Finsphere is named a finalist in Seattle Business Magazine’s Tech Impact Awards

TechImpactAwardsLogo

I am pleased to announce that Finsphere has been named one of Washington’s top 3 security companies of the year in the 2015 Tech Impact Awards. Finsphere is a small company and I recognize this accomplishment as a team effort from all of our employees, our partners, and our investors.

For readers that are new to our site, Finsphere is a predictive analytics company that focuses on “mobile as identity” – the notion that the proximity of a user’s mobile phone to an event, such as a financial transaction, is a strong indicator of a valid transaction. We are in the business of providing better security through mobile geolocation technology to keep user identity and financial data safe. In fact, the world’s leading global payments technology company, Visa, uses our technology in a solution it calls Mobile Location Confirmation that became commercially available in late May.

Finsphere will be attending the awards gala on Thursday, September 24 at Seattle’s Showbox SODO along with 300 other tech leaders and senior executives. There, the top 3 finalists in six categories will be recognized, with one being chosen as the Gold Tech Impact Award winner.

Check back to find out if we’re a winner by following our blog or picking up a copy of Seattle Business Magazine’s October issue on September 25. Until then, we hope you will follow the conversation and share your views in the comments or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

How’s the transition to EMV going?

small-business-adoption-of-emv-technology-1-638

At Finsphere, beginning back in mid 2014, we started to blog about the transition to EMV (for Europay, MasterCard, Visa, or “chip and pin”) from the perspective of our expertise in “mobile as identity.”

We have demonstrated that the relative proximity of consumers’ smart mobile devices to their uses of debit or credit cards is a powerful way to authenticate identity – so much so that jointly with Visa, we developed a solution which Visa named Mobile Location Confirmation (MLC).  Visa has commercially launched MLC so banks can utilize it as a way to cut down on the unnecessary declines (known as false positives) in valid cardholder transactions, whether consumers are traveling or close to home.

Meantime, adoption of EMV is now not that far off, so we thought we’d take another look at how the transition is going.

All indications are that the transition to EMV and distribution of new cards to cardholders is well under way at banks and other card-issuing financial institutions.  Card-issuing institutions do have a strong incentive to distribute the new EMV cards to replace older ones with magnetic strips; existing cards with magnetic strips have been proven vulnerable to fraudulent use.

Additionally, banks have had financial responsibility for fraudulent card usage ever since magnetic-strip cards were introduced decades ago.  For banks, the real incentive to distribute new cards is to meet an imposing October 1, 2015 deadline, after which financial liability for fraudulent card usage could shift in a big way to retailers who accept the new cards for payments without having installed up to date card scanners, readers or terminals.

As a report on EMV in Payments Source explained: “After the liability shift, if a merchant is still using (magnetic strip) methodology and the customer has a smartcard, the merchant is liable. If the merchant has the new Chip and PIN technology but the bank hasn’t issued the customer a Chip and PIN card, the bank is liable. If the merchant uses Chip and PIN technology on a customer’s smartcard and fraud still takes place, the credit card company bears the liability, as is the case today.”

Knowledgeable industry observers say the largest retailers have invested in new card readers and are ready for the October 2015 deadline for EMV.  However, these same observers say the transition to new card readers is far less widespread at smaller retailers primarily due to cost concerns, even with the deadline a little more than four months away. Intuit recently released the results of a survey among small businesses that had four key takeaways:

  • Awareness of the October 2015 deadline for EMV adoption is low and the majority of small business owners surveyed have not yet committed to migrating to EMV-compatible systems.
  • Education should be the top priority for all small businesses, regardless of their current intent to migrate to an EMV-compatible solution (because) few owners understand the implications, including the financial and legal liabilities.
  • Among those small businesses that are still undecided, alleviating their concerns over the cost of the card-reading equipment changeover will have the greatest impact in increasing the likelihood for participation in the EMV migration.
  • The biggest challenge for adoption of EMV will be among the smallest businesses (those with 1-5 employees) that have the lowest awareness and highest budget concerns.

It’s unfortunate that many small businesses still don’t recognize that, for them, the new liability for fraud could far outweigh an investment in new readers.

Putting the transition aside, we at Finsphere are waiting to see what happens when EMV is more widely implemented and how cardholders react to what probably will be longer transaction times.  Initially, at least, the customer checkout experience will suffer, we believe, because cardholders will have to take the extra step of either entering a pin code or signing a receipt to complete the two-factor authentication called for in EMV.

