Visa to track smartphones to spot fraud
NEW YORK — Those days of calling your bank to let them know that, yes, you really are in Thailand, and yes, you really did use your credit card to buy $200 in sarongs may be nearing an end.
The payment processing company Visa will roll out a feature this spring that will allow its cardholders to inform their banks where they are automatically using the location function found in nearly every smartphone.
Having your bank and Visa know where you are at all times may sound a little like “Big Brother.” But privacy experts are applauding the feature, saying that, if used correctly, it could protect cardholders and cut down on credit card fraud.
Credit and debit card fraud costs consumers and banks billions of dollars each year, and that figure has been growing as data breaches have become more common. The banking industry had $1.57 billion in debit card fraud in 2013 and $4 billion in credit card fraud in 2012, the latest years for which data are available, according to the Federal Reserve.
Facing these high costs, banks and the payment processors have been stepping up their efforts to cut down on fraud, and Visa’s announcement is just one small piece of this drive. JPMorgan Chase’s CEO Jamie Dimon has said repeatedly that his bank spends $250 million overall on cybersecurity every year, and plans to double that spending.
Here’s how it works: starting in April, banks will update their smartphone apps to include Visa’s new location-tracking software. If the consumer opts in, the Visa software will, over a period of time, establish a customer’s home territory of roughly a 50-mile radius. If the person uses his or her Visa card at stores in that area, those transactions will be considered low risk for fraud.
When that person travels outside their home area, the phone will notify Visa that they’ve entered a new city or country, using the phone’s cellular data plan or the next time the phone connects to a Wi-Fi network. When that person uses their card for a transaction in that location, Visa will already know he or she is there and will be less likely to flag the card for a fraud alert.
“We will be able to compare the merchant’s location to the most recent cellphone location to show it’s a less risky transaction,” Visa executive Mark Nelsen said.
The feature is optional and can be deactivated at any time. Visa says none of the location tracking will be used for marketing purposes.
One type of fraud Visa’s feature will directly address is counterfeit credit cards. Criminals can take stolen credit card information and code it onto a new card using equipment that can be readily purchased online. Counterfeit cards look like any other credit card, but have someone else’s information on the magnetic stripe.
Nelsen said Visa hopes the new security feature will prevent “a good portion” of fraud perpetrated with counterfeit cards, because those cards are often used in a location other than where the actual card owner lives.
Visa’s new anti-fraud measure, which the company announced on Thursday, won’t address every potential fraud situation. If a card user has both their phone and credit cards stolen, for example, Visa wouldn’t necessarily know that the card was at risk of fraudulent use until the cardholder contacted the company.
The current version of Visa’s anti-fraud software doesn’t address the possibility of stolen credit card data being used to make online purchases, but a future version will, Nelsen said.
Visa is just one of dozens of financial companies trying to figure out the best way to use new technologies to combat fraud. MasterCard said Friday it is rolling out a pilot program later this year that will integrate biometric data, such as face, voice or fingerprints, into its payment system to help authenticate transactions.
Many travelers have had the experience of having their credit cards declined when using them for the first time in a foreign city or country because the bank assumed the charge was fraudulent. The only solution in those situations was for the cardholders to call the banks or credit card issuer every time they travel to let them know where they will be.
The process is cumbersome and time-consuming for cardholders and for banks, which incur large expenses to staff call centers to deal with these types of calls from customers. Some banks use systems like text message alerts, but that usually requires customers to reply or call a number before the transaction will go through.
“The goal is to let more of those good transactions go through so we can focus on the real fraud,” Nelsen said.
Privacy experts were generally warm to the idea, as long as banks are clear on how a customer’s smartphone location will be used.
“When a trusted party — and I think people think of their bank as a trusted party — is looking out for you using what technology they have, I think people will welcome that,” said Jules Polenesky, with the Future of Privacy Forum. Polenesky said Visa approached him six months ago to get feedback on this idea and to address any privacy concerns.
Justin Bookman, director of consumer privacy at the Center for Democracy & Technology, also supported the feature as long as banks are clear it’s optional and how the data is being used.
“We effectively share our location with our banks every day when we swipe our credit cards,” Bookman said. “As long as it remains optional, I believe it’s a worthwhile idea.”