February 14th, 2014 by Elma Jane

News from Target, increasing the number of cards compromised to 70 million and the expansion of data loss to mailing and email addresses, phone numbers and names, affirms that we are in a security crisis.

Card data is from a brand and business perspective, the new radioactive material. Add personally identifiable information (PII) to the list of toxic isotopes.

The depressing vulnerabilities these breaches reveal are a result of skilled hackers, the Internet’s lack of inherent security, inadequate protections through misapplied tools or their outright absence. Security is very very hard when it comes to playing defense.

There is a set of new technologies that could, in a combination produce a defense in depth that we have not enjoyed for some time.

Looking at the Age of Context (ACTs)

Age of Context released, a book based on the hundreds of interviews conducted with tech start-up and established company leaders. A wide-ranging survey. They examine what happens when our location and to whom we are connected are combined with the histories of where and when we shop. Result is a very clear picture of our needs, wants and even what we may do next.

Combining the smartphone and the cloud, five Age of Context technologies ACTs, will change how we live, interact, market, sell and navigate through our daily and transactional lives. The five technologies are:

1. Big Data. Ocean of data generated from mobile streams and our online activity, can be examined to develop rich behavioral data sets. This data enables merchants to mold individually targeted marketing messages or to let financial institutions improve risk management at an individual level.

2. Geolocation. Nearly every cell phone is equipped with GPS. Mobile network operators and an array of service providers can now take that data to predict travel patterns, improve advertising efficiency and more.

3. Mobile Devices and Communications. These are aggregation points for cloud-based services, sending to the cloud torrents of very specific data.

4. Sensors. Smartphones, wearables (think Fitbits, smart watches and Google Glass) and other devices are armed with accelerometers, cameras, fingerprint readers and other sensors. Sensors enable highly granular contextual placement. A merchant could know not only which building we are at and the checkout line we are standing in but even which stack of jeans we are perusing.

 

5. Social. Social networks map the relationships between people and the groups they belong to, becoming powerful predictors of behavior, affiliations, likes, dislikes and even health. Their role in risk assessment is already growing.

The many combinations and intersections of these technologies are raising expectations and concerns over what is to come. Everyone has a stake in the outcome: consumers, retailers, major CPG brands, watchdog organizations, regulators, politicians and the likes of Google, Apple, Microsoft, Amazon, eBay / PayPal and the entire payments industry.

We are at the beginning of the process. We should have misgivings about this and as an industry, individuals and as a society, we need to do better with respect to privacy and certainly with respect to relevance.

Provided we can manage privacy permissions we grant and the occasionally creepy sense that someone knows way too much about us, the intersections of these tools should provide more relevant information and services to us than what we have today. Anyone who has sighed at the sight of yet another web ad for a product long since purchased or completely inappropriate to you understands that personalized commerce has a long way to go. That’s part of what the Age of Context technologies promise to provide.

ACTs in Security    

ACTs role in commerce is one albeit essential application. They have the potential to power security services as well, specially authentication and identity-based approaches. We can combine data from two or more of these technologies to generate more accurate and timely risk assessments.

It doesn’t take the use of all five to make improvements. One firm have demonstrated that the correlation of just two data points is useful, it demonstrated that if you can show that a POS transaction took place in the same state as the cardholder’s location then you can improve risk assessment substantially. (based off of triangulated cell phone tower data).

Powerful questions of each technology that ACTs let us ask:

Data – What have I done in the past? Is there a pattern? How does that fit with what I’m doing now?

Geolocation – What building am I in? Is it where the transaction should be? Which direction am I going in or am I running away?

Mobile – Where does device typically operate? How’s the device configured? Is the current profile consistent with the past?

Sensors – Where am I standing? What am I looking at? Is this my typical walking gait? What is my heart rate and temperature?

 

Social – Am I a real person? Who am I connected to? What is their reputation?

Knowing just a fraction of the answers to these questions places the customer’s transaction origination, the profiles of the devices used to initiate that transaction and the merchant location into a precise context. The result should improve payment security.

