We have always felt that the mobile phone is an ideal way to prove who you are. On Tuesday, we stated our position as we felt it was time to go firmly on record as to why.
We have always felt that the mobile phone is an ideal way to prove who you are. On Tuesday, we stated our position as we felt it was time to go firmly on record as to why.
I noted in my prior blog how proud we were at Finsphere to have played a part in Visa’s announcement of its new Mobile Location Confirmation (MLC) product. There were many great articles that followed from multiple sources announcing and commenting on MLC. However, one of my favorites is CBS This Morning’s piece on Visa’s new service. CNET’s Tim Stevens does a great job describing the offering and his feeling about it…I couldn’t have said it better myself.
As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments as we get closer to the rollout of MLC this year. You can connect with us on Twitter, Facebook, or LinkedIn.
Visa partnered with Finsphere for critical infrastructure services, including our expertise in location-based services, our toolkit which enables mobile banking apps to capture geo-location while protecting the consumer’s privacy, and our geospatial analysis engine which analyzes and transforms the geo-location data sent from the consumer’s mobile device into a format which can be easily used by Visa’s fraud-risk systems.
You can read Visa’s news release here. Visa says MLC will be available to credit and debit card issuers in April 2015.
We’re very pleased that Visa chose Finsphere’s mobile app toolkit and geospatial analysis engine as its safe and secure geo-location infrastructure solution to help protect card holders, banks, and merchants. Put simplistically, MLC will help ensure that card transactions are approved when they need to be.
Visa believes Finsphere’s geo-location services can help eliminate the need for cardholders to notify their banks of imminent travel plans, while also reducing the number of legitimate transactions that are declined while traveling, otherwise known as “false positives.”
We developed our sophisticated solution over the last six years in the belief that your mobile phone can be a proxy for your identity. Cardholder privacy, safety, and security were considered to be of paramount importance during this development process.
Finsphere has been working closely with Visa this year to implement MLC. Now that the news is out, we look forward to continuing that work in support of a successful launch this April as well as providing assistance to issuer banks as they develop MLC-enhanced mobile apps for their cardholders.
It is thrilling that such a reputable market leader like Visa is endorsing the technology we’ve worked so hard to build. As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments as we get closer to the rollout of MLC this year.
Those who follow my musings here will recall two posts last July devoted to the “myths and truths” of EMV. The EMV solution has been widely embraced in Europe and Canada, but continues to face uncertainties on the way toward adoption in the United States. Driven by the desire to cut card fraud, EMV card rollout continues with one estimate showing that nearly one third of issued credit cards will be EMV by the end of 2015. And while EMV has been shown to cut some types of debit and credit card fraud, a case can be made that fraud will just shift from one transaction type to another.
Synonymous with EMV, “Chip and Pin” refers to a payment system for credit and debit cards consisting of a computer chip embedded in the card and a requirement for the cardholder to enter a personal identification number (PIN) or a signature to authenticate a transaction.
Implementation of EMV in the U.K. and Canada has been credited with decreasing fraudulent uses of credit and debit cards, but not all types of fraud are reduced, and EMV has the downside of sharp increases in Card Not Present (CNP) fraud where the transaction does not occur in-person, such as telephone, online, and mail-order purchases.
Industry watcher 451 Research, in a recent report, said that during Canada’s EMV rollout, the Royal Canadian Mounted Police reported the country experienced a 25% increase in CNP fraud between 2009 and 2010. This parallels what occurred in the U.K., where CNP fraud jumped by 79% between 2005 and 2008.
These experiences show that switching to EMV shifts fraudulent transactions from brick-and-mortar businesses to online, telephone, and mail-order retailers. Why would our experience in the U.S. be any different? Chance are, it won’t be.
EMV is coming to the U.S., so card issuers and businesses need to prepare for an increase in CNP fraud. We are working with industry leaders on solutions to address CNP that are simple, safe, and secure…more to come on this in future blogs!
Over the weekend, I read and watched several pieces about Apple’s new mobile payments service, specifically about the security of the new service. By far, the most interesting to me was an interview on Bloomberg TV with Shape Security Director of Product, Michael Coates, and Square’s former COO, Keith Rabois.
