, founded in 1999. CardinalCommerce is primarily focused on facilitating and improving Consumer Authentication services like Verified by Visa and MasterCard SecureCode. They provide risk-based authentication and help facilitate a more seamless and selective authentication approach.
Each of these acquisitions provides assets that can be useful in improving or expanding cardholder authentication programs, or in this case: MasterCard SecureCode, Verified by Visa and American Express SafeKey. Visa’s acquisition of CardinalCommerce, like their previous acquisition of CyberSource, is the one that started the domino effect.
It was over three months after the acquisition of CardinalCommerce when MasterCard announced they had reached agreement to acquire NuData. Although focusing on the Internet of Things in their press release, MasterCard also made it clear that this acquisition, like Visa’s of CardinalCommerce, was related to facilitating authentication. Their press release called attention to this, stating that the NuData acquisition will “strengthen [MasterCard’s] efforts around device-level security and authentication, enabling near real-time collaboration between issuers, merchants and processors.”
For more information: