Cause for celebration as Emirates NBD signs on for Visa’s Mobile Location Confirmation (MLC) service


We’re celebrating at Finsphere today because we’ve received great news!

Dubai-based Emirates NBD, one of the Middle East’s leading financial institutions, has just announced the first commercial agreement to offer Visa’s fraud-fighting Mobile Location Confirmation (MLC) service to its Visa cardholders.

The Emirates NBD announcement is cause for elation here in Bellevue because Finsphere’s mobile app toolkit and geospatial analysis engine power Visa’s MLC service.

As you’ll recall from our earlier posts, Visa announced the MLC identity-authentication service early this year and made it commercially available to banks and other card-issuing financial institutions in the spring.

All along, we have worked very closely with Visa as it takes our safe and secure geo-location infrastructure solution to FI card issuers to help them protect card holders and merchants from fraudulent Visa transactions.

In saluting both Visa and Emirates NBD, we can’t help feeling tremendously proud for Finsphere’s role in this momentous milestone in combating fraudulent card-present transactions. We look forward to more great news in the near future! Until then, we hope you will follow the conversation and share your views in the comments or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

Our latest honor – Tech Impact Award in security category

Seattle Business Magazine Tech Impact Award

Seattle Business Magazine Tech Impact Award

In an already banner year for Finsphere, it was great to receive our latest honor last Thursday, September 25, evening – the Seattle Business Magazine Tech Impact Silver Award in the Security category.

Gaining that award among a select group of truly outstanding Seattle-area tech companies is a source of tremendous pride and accomplishment for us – especially because it’s a bit of hometown recognition in a region that boasts so many innovative companies.

We started the year with news that Visa was adopting our patented geo-location analytics technology for its Mobile Location Confirmation (MLC) service. And, in April, Visa launched MLC commercially to banks, financial institutions and other global companies.

We continue to work closely with Visa as it engages with its financial services clients to make MLC available to their customers.

So far, 2015 has been an exciting year for us. Stay tuned, I am sure we’ll have more great news to share during the remainder of the year. Until then, we hope you will follow the conversation and share your views in the comments or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

Finsphere is named a finalist in Seattle Business Magazine’s Tech Impact Awards


I am pleased to announce that Finsphere has been named one of Washington’s top 3 security companies of the year in the 2015 Tech Impact Awards. Finsphere is a small company and I recognize this accomplishment as a team effort from all of our employees, our partners, and our investors.

For readers that are new to our site, Finsphere is a predictive analytics company that focuses on “mobile as identity” – the notion that the proximity of a user’s mobile phone to an event, such as a financial transaction, is a strong indicator of a valid transaction. We are in the business of providing better security through mobile geolocation technology to keep user identity and financial data safe. In fact, the world’s leading global payments technology company, Visa, uses our technology in a solution it calls Mobile Location Confirmation that became commercially available in late May.

Finsphere will be attending the awards gala on Thursday, September 24 at Seattle’s Showbox SODO along with 300 other tech leaders and senior executives. There, the top 3 finalists in six categories will be recognized, with one being chosen as the Gold Tech Impact Award winner.

Check back to find out if we’re a winner by following our blog or picking up a copy of Seattle Business Magazine’s October issue on September 25. Until then, we hope you will follow the conversation and share your views in the comments or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

How’s the transition to EMV going?


At Finsphere, beginning back in mid 2014, we started to blog about the transition to EMV (for Europay, MasterCard, Visa, or “chip and pin”) from the perspective of our expertise in “mobile as identity.”

We have demonstrated that the relative proximity of consumers’ smart mobile devices to their uses of debit or credit cards is a powerful way to authenticate identity – so much so that jointly with Visa, we developed a solution which Visa named Mobile Location Confirmation (MLC).  Visa has commercially launched MLC so banks can utilize it as a way to cut down on the unnecessary declines (known as false positives) in valid cardholder transactions, whether consumers are traveling or close to home.

Meantime, adoption of EMV is now not that far off, so we thought we’d take another look at how the transition is going.

