Cardholders can help in fighting fraud beyond Chip and PIN

The problem

Where there is money there is fraud. With the success of the debit and credit card payment solution, that we all now take for granted, new types of thieves is emerging – Card Fraudsters. We use our cards in many different environments; in the High Street, placing telephone orders and purchasing on the Internet.

Card Fraudsters obtain a card or card information in all these environments. There is today no single solution to prevent the card fraudsters from obtaining cash, goods and services illegally. This problem runs into Billions of dollars every year.

As we have seen Fraud is moving away from the High Street mainly due to Chip and PIN and is now prevalent in the environments where there are no way of entering a PIN, the internet and telephone orders. Card Fraudsters only need to obtain simple card information in order to cheat the system. This causes a lot of cost to be incurred by issuing banks and personal aggravation for the card holders.

Most other solutions address a specific environment such as the internet an example is verified by VISA. It does not work for Telephone orders. It would be costly and cumbersome for cardholders to have different solutions for each environment and lead to a chaotic regulatory framework. Telsecure set out in 2003 with a simple set of requirements for a single solution.

The Requirements on a solution for Issuing Banks and Card Holders

At the very heart of a the requirements is that there must be an ability to verify the card holder at the time of the purchase or after i.e when the transaction takes place in the environments that can not implement Chip and PIN anywhere in the world.

Firstly, it has to fit into the current networks and involve all merchants globally with a minimum effort, be cheap and show a return on investment in less than 6 months.

Secondly, it would be a reasonable requirement that we can communicate with the card holder at all times for all purchases

Thirdly, should be able to ask a card holder to verify them selves using a method similar to Chip and PIN, or better.

Fourthly, Card holders should be able to Accept or Decline a transaction. Declining a transaction is required when there is fraudulent use of the card details by a Card Fraudster.

Fifthly, The card holder should be able to turn certain features off and on for a card, example being; Card off and on, Card for use in UK only, Card not to be used on the Internet etc..

These simple requirements will define a solution that is at par with Chip and PIN in the High Street and extended to all environments and by implication involve the card holder in recognising and preventing fraud. This aligns the ambitions of card holders and the wishes of their issuing banks to keep the fraud to a minimum as it is ultimately the card holder who will pay for the inefficiencies of the banks.

The Solution - SecurePay

A number of technologies have converged and allow us to communicate globally through the internet and the mobile phone. This forms the fundamental platform for communication between an issuing bank and its card holders. SecurePay is a mobile service as this is the next important thing to a purse or wallet an individual posseses and takes everywhere or keeps constant track of. Mobile phones are by definition interactive and we use them as such so when they make a noise we check to see what is happening, it is human instinct.

The next building block is to solve what is the best touch point for integration to all participants in the value chain for all environments. The issuing bank present a single interception point for all transaction messages for a single card, no need to involve merchants at all. SecurePay simply integrates the Issuing Banks message system for card transactions and mobile operators to complete the connection between any merchant and any card holder for the issuing bank.

We now have a very powerful solution that can capture all transactions for a card holder through the merchants acquiring bank and ultimately with their issuing bank to authorise or decline a payment. As a transaction is made in any environment (including high street transaction for countries that do not have Chip and PIN) on a global basis we have now solved most of the requirements.

With every purchase potentially we can send a message securely to a card holder and ask them to verify themselves using a mobile/cell phone. The verification is checked by SecurePay and SecurePay notifies the bank of the card holders decision to accept the transaction or not. The same platform is used by a card holder to restrict or turn off or on a card in real-time.

How do we get card holder buy-in?

The enrolment of this service can be marketed in a number of ways. The basic requirement is to allow card holders to be involved in the authorisation process for a transaction like chip and PIN. It would be reasonable to assume that there are some straight forward extensions to be made from the marketing strategy for Chip and PIN.
It also opens up another opportunity space, markets cards that are specifically designed for internet use, consumers are consciously making this choice. It is also easy to see how this can be used to acquire traffic from other cards that you normally would not see or be able to get to because of brand loyalty.

What is the return on investment?

The cost of a single point of integration with an issuing bank is less than 1m US dollars and the issuing bank can decide on the marketing costs. On average we believe that we can reduce fraud by 90% in the non Chip and PIN environments giving an enormous saving in the administration costs of fraud. Return on investment is in four digit percentages after all operational costs.