Say goodbye to manual card entry — we’re ushering in a new era of one-click online payments

June 11, 2024 | By Jorn Lambert

Credit cards arrived on the scene in the late 1950s and 1960s, but it would take decades for processing technology to catch up.  

Early on, clerks would check card numbers against a booklet of invalid numbers or call the issuing bank for authorization. So-called zip-zap machines that would imprint card numbers on carbon paper packets (and take off a layer of skin if the clerk wasn’t careful) ruled the checkout counter in the 1970s and 1980s, until magnetic stripes and electronic payment terminals took over, followed by chip cards. 

Today, when you shop in person, you can tap your card or mobile device on a reader and within a fraction of a second your credentials will be authenticated and your transaction authorized. It should be just as simple, safe and convenient online as it is in store.

That’s why we’re working with banks, fintechs, merchants and other partners  to phase out manual card entry for e-commerce in Europe by 2030, in favor of a one-click button that will work on any online platform. Europe has long been a leader in payments innovation, and we anticipate other markets following suit.

Most of us have been typing in our card information for online purchases since the 1990s. Eventually we started storing our credentials with multiple merchants, which made it easier to pay but broadened the battlefield for hackers, who could target merchant sites to steal consumer card information. A study last year forecast that merchant losses from online payment fraud will exceed $91 billion in 2028.

So, a decade ago, we created a new way to protect your data: tokenization, which replaces your 16-to-19-digit card number with a randomly generated one. Your actual card information is never transmitted during the transaction, and if hackers steal your token in a data breach, it’s basically worthless.

In 2013, Mastercard developed the tokenization standard, which was then adopted as an industry standard by EMVCo, the consortium that manages payment standards globally. The next year, Mastercard introduced its tokenization service, the Mastercard Digital Enablement Service, as part of the launch of Apple Pay.

Today, around one in four Mastercard transactions globally are tokenized, and this is accelerating by 50% year over year, because it has proved effective in reducing e-commerce fraud while at the same time improving approval rates. It reduces the security burden on merchants, payment service providers and banks, and increases confidence in the digital economy for everyone.

Tokenization is enabled by the issuing bank and requires no effort on the part of the consumer — and no need to reissue existing cards. In fact, tokenization even makes your automatic payments more seamless. Let’s say the card you use to make your Netflix subscription payments expires. We work with our partners to keep the token up to date, so there’s no need to go to your Netflix account to update your card information.

Tokenization alone won’t transform online checkout. That’s the first step. We’re also making it easy to embed Click to Pay, our online checkout solution, into merchant sites and enabling our bank partners to make Click to Pay a default card feature through cardholder auto-enrollment.

And finally, we’re introducing payment passkeys for online transactions, using the on-device biometric authentication most people already use to log in to their phone and other accounts, eliminating the need to remember passwords or check texts or emails for one-time passcodes. We’ve built on industry standards to allow cardholders to easily create Mastercard passkeys, either during a checkout flow or within their issuer’s banking app.

We can bring the same security, simplicity and speed to online checkout that contactless has created in the physical world today. By bringing along issuing and acquiring banks on this journey with us, we can make it happen sooner than you think.

Photo of Jorn Lambert