There are fundamental differences between OAuth 2.0 and OAuth 1.0a that Mastercard considers crucial for security OAuth 2.0 is designed for authorization only and could leave us vulnerable to account takeover / impersonation attacks OAuth 1.0a includes authentication and authorization, which our Mastercard Developers APIs need to process critically sensitive data