All indications are that the transition to EMV and distribution of new cards to cardholders is well under way at banks and other card-issuing financial institutions.  Card-issuing institutions do have a strong incentive to distribute the new EMV cards to replace older ones with magnetic strips; existing cards with magnetic strips have been proven vulnerable to fraudulent use.

Additionally, banks have had financial responsibility for fraudulent card usage ever since magnetic-strip cards were introduced decades ago.  For banks, the real incentive to distribute new cards is to meet an imposing October 1, 2015 deadline, after which financial liability for fraudulent card usage could shift in a big way to retailers who accept the new cards for payments without having installed up to date card scanners, readers or terminals.

As a report on EMV in Payments Source explained: “After the liability shift, if a merchant is still using (magnetic strip) methodology and the customer has a smartcard, the merchant is liable. If the merchant has the new Chip and PIN technology but the bank hasn’t issued the customer a Chip and PIN card, the bank is liable. If the merchant uses Chip and PIN technology on a customer’s smartcard and fraud still takes place, the credit card company bears the liability, as is the case today.”

Knowledgeable industry observers say the largest retailers have invested in new card readers and are ready for the October 2015 deadline for EMV.  However, these same observers say the transition to new card readers is far less widespread at smaller retailers primarily due to cost concerns, even with the deadline a little more than four months away. Intuit recently released the results of a survey among small businesses that had four key takeaways:

  • Awareness of the October 2015 deadline for EMV adoption is low and the majority of small business owners surveyed have not yet committed to migrating to EMV-compatible systems.
  • Education should be the top priority for all small businesses, regardless of their current intent to migrate to an EMV-compatible solution (because) few owners understand the implications, including the financial and legal liabilities.
  • Among those small businesses that are still undecided, alleviating their concerns over the cost of the card-reading equipment changeover will have the greatest impact in increasing the likelihood for participation in the EMV migration.
  • The biggest challenge for adoption of EMV will be among the smallest businesses (those with 1-5 employees) that have the lowest awareness and highest budget concerns.

It’s unfortunate that many small businesses still don’t recognize that, for them, the new liability for fraud could far outweigh an investment in new readers.

Putting the transition aside, we at Finsphere are waiting to see what happens when EMV is more widely implemented and how cardholders react to what probably will be longer transaction times.  Initially, at least, the customer checkout experience will suffer, we believe, because cardholders will have to take the extra step of either entering a pin code or signing a receipt to complete the two-factor authentication called for in EMV.

We’ll continue to share more thoughts on EMV and potential ways mobile devices can be used as part of EMV authentication/validation without having to use pin or signature going forward.

Until then, we hope you’ll follow the conversation and share your views in the comments or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

Mobile Location Confirmation – It’s Arrived!


In my Feb 12th blog, I discussed how proud we were at Finsphere to play a part in Visa’s announcement that day of its new Mobile Location Confirmation (MLC) product.  MLC is Visa’s new mobile service designed to reduce unnecessary credit or debit card purchase declines, often triggered when consumers travel outside of their home area.  It is offered through participating financial institutions’ mobile banking applications.

MLC uses mobile geo-location data in real time as an additional input into Visa’s predictive fraud analytics. We at Finsphere provide Visa with an analysis of the account holder’s device location data, which is then matched with the transaction location in less than a millisecond, right at the point of sale. When a cardholder’s mobile device is in the same location as the payment transaction, the issuing financial institution can more confidently approve the transaction.

In its announcement, Visa stated that MLC would be available to card-issuing financial institutions in April 2015. And unlike so many industry product announcements whose actual launch date is long after the public proclamation date, Visa commercially launched MLC at the end of April as promised.

What’s next?   Visa is working hard with issuer banks to secure adoption of MLC and incorporation into their mobile apps.  MLC will then be available as an optional service for bank cardholders to opt-in and receive the benefits of the service via their banking app.

Keep an eye out for your bank to announce availability of MLC in the near future.  Wouldn’t it be nice to have the added security of knowing that MLC is helping to ensure that your transactions are approved when you travel this summer!

