ValidSoft is pushing forward with software it says banks can use to avoid unnecessarily blocking credit card transactions, an occasional frustration for travelers outside of their home country.
The product, called VALid-POS, checks to see whether a person's mobile phone is in the same country as where the card transaction occurred, said John Petersen, ValidSoft's global head of business development.
The software is designed to reduce the frequency with which banks mistakenly block someone's payment card, either for ATM or POS (point-of-sale) transactions, Petersen said. Banks use risk engines based on historical transactions and other patterns that tell them if a transaction looks suspicious, such as if a person's card is used in Russia when the person normally buys items in the U.K. Banks do see much card fraud involving out-of-country transactions.
But banks frequently wrongly block cards, which requires someone to call the bank in order to get their card unblocked, Petersen said.
Most of Europe uses EMV (Europay, MasterCard, Visa) cards, also known as the chip-and-PIN (personal identification number) system. About 94 percent of the cash machines in Europe are capable of confirming the presence of a microchip that verifies the card's four-digit PIN, which has proven to be effective against cloning.
But the card's essential account details are still stored on the magnetic stripe on the back. Criminals install so-called "skimming" devices to collect that information, then clone a card without the microchip. Those cards are then used in countries with ATMs that do not verify the presence of the microchip.
When someone engages in a card transaction, ValidSoft's product uses network traffic data from mobile operators to see where a person's phone is located. If the transaction is in Russia and the phone is in Russia, ValidSoft provides that information to the bank, which can then make a further decision as to whether to block the card. When a mobile phone is turned on in a different country, it will register with a local operator.
VALid-POS confirms if the phone is in the same country as the transaction but does not tell the bank where the phone is, Petersen said. It merely confirms what the bank already knew, he said.
The lookup takes about a half a second. VALid-POS has an API (application programming interface) that can be used to incorporate the software into a bank's existing risk analysis systems, Petersen said.
ValidSoft is owned by ElephantTalk, a telecommunications company, which has access to the network traffic data essential for routing calls between different network providers and identifying where a phone is located. ValidSoft is in the process of negotiating agreements with operators to use that data for other commercial purposes, Petersen said.
If the phone is not in the same country as the transaction, VALid-POS also has callback system where a customer will be called. A person can use an automated menu to either approve the transaction or, if the transaction appears to be fraudulent, be connected to a live customer service representative.
Banks would pay for VALid-POS on a per-lookup basis or would buy an annual license with a lower per-lookup fee, Petersen said.
VALid-POS was recently give a seal of approval from EuroPriSe, an organization funded by the European Union that tests products for compliance with E.U. data protection and privacy regulations.
Under European regulations, banks would be able to deploy VALid-POS as an opt-in program, where users would be automatically enrolled and have to opt-out if they did not wish to participate, Petersen said. VALid-POS has been tested with three banks, he said.
ValidSoft's technology does have potential as banks look for better ways to detect fraud without imposing on their customers, said Avivah Litan , an analyst and vice president with Gartner. It is relatively inexpensive, but a small niche since it will only work with those customers who have a mobile phone, she said.
"They [banks] don't want to block the cards," Litan said. "They don't want to inconvenience their customers."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.