The Green Sheet Online Edition
June 28, 2010 • Issue 10:06:02
Global anti-fraud tool on the horizon
The international fraud fight may have an interesting new aspect. A global firm called ValidSoft is preparing to implement a program designed to authenticate payment card purchases by measuring proximity between a card transaction and the cardholder's cell phone.
The program, called VALid-POS, tracks the location of a consumer's cell phone through cell sites used to transmit mobile phone calls. Specifically, the process involves something called "trilateration," or the use of three nearby cell sites to approximate a cell phone's geolocation.
The VALid-POS system uses that data to provide a measurement between the location of a card transaction and that of the legitimate cardholder's cell phone, be it for a POS transaction, ATM withdrawal or card-not-present purchase made over the Internet. If the two markers are too remote, the transaction can be flagged or blocked.
"Banks currently look at your historical patterns of activity, and based on that, if something very unusual crops up, it's regarded as a suspect transaction," said ValidSoft Chief Executive Officer Pat Carroll. "When they think it's a suspect transaction, they get it wrong nine times out of 10. And that's the best they can do. If a bank is using our technology - and we've proven this now with certain major banks - we turn a 90 percent failure into a 95-plus percent success."
Carroll noted that the VALid-POS service has undergone trials in a number of European countries, as well as in the United States, Australia, Mexico, Singapore and Japan. "We expect to have our first major clients in the United States running by the end of this year," he said.
Banks that subscribe to the service will have to collect cell phone numbers from clients to whom they issue credit and debit cards, Carroll said. He added that consumers who wish not to participate can opt out of the program.
That opt-out provision and other measures of conscientiousness earned VALid-POS the elusive "European Privacy Seal," Carroll reported. Another privacy feature is that, while ascertaining payment card to cell phone distance, the service does not reveal to its operators the phone's (meaning, in most cases, the consumer's) actual whereabouts.
Carroll said issuing banks determine the rigorousness of their screening processes; ValidSoft merely provides the probability of authenticity, while the banks decide whether transactions are approved or rejected (or flagged for follow-up with, for example, a phone call to the consumer that solicits additional verifying information).
Some banks may choose to flag only cross-border discrepancies involving cases in which the cardholder's cell phone is in a country other than where a given transaction takes place. Others implement stricter criteria such as flagging transactions that range outside of the city or town in which the mobile phone is located, or even ones that exceed a specified distance between phone and purchasing card - say, 100 feet. Banks can also make decisions on a per transaction basis.
"We'll never be 100 percent correct," Carroll said. "There will always be instances where you forget your phone or whatever. The default option for the bank is always the system they currently use today. They will always make the decision [about whether to approve a transaction]. All we simply do is give them greater quality of information to help make that decision."
Carroll said VALid-POS's authentication process takes less than half a second to produce an algorithmic probability of transaction authenticity. For example, a transaction in the United States where the cell phone and POS system are closely positioned might generate a 99.5 percent probability of authenticity rating. He added that the program works with virtually any cell phone.
Tim Cranny, CEO of Panoptic Security Inc., said VALid-POS would be an effective tool, but pointed out that the ongoing consolidation of mobile device functionality might crimp the service's run on the market.
"In a lot of ways it's a good idea," Cranny said. "If I'm a consumer and I'm in Salt Lake City and my credit card is used in New York, that is weird and questions should be asked. ... If I've got a credit card, smart phone, keys and drivers license you can use these different things to reinforce each other.
"But what's going to happen is, as things get more mobile and the devices get more intelligent, I think we'll move to a phase where in five years time it's not that they'll be reinforcing each other, it's that they will have collapsed into one or two things," he said. "With multiplicity you can use them to validate each other, but that process will be more difficult with one universal device."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.