As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments on MLC and Finsphere.  Until then, we hope you’ll follow the conversation and share your views in the comments or on Twitter, Facebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

As Adoption of EMV Gains Momentum in U.S., Thoughts Turn to Addressing CNP Fraud


shutterstock_115174897_24 Mar 2015

We have said before that credit and debit card-issuing financial institutions and merchants have already begun rolling out stronger identity-authentication technology known as EMV (or “chip and pin”) to comply with an adoption deadline in the U.S. of Oct. 1, 2015.

EMV relies on two-factor authentication – a microchip embedded in the card and either a user’s PIN number or signature — to curtail fraudulent purchases with cards in retail transactions. EMV is already widely used in other parts of the world, especially Europe and Canada…and now it’s coming to the U.S.

But bolstering face to face card-present transactions against fraudulent uses through EMV is expected to cause a sharp rise in the incidence of card-not-present (CNP) fraud attempts where transactions are performed online.  After all, that’s what fraudsters did in the U.K. and Canada after EMV was implemented.

At Finsphere, we have a simple, safe and secure solution that can help thwart CNP fraud similar to the way Visa’s Mobile Location Confirmation (MLC) enhances card issuers’ mobile-banking apps to combat card present fraud. Our patented Mobile Proximity Correlation uses the proximity of a user’s mobile phone to where a CNP transaction originates – such as the IP address of the user’s browser or other location-identifying attributes — as a key factor toward authenticating a legitimate activity.

Again, it’s using one of our strong points – a combination of technologies and analytic capabilities – to authenticate identities and separate attempted fraudulent transactions from those that are on the up and up.  CNP fraud is often attempted using stolen credit or debit card data.  Given the continuing rash of high-profile computer system hacks of retailers such as Target, Staples, Home Depot and others, Finsphere’s technology is well positioned to help out the cardholder to make online transactions simpler, safer and securer, whether in the pre- or post-EMV world.

We’ll have more to say as the EMV-adoption deadline draws near.  In the meantime, we invite your thoughts here or on  TwitterFacebook, or LinkedIn.

Robert Boxberger,

President, Finsphere

Finsphere – The Importance of Privacy

It wasn’t easy.Privacy

I was looking forward to attending the International Association of Privacy Professional’s (IAPP) Global Privacy Summit 2015 in Washington DC this week. Since joining Finsphere in 2009, I have attended several IAPP conferences in Europe and the United States. The meetings have been very valuable in helping me grow in understanding the nuances of privacy requirements and is a reflection of the importance of privacy to Finsphere. After all, on a personal level, Finsphere has funded my attendance at the conferences – not to mention paying me for the work I do as its Chief Privacy Officer.

This time it was with great excitement that I could discuss the recent announcement of the Mobile Location Confirmation (MLC) service by Visa with my peers at the conference. MLC is a service built around the concept that your mobile phone is a proxy for your identity; meaning it can be used as an authentication factor for validating your credit and debit card transactions. And, Finsphere is the underlying provider of the geolocation information and associated contextual analysis. Not only am I excited about Finsphere’s part in the provisioning of this service, I am excited about the importance individuals’ privacy was in its development.

The simple way for us to have built the service was to use technology that always tracked the individual. Simple, but one of its big downfalls is the negative perception associated with tracking. Even if the bank knows exactly where the financial transaction is occurring, we did not want to give customers the perception that an issuer’s MLC-enhanced mobile banking app is constantly monitoring them.

So, with a ‘privacy by design’ background, and working with our Visa counterparts, we designed a service that minimizes the privacy footprint. It starts with informed consent – cardholder explicit consent is required, with easy opt-out at any time. Next, to avoid always tracking the mobile device, geolocation specificity is minimized in a few ways. First, MLC does not need specific location, as in GPS-type location. Instead, a home area is created for each cardholder that Visa has set initially to be a 50 mile radius. On any given day, most people will never travel outside their home area. In that case, the app will simply notify Visa once a day that the cardholder is still within their home area. When a cardholder leaves his or her home area, MLC provides more frequent, albeit still general, geolocation information for helping to authenticate and validate card transactions.