While both interviewees were focused on Apple’s new service, what interested me most were their views on today’s payment protections and security.
Keith shared his view that today’s debit and credit cards are extremely exposed to fraud, and protected by a user PIN or signature at best. I believe Keith underestimates the tremendous amount of fraud analytics that happen behind the scenes to protect users’ transactions. Keith does note that signature validation is rarely checked by merchants, which is an all-too-valid observation and a point I plan on discussing in an upcoming blog post as it pertains to the introduction of EMV in the United States.
In discussing authentication, Michael Coates certainly gets it right when he says we need to move away from user passwords and towards additional systems that employ user-friendly two-factor authentication. The constant trade-off is adding security layers for better payment protection, but ensuring that the defenses employed are frictionless and convenient for the customer.
Both interviewees understood the tradeoff is security versus usability: the more security layers you add, the more cumbersome the payment process tends to become for the consumer. Only when this balance is struck will the customer be likely to take full advantage of the security technology. Here at Finsphere, we are strong advocates of multi-factor authentication and believe that adding security that is noninvasive and works in the background is critical to usability and acceptance by the customer.
I am excited by Apple’s recent announcement of its new mobile payment service and the many conversations about security and payments usability it has sparked. As my previous blogs have shown, I am certainly in favor of simplifying the financial experience for customers!
Until next time,
In my last post, I examined the first two myths and “truths” presented in a recent downloadable report from Gemalto titled “Four myths and truths about EMV payments.” We looked at some hard numbers regarding the US migration to EMV, as well as the rationale behind adopting EMV at all, as opposed to transitioning straight to mobile payments. These two topics were fairly easy to tackle, but the next two are a bit more complicated. Here is my stance on the last two myths and proposed “truths.”
Myth #3 – EMV isn’t the right solution because it doesn’t address CNP (card-not-present) fraud, leaving e-commerce and online fraud untouched.
Truth – Actually, EMV payment cards enable some of the most successful CNP fraud solutions in the world.
I mentioned in my prior post that I believe Myth 3 and its “truth” minimizes the level of fraud still present after EMV implementation. Actually, Myth 3’s truth never addresses the level of CNP fraud remaining. I have yet to see a report anywhere showing anything other than a spike in CNP fraud after EMV implementation. In fact, some of the growth statistics regarding CNP fraud post-EMV is startling.
The Gemalto report claims that EMV payment cards enable more effective authentication tools for CNP fraud (if only merchants and banks would implement them!), which include one-time-passwords, on-card PIN codes, and personal card readers. All of which likely add another layer of end-user interaction and complication.
Myth 3’s response ends by pointing out that EMV payment cards are a worthwhile solution for card-present fraud reduction alone, and “can enable” strong authentication against CNP fraud too. There is no question that EMV payment cards have significantly reduced card-present fraud following implementation – no doubt worthwhile for those with a card-present-only solution. What is less clear is whether it is worthwhile when CNP fraud is considered a part of total card fraud, especially if it will take significant time, money, and effort to enable additional solutions.
Myth #4 – EMV is expensive and difficult for merchants to deploy.
Truth – EMV payment technology is cheaper and easier for merchants to install than ever before.
Gemalto’s truth statement is technically true. Most technology becomes cheaper as time passes and development continues. That EMV might be less expensive and less difficult to implement now than previously does not alter the fact that the total cost of merchant deployment in the U.S. is projected to run into the several-billion-dollar range. In my opinion, a more credible statement is that EMV implementation is costly and deployments can be time consuming and technically challenging, but that the return on investment can be worth it.
Gemalto states up-front that the purpose of its “Four myths and truths about EMV payments” is to address four of the most common myths associated with the migration to EMV chip cards. I believe it did choose the most common concerns associated with the EMV migration underway in the U.S., however, I believe the responses could have been more direct and precise in context to add credibility to the overall report.
Next up, I’ll submit my own myth about how EMV will simplify the customer experience and then provide my own truth! And I promise to do my best to provide the appropriate amount of context and balance. Until then, we hope you’ll follow the conversation and share your views in the comments or on Twitter, Facebook, or LinkedIn.