More payments security firms are making use of data signals from non-payment sources, going beyond the traditional approach of assessing risk based primarily on payment data. One firm have added social data to improve fraud detection for ecommerce payment risk scoring. Another firm, calling its approach Social Biometrics, evaluates the authenticity of social profiles across multiple social networks including Facebook, Google+, LinkedIn, Twitter and email with the goal of identifying bogus profiles. These tools are of course attractive to ecommerce merchants and others employing social sign on to simplify site registration. That ability to ferret out bogus accounts supports payment fraud detection as well.

This triangulation of information is what creates notion of context. Apply it to security. If you can add the cardholder’s current location based on mobile GPS to the access device’s digital fingerprint to the payment card, to the time of the day when she typically shops, then the risk becomes negligible. Such precise contextual information could pave the way for the retirement of the distinction between card present and card-not-present transactions to generate a card-holder-present status to guide risk decision-making.

Sales First, Then Security        

The use of ACT generated and derived signals will be based on the anticipated return for the investment. Merchants and financial institutions are more willing to pay to increase sales than pay for potential cost savings from security services. As a result, the ACTs will impact commerce decision making first-who to display an ad to, who to provide an incentive to.

New Combinations  

Behind the scene, the impact of the ACTs on security will be fascinating and important to watch. From a privacy perspective, the use of the ACTs in security should prove less controversial because their application in security serves the individual, merchant and the community.

Determining the optimal mix of these tools will take time. How different are the risks for QR-code initiated transactions vs. a contactless NFC transaction? What’s the right set of tools to apply in that case? What sensor-generated data will prove useful? Is geolocation sufficient? Will we find social relationships to be strong predictor of payment risk or are these more relevant for lending? And what level of data sharing will the user allow-a question that grows in importance as data generation and consumption is shared more broadly and across organizational boundaries. It will be important for providers of security tools to identify the minimum data for the maximum result.

I expect the ACT’s to generate both a proliferation of tools to choose from and a period of intense competition. The ability to smoothly integrate these disparate tools sets will be a competitive differentiator because the difficulty of deployment for many merchants is as important as cost. Similar APIs would be a start.

Getting More from What We Already Have  

The relying parties in a transaction – consumers, merchants, banks, suppliers – have acquired their own tools to manage those relationships. Multi-factor authentication is one tool kit. Banks, of course issue payment credentials that represent an account and proxy for the card holder herself at the point of sale or online. Financial institutions at account opening perform know your customer work to assure identity and lower risk.

Those siloed efforts are now entering an era where the federated exchange of this user and transactional data is becoming practical. Firms are building tools and the economic models to leverage these novel combinations of established attributes and ACT generated data.

The ACTs are already impacting the evolution of the payments security market. Payment security incumbents, choose just two from the social side, find themselves in an innovation rich period. Done well, society’s security posture could strengthen.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Internet Payment Gateway, Payment Card Industry PCI Security, Point of Sale, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

December 30th, 2013 by Elma Jane

MasterCard and Green Dot today announced an expanded relationship that allows all U.S. cardholders with MasterCard rePower -enabled prepaid cards to reload their cards via the Walmart Rapid Reload service.

Walmart Rapid Reload utilizes the Green Dot Network to provide cardholders with a fast and easy way to load funds directly to their cards by swiping their cards at any register at participating Walmart stores (not available in VT or WY). Cardholders can add funds directly to their prepaid account by using cash or a pre-printed payroll or government check. Cashier-added funds will be available for use by MasterCard rePower-enabled cardholders within minutes.

The MasterCard rePower network is open to any MasterCard issuer of reloadable prepaid card programs. Portfolios such as the Univision MasterCard Prepaid Card will be able to offer their cardholders the new cash reload option through Walmart Rapid Reload.

Prepaid products provide consumers with choices in how they manage and spend their money. In order to maximize the potential of prepaid, cardholders need to be able to conveniently and securely reload funds. Our expanded partnership with Green Dot now allows our cardholders to load funds to their prepaid cards at more than 4,000 Walmart stores that offer Walmart’s Rapid Reload service,  said MasterCard Group Executive of U.S. Market Development Craig Vosburg.