Other privacy-enhancing choices made to protect privacy include persisting only the last known location in the mobile banking app, minimizing the data Finsphere receives to an issuer-generated device id and the location from the app (in this way we do not know who you are, specifically where you are, or have any other personally identifiable information about you or the transaction). The bottom line for MLC is that the cardholder’s privacy is and will be an ongoing critical design element.

So, I mentioned at the beginning of this blog that “it wasn’t easy.” This was referencing not only developing MLC with privacy in mind so it’s used only for its intended purpose – to validate card transactions – but also actually making the conference itself! I’m writing this blog from the airport, returning home to Seattle after weather delays almost prevented me from attending the conference. Luckily, I made it there and back (if only my bag could have made it home with me! I am still waiting for it…). But the silver lining has been that the privacy conference was fantastic. With over 3,000 attendees, it demonstrates the growing importance of privacy…one we have always recognized at Finsphere.

I invite you to share your view in the comments below and hope you will follow the conversation here or on Twitter, Facebook, or LinkedIn.

Jeff Brennan,

Chief Privacy Officer, Finsphere Corporation

For Finsphere, ‘Mobile As Identity’ Is Our Reason For Being

Mobile as Identity

We have always felt that the mobile phone is an ideal way to prove who you are.  On Tuesday, we stated our position as we felt it was time to go firmly on record as to why.

Give our point of view a read and let me know what you think. We invite you to share yours and hope you’ll follow the conversation here or on TwitterFacebook, or LinkedIn.

Mike Buhrmann,

CEO, Finsphere

Mobile Location Confirmation on “CBS This Morning”


I noted in my prior blog how proud we were at Finsphere to have played a part in Visa’s announcement of its new Mobile Location Confirmation (MLC) product. There were many great articles that followed from multiple sources announcing and commenting on MLC. However, one of my favorites is CBS This Morning’s piece on Visa’s new service. CNET’s Tim Stevens does a great job describing the offering and his feeling about it…I couldn’t have said it better myself.

As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments as we get closer to the rollout of MLC this year. You can connect with us on Twitter, Facebook, or LinkedIn.

Mike Buhrmann

CEO, Finsphere

Finsphere’s Key Role in Visa Announcement

At Finsphere we’re all extremely proud of the part we play in today’s announcement by Visa of its new Mobile Location Confirmation (MLC) product.

Visa partnered with Finsphere for critical infrastructure services, including our expertise in location-based services, our toolkit which enables mobile banking apps to capture geo-location while protecting the consumer’s privacy, and our geospatial analysis engine which analyzes and transforms the geo-location data sent from the consumer’s mobile device into a format which can be easily used by Visa’s fraud-risk systems.

You can read Visa’s news release here. Visa says MLC will be available to credit and debit card issuers in April 2015.

We’re very pleased that Visa chose Finsphere’s mobile app toolkit and geospatial analysis engine as its safe and secure geo-location infrastructure solution to help protect card holders, banks, and merchants. Put simplistically, MLC will help ensure that card transactions are approved when they need to be.

Visa believes Finsphere’s geo-location services can help eliminate the need for cardholders to notify their banks of imminent travel plans, while also reducing the number of legitimate transactions that are declined while traveling, otherwise known as “false positives.”

We developed our sophisticated solution over the last six years in the belief that your mobile phone can be a proxy for your identity. Cardholder privacy, safety, and security were considered to be of paramount importance during this development process.

Finsphere has been working closely with Visa this year to implement MLC. Now that the news is out, we look forward to continuing that work in support of a successful launch this April as well as providing assistance to issuer banks as they develop MLC-enhanced mobile apps for their cardholders.

It is thrilling that such a reputable market leader like Visa is endorsing the technology we’ve worked so hard to build. As always, we’d appreciate hearing your comments and we encourage you to stay tuned for further developments as we get closer to the rollout of MLC this year.