I received an email this past week offering a downloadable report from Gemalto titled “Four myths and truths about EMV payments.” The offer ended with the statement, “Read more and then take a stance.” How could I resist? I figured the report would be somewhat slanted given that Gemalto has a vested interest in EMV, but nevertheless, downloaded the report. The following are my thoughts on the first two identified myths and truths – my stance, if you will.
Myth #1 – EMV will never take hold in the U.S.
Truth – The migration to EMV is well underway, and momentum is growing.
The only argument I have with the above “Truth” statement is the use of the word “well.” The migration is clearly underway, but how “well” it is going in terms of timeliness is debatable.
The report clearly points out that the issue of timing involves the cards and terminals – end-users have to have EMV chip cards and merchants have to have point-of-sale (POS) terminals to read them.
EMV will truly arrive in the US when cards and terminals are in place to support it. The good news is that current estimates call for 100 million EMV chip cards issued and 4.5 million physical terminals to be in place by year-end 2014. But even at this rate, it is projected that 50% of merchants will still not be ready to accept EMV payments by the fourth quarter of 2015.
Bottom line: Yes, the migration is underway and the momentum is growing. But, to be fair, a transition that will cost businesses over $8 billion dollars to implement is not going to happen overnight. Nor was that the expectation, based on the durations of the EMV implementations in other parts of the world and the complexity of the U. S. market. Fortunately this report is not claiming that the migration will be complete any time soon…now that would be a myth!
Myth #2 – It makes sense to jump straight to mobile payments.
Truth – Cards aren’t going away, and we need to secure them. EMV chip cards and mobile payments will both likely be big players in the payment ecosystem for the foreseeable future.
The underlying assertion made by some is that the U.S. should skip EMV and move straight to mobile payments. Gemalto points out that new contactless POS terminals are capable of handling both EMV and mobile payments and that not all customers own a smartphone or want to pay with their mobile phones. In essence, the migration to EMV provides a path for both mobile payments and contactless EMV cards and more choice for consumers. I am in agreement with the rationale behind the truth asserted here; cards are not going away soon and there is a foreseeable path for both mobile payments and cards in the future, if merchants choose to go that route.
Myths 1 and 2 were fairly easy to tackle. In a future post we’ll examine myths 3 and 4 of the Gemalto paper. Myth 3 deals with card-not-present transactions and I think the so-called “truth” minimizes the level of fraud still present after EMV implementation. Myth 4 deals with the expense and difficulty for merchants implementing EMV technology.
After that, maybe I’ll submit my own myth about how EMV will simplify the customer experience and then provide my own truth! Until then, we hope you’ll follow the conversation and share your views in the comments or on Twitter, Facebook, or LinkedIn.
Happy New Year! And with the new year comes the inevitable resolutions – pledges to lose weight, exercise more, read a new book, spend more time with the family, eat healthier – the list is endless. On my way to work this morning, I was listening to a radio announcer proclaim that the average male’s New Year’s resolution lasts three days…that’s it, just three days! Females were only slightly better – one week! Given that we are into the second week of 2014, I assume that most of us have already broken our pledges to ourselves.
But wait, don’t feel bad. In my last blog, I provided theft and fraud prevention suggestions to keep your identity (and money) safer. In this blog, I will recommend two resolutions for 2014 that are very easy to do and keep. And the payoff is increased security and soundness of your money!
One of the notable news stories over the holidays was the theft of debit and credit card information from Target stores. Over 40 million debit and credit card accounts were affected, which included basically everyone who used his or her card at a Target store between Black Friday and December 15th. Not only was card information taken, but also encrypted personal identification numbers (PIN). Put this information together and you have the potential for putting a lot of people’s debit card accounts at risk.
With the Target breach as a backdrop, here are my two 2014 resolutions for you: 1) Change your PIN on your account at least once this year. In fact, if you do nothing else for a resolution this year, make your resolution to change your PIN today – it’s easy to do at your bank’s ATM or branch. 2) Check your bank statements monthly. Better yet, get an online account with your bank and monitor your transactions daily or weekly through your bank’s web portal or a third party service provider.
