Startup ValidSoft, a subsidiary of Amsterdam-based mobile operator Elephant Talk Communications, has an interesting technology answer to credit and debit card fraud that uses cell phone location to check out suspicious transactions.
The system, VALid-POS, does not use GPS data, which is fraught with privacy issues, is expensive, takes too long, and has accuracy issues, according to a ValidSoft spokesperson. It uses something called "proximity correlation analysis." The company has access to the telecommunication network providers' shared signalling system, along with proprietary probability algorithms, to correlate whether a particular phone is within the proximity of an ATM or merchant terminal at which a card is being used (the bank must supply the customer's cell phone number for this to work). If the result, based on the probability score returned, indicates fraud — for instance, if a cardholder’s phone is in France while his card is being used in Australia — ValidSoft can call the customer automatically and let him confirm or deny the transaction. More importantly, if the cardholder’s phone is in Australia while transactions are occurring in Australia, rather than the transaction being incorrectly declined (false positives), using VALid-POS they would be accepted. According to a ValidSoft spokesperson, banks that have tested the system have reduced false positive rates from 90% to single digits.
Pat Carroll, CEO of ValidSoft, was formerly head of electronic trading technology in Europe for Goldman Sachs International. Phil Hickman, chairman of the company, was formerly head of strategy & planning for HSBC Commercial Bank.
Existing methods of spotting fraud compare any new card use with a cardholder's historical and behavioral patterns of spending. If a card that's been used for years only in Iowa suddenly is used to buy drinks in Cancun, that's suspicious. One problem is that the algorithms that look for these anomalies aren't fast enough. "They rarely catch the first transaction," explains Carroll. "The fraudster typically gets away with the first, second, or even the third purchase."
The bigger problem, however, is that nine out of every ten cross-border transactions flagged as fraudulent — and thus rejected by the bank — are legitimate. Most of the time, the cardholder really is in Cancun buying margaritas or withdrawing cash. These so-called false positives cost banks up to $10 per case, according to ValidSoft, as the banks lose on interchange fees, their fraud units must processes the transaction and call the customer to try to verify the validity of the transaction, and afterward the card may become dormant. That adds up to a cost of $100 billion a year in the U.S. alone. It's a problem for cardholders too, since banks often cut off a card if they can't verify that a transaction is legitimate.
To use this service, banks pay a lookup fee per transaction, depending on volume.
Before the company could market the software, ValidSoft had to prove to European regulators that its solution did not contravene any data protection or privacy laws. On March 31, ValidSoft was granted the "European Privacy Seal," indicating that the technology meets regulatory requirements.