 

Posted in Credit card Processing, Electronic Payments, Gift & Loyalty Card Processing, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , ,

December 12th, 2013 by Elma Jane

The Consumer Financial Protection Bureau is reviewing whether credit card rewards program are misleading to credit card users.

Results of the review may be new. Strict rules about the transparency of rewards programs, including details about cash back offers, mileage awards and how these rewards must be redeemed.

In an email to Bloomberg News, CFPB Director Richard Cordray said, we will be reviewing whether rewards disclosures are being made in a clear and transparent manner, and we will consider whether additional protections are needed.

Credit card issuers like American Express, Bank of America, Chase, Citi and Discover rely on rewards programs to attract new customers as well as increasing the use of their cards by existing cardholders. Rewards are the No. 1 reason why customers select the card, and there’s almost a battle to provide the highest rewards.

What we’ve learned over time is, our best customers value rewards. Their spend behaviour changes based on rewards,  said Edward Gilligan, the President of American Express.

The CFPB’s restrictions could put a damper on each company’s ability to draw in new cardholders.

While there are no apparently abuse issues with rewards programs at this time, the CFPB is taking the initiative to catch a problem before it happens.

Keep an eye out for notices from your credit card issuer about changes in your rewards program. Changes, or at least clarifications, could come as a result of this examination.

 

Posted in Gift & Loyalty Card Processing, Visa MasterCard American Express Tagged with: , , , , , , , , , , ,

December 2nd, 2013 by Elma Jane

U.S. Bank has announced the U.S. Bank Contour Card – saying that the new card gives customers the convenience of a debit card, the control of a bank account and the freedom of cash. Giving customers innovative options to manage their finances. The Contour Card is the latest example. It’s a great tool to manage expenses by giving you the power to budget your money across multiple prepaid cards under the same account. Customers can use Contour as their primary payment card, but it is also a good fit for anyone who wants a new way to manage money.

Contour gives control over your spending in so many ways. From tracking your spending to transferring money between accounts, Contour gives customers the ability to manage it all from one location through their personal My Contour Dashboard.

Cardholders can open up to five additional card accounts that can be linked to their primary account. Cardholders can use Contour anywhere Visa Debit cards are accepted, get free cash withdrawals at any U.S. Bank or MoneyPass ATMs, and direct deposit paychecks to their accounts at no additional charge.

 

Posted in Financial Services Tagged with: , , , , , , , , , , , , , , , , ,

November 14th, 2013 by Elma Jane

Los Angeles-based company Verifi, providing antifraud and risk-management services recently secured a patent for its dispute-resolution technology that enables merchants to avoid chargebacks by turning them into refunds earlier in the process. According to the patent abstract, the patent covers “receiving, at the partner platform, an inquiry/dispute event notification,” and “refunding the transaction or canceling future or recurring charges associated with the transaction.”

Verifi noted in the patent application, consumers are increasingly contacting their issuing bank first in the case of a disputed credit or debit card charge, cutting the merchant out until later in the process. The patent in question, in addition to streamlining the process for issuers engaged in the dispute process, helps recurring merchants by removing cardholders from the recurring payment program during the resolution process so additional charges will not come into question until the original dispute is settled.

 

Posted in Best Practices for Merchants, Credit card Processing, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

October 22nd, 2013 by Elma Jane

American Express cardmembers can now use their accumulated loyalty points to pay for taxi fares in New York City through a partnership with VeriFone.

The programme will roll out on VeriFone’s in-taxi devices that process more than 200,000 payments a day in more than 7000 cabs throughout NYC.

Leslie Berland, senior vice president, digital partnerships and development at American Express, says: “With this announcement, we’re leveraging our unique technology to bring it to life at the most critical commerce touchpoint – the physical point of sale.”

The integration is currently limited to New York taxis, but it doesn’t take a great stretch of the imagination to see it expanded to include other VeriFone point-of-sale systems.

At the end of the ride, AmEx members who have chosen to pay by card will be given the option to use points for their ride fare, including tip and tolls.

Posted in Credit card Processing, Electronic Payments, Gift & Loyalty Card Processing, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,