Misys taps social media location information for bank-to-customer payment authorisation

Doesn't sound too secure to me, with the ease of hacking social media tools for example. I might be a bit too sceptical, but still...

Adding current location as a factor in authenticating payment transactions is a great idea, but the key factors to consider are security and privacy. How secure are these social media, and how secure is the mash-up? Is customers’ privacy being compromised? We need to be careful that we don’t just make it easier for fraudsters while also failing to respect people’s civil rights and creating a false impression of enhanced security.

Both security and privacy have been taken in to account when designing Misys GeoGuard. A customer's check-in is not taken on its own, and is used to supplement existing fraud-prevention measures. Rules and analytics are built in to determine the validity of a check-in, and how "trustworthy" it is. On the privacy front, a customer would share with the bank or other FI, via Misys GeoGuard, only information that they are already posting - they don't need to change their behaviour whilst the banks are able to make use of this "personal data feed" to deliver better customer experience. For those customers that either don't wish to share their social data with their bank (and we only reference location data on an opt-in basis, and per check-in, and don't store reams of historical check-ins that could be used to "route" a customer), or don't wish to use social media at all, banks are able to offer a private check-in service directly via their own channels: for example they could allow a customer to check-in by using the bank's mobile banking app.

Leveraging services such as Facebook, foursquare or TripIt however, would mean that a customer carries on as usual. When travelling, they wouldn't have to individually notify each bank or credit card company they had cards with. One check-in is all that it takes.

I can't see that the target market for using this is going to be big enough.  I mean I don't personally have any issues with my bank when travelling, perhaps since it happens regularly and over the years they know that or I have previously told them (I don't ever remember telling my bank(s) I was travelling). 

Second, I don't update my whereabouts on any of those social sites (boring).  There's a good chance that neither do others and then when they need a transaction to be social location auth'd it fails anyway.

I think this is just a solution looking for a problem and it'll not be implemented and if it is it will not be adopted by many at all.  Just stick a flag in the online banking self care where you can say if you are travelling and maybe even name the country.

Certainly a "cool app", one that will help banks put one more tick in their 'social media strategy' box. However, by adding fuzzy check-in data sourced from social networks to already fuzzy fraud detection algorithms, won't the "false positive" rate shoot up? Realtime 2-way SMS alerts at the point of sale might mitigate this risk more reliably.