Canadian banks may soon be deploying a new tool in response to rising credit card fraud – geo-location data from your smartphone – as at least two major financial service providers are preparing to launch mobile solutions soon.
As e-commerce becomes more popular, card-not-present transactions are on the rise. At the same time, card-not-present fraud is shooting upwards in Canada. ‘Card not present’ fraud cost the financial industry $360.3 million in 2014, a 180Â per cent rise compared to 2008, according to statistics from the Canadian Bankers Association. At the same time, online merchants are searching for ways to authenticate their customers’ identity without asking onerous questions or requiring additional account logins, tactics that lead to many shoppers just giving up and abandoning a purchase altogether.
To answer the problem, two different major financial services firms are effectively saying “there’s an app for that.” Visa Inc. is currently in the early stages of rolling out its Mobile Location Confirmation service and intends to bring the service to the Canadian market, according to Gord Jamieson, head of payment system risk at Visa Canada.
“People want the convenience to shop from their phones and they want the confidence that it’s a secure transaction,” he says. “We’re trying to stop relying on passwords and IDs and come up with dynamic solutions in the card not present space.”
Also, San Jose-based FICO is currently developing a similar solution using a mobile app, according to Scott Zoldi, chief analytics officer at FICO. The company is known for its FICO score, used as the standard to determine credit risk by lenders in the U.S., and today offers a suite of software packages to the financial services industry. Current its Mobile Security Analytics suite (a working name) is in development and  FICO is working with a few close customers on a beta program.
“We can use the devices we carry every day to enhance the protection of our wallets,” Zoldi says. “We believe that many banks would want this incorporated into their own app.”
Banks make the decision about whether to approve their customer’s credit card transaction or decline it based on the risk information available to them. For example, Visa’s card service includes a rating between 0 and 99 for how risky a transaction seems. By incorporating either Visa or FICO’s mobile tracking technology into their mobile apps, banks would be adding another source of data to help inform how likely it is a fraud is taking place.
According to Zoldi, there are a number of different scenarios where information collected from a mobile phone could help authenticate a transaction. FICO’s service could consider geo-location data such as GPS coordinates and information about connected WiFi networks. Since people typically have their smartphone with them, knowing that a person is in Toronto when their credit card is being presented in New York would be a good indication of fraud. When an ecommerce transaction is taking place, banks coud check to see if the individual’s smartphone is connected to the same network as the device used to make the transaction.
“This is laser precision IoT,” he says. “We’re gathering data and looking to improve the experience for the user.”
Reducing so-called checkout friction for consumers is also a goal held in common by both FICO and Visa for the new technology. Consumers are more likely to be declined for a card-not-present transaction even when it’s not a fraud. As a result, card issuers have to spend time fielding customer service calls and investigating transactions that seemed too risky. FICO is looking at reducing the rate of unnecessary declined transactions by 25 per cent, Zoldi says.
Visa has said it can reduce them by 30 per cent.
“We’ve seen double-digit growth year over year in [card not present transactions],” Jamieson says. “Behind the scenes all this additional authentication could be happening and making a determination over whether this is the card holder.”
Visa offers its Verified by Visa service to merchants and consumers as a way to ensure that only the owner of a card can complete an online transaction. But it requires users enter in an extra password and user ID beyond what they’ve already had to complete on the ecommerce site. That’s an extra step that could result in more abandoned shopping carts. So Visa is looking to reduce that friction by moving away from requiring logins for the service, Jamieson says.
As with any matters involving personally sensitive data and potential access by a corporation, questions of privacy will surround any service siphoning a consumer’s location off to their bank. Both Visa and FICO’s service will require that consumers opt-in to the service.
Also, Zoldi explains that the banks need not receive the actual location data need not be shared with the bank for the service to work. Instead, an algorithm could just confirm with the bank that the consumer’s usual patterns are being followed or if there’s some reason to question the validity of a transaction.
“What we really look at is that your device is either in a location where it typically is, or not, or is it a deviation?” he says. “We do this today with our credit card models in a limited fashion.”
FICO doesn’t have a release date as of yet for its mobile location offering, and Visa hasn’t disclosed a timeline for entry to the Canadian market as of yet. Visa’s service is being used by Emirates NDB in Dubai and U.S. Bankcorp plans to launch the service this year, according to a Wall Street Journal report.
But don’t be surprised if at some point later this year you find yourself updating your bank’s app and then giving it a few more permissions than usual as you install it.