We’ll continue to share more thoughts on EMV and potential ways mobile devices can be used as part of EMV authentication/validation without having to use pin or signature going forward.

Until then, we hope you’ll follow the conversation and share your views in the comments or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

Mobile Location Confirmation – It’s Arrived!

VISA MLC Image

In my Feb 12th blog, I discussed how proud we were at Finsphere to play a part in Visa’s announcement that day of its new Mobile Location Confirmation (MLC) product.  MLC is Visa’s new mobile service designed to reduce unnecessary credit or debit card purchase declines, often triggered when consumers travel outside of their home area.  It is offered through participating financial institutions’ mobile banking applications.

MLC uses mobile geo-location data in real time as an additional input into Visa’s predictive fraud analytics. We at Finsphere provide Visa with an analysis of the account holder’s device location data, which is then matched with the transaction location in less than a millisecond, right at the point of sale. When a cardholder’s mobile device is in the same location as the payment transaction, the issuing financial institution can more confidently approve the transaction.

In its announcement, Visa stated that MLC would be available to card-issuing financial institutions in April 2015. And unlike so many industry product announcements whose actual launch date is long after the public proclamation date, Visa commercially launched MLC at the end of April as promised.

What’s next?   Visa is working hard with issuer banks to secure adoption of MLC and incorporation into their mobile apps.  MLC will then be available as an optional service for bank cardholders to opt-in and receive the benefits of the service via their banking app.

Keep an eye out for your bank to announce availability of MLC in the near future.  Wouldn’t it be nice to have the added security of knowing that MLC is helping to ensure that your transactions are approved when you travel this summer!

As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments on MLC and Finsphere.  Until then, we hope you’ll follow the conversation and share your views in the comments or on Twitter, Facebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

As Adoption of EMV Gains Momentum in U.S., Thoughts Turn to Addressing CNP Fraud

 

shutterstock_115174897_24 Mar 2015

We have said before that credit and debit card-issuing financial institutions and merchants have already begun rolling out stronger identity-authentication technology known as EMV (or “chip and pin”) to comply with an adoption deadline in the U.S. of Oct. 1, 2015.

EMV relies on two-factor authentication – a microchip embedded in the card and either a user’s PIN number or signature — to curtail fraudulent purchases with cards in retail transactions. EMV is already widely used in other parts of the world, especially Europe and Canada…and now it’s coming to the U.S.

But bolstering face to face card-present transactions against fraudulent uses through EMV is expected to cause a sharp rise in the incidence of card-not-present (CNP) fraud attempts where transactions are performed online.  After all, that’s what fraudsters did in the U.K. and Canada after EMV was implemented.

At Finsphere, we have a simple, safe and secure solution that can help thwart CNP fraud similar to the way Visa’s Mobile Location Confirmation (MLC) enhances card issuers’ mobile-banking apps to combat card present fraud. Our patented Mobile Proximity Correlation uses the proximity of a user’s mobile phone to where a CNP transaction originates – such as the IP address of the user’s browser or other location-identifying attributes — as a key factor toward authenticating a legitimate activity.

Again, it’s using one of our strong points – a combination of technologies and analytic capabilities – to authenticate identities and separate attempted fraudulent transactions from those that are on the up and up.  CNP fraud is often attempted using stolen credit or debit card data.  Given the continuing rash of high-profile computer system hacks of retailers such as Target, Staples, Home Depot and others, Finsphere’s technology is well positioned to help out the cardholder to make online transactions simpler, safer and securer, whether in the pre- or post-EMV world.

We’ll have more to say as the EMV-adoption deadline draws near.  In the meantime, we invite your thoughts here or on  TwitterFacebook, or LinkedIn.

Robert Boxberger,

President, Finsphere

Finsphere – The Importance of Privacy

It wasn’t easy.Privacy

I was looking forward to attending the International Association of Privacy Professional’s (IAPP) Global Privacy Summit 2015 in Washington DC this week. Since joining Finsphere in 2009, I have attended several IAPP conferences in Europe and the United States. The meetings have been very valuable in helping me grow in understanding the nuances of privacy requirements and is a reflection of the importance of privacy to Finsphere. After all, on a personal level, Finsphere has funded my attendance at the conferences – not to mention paying me for the work I do as its Chief Privacy Officer.