Why change your PIN? Simple, if your financial information is compromised, a new PIN makes it more difficult for the bad guys to use your credentials to make charges. Why monitor your transactions? Although banks monitor for fraud, only you know the legitimacy of every transaction you’ve made. Banks often fail to detect fraud and count on their customers to monitor their own accounts. Your catching it early will help avoid many headaches down the road. It’s that simple.
That’s it! Two easy resolutions: change your debit card PIN and monitor your transactions. It doesn’t matter whether you used your debit card at Target or not. These two resolutions will help protect your debit card and monies from being misappropriated and make for a better and safer 2014!
Here’s hoping your 2014 is great. I’ll be checking in with you later in the year to see how these resolutions are going!
Every year during the five weeks between Black Friday and the end of the year, fraudulent activity spikes. When you’re shopping for the holidays and other special occasions, you’re in the mood to give and make others happy. Unfortunately, there are also people out there aiming to take advantage of you.
Whether you’re shopping in a mall or online, it’s important to take a few steps to make sure your gifts end up in the right hands and someone else isn’t using your identity for their financial gain. Keeping yourself safe during the holiday season is especially important, as getting your card shut down because of a fraudulent charge can bring your holiday shopping to a grinding halt. Taking the following theft and fraud prevention precautions will help you avoid becoming a statistic:
* Keep your bags close. As your shopping trip continues, the bags can pile up and eventually become hard to keep track of. A quick lunch break can be just the distraction a thief needs to swipe that new iPad out from under you. If you find yourself with bag overload, find a safe place to store your items or make the extra trip to your car to place them in your trunk and out of view.
* Keep your money and credit cards closer. While that purse might be the perfect complement to your wardrobe as you cruise through the mall in style, it could also be a target for thieves. Men: It might be easier than you realize to swipe that wallet from your back pocket. If possible, keep cash and credit cards in your front pocket or any place that would be tough for thieves to reach without you noticing.
* Less is more. The less personal information you carry with you, the better. It’s quite easy to drop something in the hustle and bustle, or even to have your wallet stolen. Carry minimal amounts of cash and never carry documents with you containing your social security number.
* Use only reputable websites when shopping online. When paying online, make sure the website URL is preceded by the letters “https,” as this coding inscription denotes that the data being passed back and forth on the website is encrypted. This means you have a far smaller chance of having your personal data compromised.
By taking measures to protect yourself and your identity, you’ll make sure your purchases deliver the delight you set out to bring to your loved ones and that you can enjoy peace of mind during the holiday season.
‘Tis the season for giving – but make sure you’re not being taken!
Recognized globally as one of the decade’s most influential leaders in financial services, Deanna Oppenheimer contributed to USA TODAY’S CyberTruth column (Why Erroneous Payment Card Declines Will Keep Rising – July 22, 2013) providing insightful commentary on the problem of false positives as well as the magnitude of the problem it’s causing for banks and their customers.
Over the weekend, Apple released its two latest versions of the iPhone, touting its new feature, TouchID, an authentication method that lets users log into their device by touching their smartphone’s home button. Less than 5 days after its release, a European hacker group claims to have successfully circumvented the biometric authentication method, causing a stir of editorial opinion that using fingerprints is an inferior security method.
As this blog has opined over the last several months, staying ahead of the fraudsters is an hour-by-hour struggle for most companies, and one that the banking industry is vigilantly focused on. In this video blog, Oppenheimer addresses the issue and lends insight into advances in fraud detection that are showing tremendous strength in stemming fraud, reducing false positives, and providing a less intrusive (and frustrating) experience for the consumer.
While we hope that barbaric predictions (thieves resorting to brutal robberies in order to access a victim’s fingerprint is one theory circulating) will remain the stuff of late-night TV crime dramas, we will continue to discuss issues of identity and financial security, bringing you our point of view, and those of other experts.
We hope you’ll follow the conversation here or on Twitter, Facebook, or LinkedIn. And as always, leave us your comments – or post your own video response – as we continue to discuss and debate the obstacles and opportunities facing the industry.