Banks protect themselves against
payment card fraud by shutting down a transaction that looks in any
way out of the ordinary, and that includes when a customer tries to
transact abroad. Louise Naughton investigates how banks can become
more sophisticated in their fraud detection.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
It is the last
thing a consumer worries about when preparing for two weeks in the
sun but when it comes to using a payment card abroad, many
consumers are left out in the cold.
Many consumers have their holidays ruined by
stopped POS transactions or ATM withdrawals and although some view
not being able to withdraw funds as a simple inconvenience, it can
also be a frightening and terrifying experience for others.
It is all too easy for banks to stop
transactions on the grounds of suspicious activity and the practice
is all too frequent. What’s more, 90% of stopped POS and ATM
transactions are, in actual fact, false positives – or in other
words, genuine transactions.
Therefore in the vast majority of instances
when a bank shuts down a customer’s ability to make a payment in
another country, it succeeds in only irritating its customers and
losing out on interchange revenue.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataRather more worryingly is that it is estimated
banks lose £10-£15 per false positive, which must surely act as an
added incentive for them to change outdated risk engines and claw
back vital revenue.
Bringing false positives
down
Telco-owned fraud prevention solutions
provider ValidSoft has developed a tool that might just be able to
bring the number of false positives down on a dramatic scale – as
long as consumers do not mind their mobile phones being used to
locate, not where they are, but where they are not.
“There needs to be a focus on getting rid of
the number of false positive because they are clogging up the
system,” says Patrick Carroll, ValidSoft’s CEO.
“Using ValidSoft’s technology, a bank can
strip away these legitimate transactions and free itself up to
focus on what is really important – fraud discovery.”
ValidSoft’s VALid-POS solution comes in two
forms – the cross-border model and the domestic model. In both
instances the solution uses the company’s telecommunication links
to confirm or refute whether a customer’s mobile phone is in the
same country – or segment – as the ATM or POS location they are
using. If ValidSoft confirms this information, the transaction is
said to be genuine, but if not, the transaction will be deemed
suspicious.
In ValidSoft’s cross-border model, a
correlation between an ATM or POS terminal and a consumer’s mobile
phone is not made on a particularly granular level. The lowest
level the technology goes to is confirming whether or not the
mobile phone is in the same country as the attempted transaction
and does not show the handset’s location if it is not in the
country in question. This correlation level is said to be
sufficient as the majority of payment card fraud occurs
cross-border.
“With GPS and triangulation you can go down to
a fairly low level, but in order to keep it quick and comply with
data privacy laws, we stay away from doing so,” says Jon Alford,
VALid-POS product manager.
Learning model
ValidSoft’s domestic model works in a slightly
different way. As different mobile network operators have different
segment sizes, the model has to learn and populate information as
it goes along. A correlation for Mr Smith using an ATM in location
A with his Vodafone mobile phone in segment B will be unconfirmed
until Mr Bloggs uses the same or another ATM in location A and his
Vodafone mobile phone is picked up as being in the same segment as
Mr Smith. This will confirm both Mr Smith’s and Mr Blogg’s
transactions and the domestic model will now know for future
reference that ATMs in location A will correlate with Vodafone
handsets in segment B.
ValidSoft signed an agreement with Visa Europe
in November 2010 to allow the scheme to integrate and market
VALid-POS to its 4,000 member banks as part of its European
processing platform and Carroll says talks with banks are going
well. Yet one stumbling block that has become apparent from such
talks centres on the issue of privacy.
European Privacy Seal
Thankfully for ValidSoft, it has the perfect
answer to the banks’ dilemma regarding privacy. It became the only
security software company to be awarded a European Privacy Seal in
March 2010 by German company EuroPriSe, certifying the VALid-POS
solution to be data privacy compliant at an EU level. It was a
rigorous process that took almost a year to complete and resulted
in a lot of change for the company – data flows, contact points,
what sort of information is logged and passed to and from the bank
were all areas that were modified by EuroPriSe.
“We would not have been awarded the European
Privacy Seal if there was any doubt whatsoever we were using the
technology to track people,” says Carroll.
Under the European Privacy Seal guidelines,
banks that adopt ValidSoft’s solution are obliged to update their
terms and conditions informing customers of the new technology and
therefore allowing them to opt out of the service if they so
wish.
It is the responsibility of the banks to
ensure consumers are properly educated as to how telco technology
can be deployed in order for banks to rid them of the embarrassment
and inconvenience a declined transaction abroad can bring. If they
don’t, and the solution gets labelled as a ‘Big Brother’ type
surveillance mechanism, it would spell the end for the technology
before its potential is anywhere close to being realised.