This time it was with great excitement that I could discuss the recent announcement of the Mobile Location Confirmation (MLC) service by Visa with my peers at the conference. MLC is a service built around the concept that your mobile phone is a proxy for your identity; meaning it can be used as an authentication factor for validating your credit and debit card transactions. And, Finsphere is the underlying provider of the geolocation information and associated contextual analysis. Not only am I excited about Finsphere’s part in the provisioning of this service, I am excited about the importance individuals’ privacy was in its development.

The simple way for us to have built the service was to use technology that always tracked the individual. Simple, but one of its big downfalls is the negative perception associated with tracking. Even if the bank knows exactly where the financial transaction is occurring, we did not want to give customers the perception that an issuer’s MLC-enhanced mobile banking app is constantly monitoring them.

So, with a ‘privacy by design’ background, and working with our Visa counterparts, we designed a service that minimizes the privacy footprint. It starts with informed consent – cardholder explicit consent is required, with easy opt-out at any time. Next, to avoid always tracking the mobile device, geolocation specificity is minimized in a few ways. First, MLC does not need specific location, as in GPS-type location. Instead, a home area is created for each cardholder that Visa has set initially to be a 50 mile radius. On any given day, most people will never travel outside their home area. In that case, the app will simply notify Visa once a day that the cardholder is still within their home area. When a cardholder leaves his or her home area, MLC provides more frequent, albeit still general, geolocation information for helping to authenticate and validate card transactions.

Other privacy-enhancing choices made to protect privacy include persisting only the last known location in the mobile banking app, minimizing the data Finsphere receives to an issuer-generated device id and the location from the app (in this way we do not know who you are, specifically where you are, or have any other personally identifiable information about you or the transaction). The bottom line for MLC is that the cardholder’s privacy is and will be an ongoing critical design element.

So, I mentioned at the beginning of this blog that “it wasn’t easy.” This was referencing not only developing MLC with privacy in mind so it’s used only for its intended purpose – to validate card transactions – but also actually making the conference itself! I’m writing this blog from the airport, returning home to Seattle after weather delays almost prevented me from attending the conference. Luckily, I made it there and back (if only my bag could have made it home with me! I am still waiting for it…). But the silver lining has been that the privacy conference was fantastic. With over 3,000 attendees, it demonstrates the growing importance of privacy…one we have always recognized at Finsphere.

I invite you to share your view in the comments below and hope you will follow the conversation here or on Twitter, Facebook, or LinkedIn.

Jeff Brennan,

Chief Privacy Officer, Finsphere Corporation

For Finsphere, ‘Mobile As Identity’ Is Our Reason For Being

Mobile as Identity

We have always felt that the mobile phone is an ideal way to prove who you are.  On Tuesday, we stated our position as we felt it was time to go firmly on record as to why.

http://www.prnewswire.com/news-releases/for-finsphere-mobile-as-identity-is-its-reason-for-being-300040058.html?tc=portal_CAP

Give our point of view a read and let me know what you think. We invite you to share yours and hope you’ll follow the conversation here or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

Mobile Location Confirmation on “CBS This Morning”

Finsphere-Visa

I noted in my prior blog how proud we were at Finsphere to have played a part in Visa’s announcement of its new Mobile Location Confirmation (MLC) product. There were many great articles that followed from multiple sources announcing and commenting on MLC. However, one of my favorites is CBS This Morning’s piece on Visa’s new service. CNET’s Tim Stevens does a great job describing the offering and his feeling about it…I couldn’t have said it better myself.

As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments as we get closer to the rollout of MLC this year. You can connect with us on Twitter, Facebook, or LinkedIn.

Mike Buhrmann

CEO, Finsphere

Finsphere’s Key Role in Visa Announcement


At Finsphere we’re all extremely proud of the part we play in today’s announcement by Visa of its new Mobile Location Confirmation (MLC) product.

Visa partnered with Finsphere for critical infrastructure services, including our expertise in location-based services, our toolkit which enables mobile banking apps to capture geo-location while protecting the consumer’s privacy, and our geospatial analysis engine which analyzes and transforms the geo-location data sent from the consumer’s mobile device into a format which can be easily used by Visa’s fraud-risk systems.

You can read Visa’s news release here. Visa says MLC will be available to credit and debit card issuers in April 2015.

We’re very pleased that Visa chose Finsphere’s mobile app toolkit and geospatial analysis engine as its safe and secure geo-location infrastructure solution to help protect card holders, banks, and merchants. Put simplistically, MLC will help ensure that card transactions are approved when they need to be.

Visa believes Finsphere’s geo-location services can help eliminate the need for cardholders to notify their banks of imminent travel plans, while also reducing the number of legitimate transactions that are declined while traveling, otherwise known as “false positives.”

We developed our sophisticated solution over the last six years in the belief that your mobile phone can be a proxy for your identity. Cardholder privacy, safety, and security were considered to be of paramount importance during this development process.

Finsphere has been working closely with Visa this year to implement MLC. Now that the news is out, we look forward to continuing that work in support of a successful launch this April as well as providing assistance to issuer banks as they develop MLC-enhanced mobile apps for their cardholders.

It is thrilling that such a reputable market leader like Visa is endorsing the technology we’ve worked so hard to build. As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments as we get closer to the rollout of MLC this year.

EMV is Coming to the US, but at What Cost?

EMVThose who follow my musings here will recall two posts last July devoted to the “myths and truths” of EMV. The EMV solution has been widely embraced in Europe and Canada, but continues to face uncertainties on the way toward adoption in the United States. Driven by the desire to cut card fraud, EMV card rollout continues with one estimate showing that nearly one third of issued credit cards will be EMV by the end of 2015. And while EMV has been shown to cut some types of debit and credit card fraud, a case can be made that fraud will just shift from one transaction type to another.

Synonymous with EMV, “Chip and Pin” refers to a payment system for credit and debit cards consisting of a computer chip embedded in the card and a requirement for the cardholder to enter a personal identification number (PIN) or a signature to authenticate a transaction.

Implementation of EMV in the U.K. and Canada has been credited with decreasing fraudulent uses of credit and debit cards, but not all types of fraud are reduced, and EMV has the downside of sharp increases in Card Not Present (CNP) fraud where the transaction does not occur in-person, such as telephone, online, and mail-order purchases.

Industry watcher 451 Research, in a recent report, said that during Canada’s EMV rollout, the Royal Canadian Mounted Police reported the country experienced a 25% increase in CNP fraud between 2009 and 2010. This parallels what occurred in the U.K., where CNP fraud jumped by 79% between 2005 and 2008.

These experiences show that switching to EMV shifts fraudulent transactions from brick-and-mortar businesses to online, telephone, and mail-order retailers. Why would our experience in the U.S. be any different? Chance are, it won’t be.

EMV is coming to the U.S., so card issuers and businesses need to prepare for an increase in CNP fraud. We are working with industry leaders on solutions to address CNP that are simple, safe, and secure…more to come on this in future blogs!

We invite you to share yours and hope you’ll follow the conversation here or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

Will Apple’s Mobile Payments Service be Secure?

Apple Pay Video

Over the weekend, I read and watched several pieces about Apple’s new mobile payments service, specifically about the security of the new service. By far, the most interesting to me was an interview on Bloomberg TV with Shape Security Director of Product, Michael Coates, and Square’s former COO, Keith Rabois.

While both interviewees were focused on Apple’s new service, what interested me most were their views on today’s payment protections and security.

Keith shared his view that today’s debit and credit cards are extremely exposed to fraud, and protected by a user PIN or signature at best. I believe Keith underestimates the tremendous amount of fraud analytics that happen behind the scenes to protect users’ transactions. Keith does note that signature validation is rarely checked by merchants, which is an all-too-valid observation and a point I plan on discussing in an upcoming blog post as it pertains to the introduction of EMV in the United States.

In discussing authentication, Michael Coates certainly gets it right when he says we need to move away from user passwords and towards additional systems that employ user-friendly two-factor authentication. The constant trade-off is adding security layers for better payment protection, but ensuring that the defenses employed are frictionless and convenient for the customer.

Both interviewees understood the tradeoff is security versus usability: the more security layers you add, the more cumbersome the payment process tends to become for the consumer. Only when this balance is struck will the customer be likely to take full advantage of the security technology. Here at Finsphere, we are strong advocates of multi-factor authentication and believe that adding security that is noninvasive and works in the background is critical to usability and acceptance by the customer.

I am excited by Apple’s recent announcement of its new mobile payment service and the many conversations about security and payments usability it has sparked. As my previous blogs have shown, I am certainly in favor of simplifying the financial experience for customers!

I encourage you to watch the interview and let me know your own views in the comments here, or on TwitterFacebook, or LinkedIn.

Until next time,

Mike Buhrmann,

CEO, Finsphere