Fico correlates locations of mobile phones and card transactions to tackle fraud

Sounds great. What about those of us who use different phones or dual sim? Or, I know you're not supposed to but so many of us do, you lend your card to your wife to use?

The direct relationship between a phone and a card is flimsey, so how much added value does this bring in terms of fraud security? Espeically as the real issue is often card not present transactions or cloned cards in the first place...

Excellent start with a new technology.

It will be interesting to see how it grows and develops over time.

Seems a reasonable idea, my initial thoughts are. 

How does the proximity work? , if its via GPS / G3 then data costs will be incurred -roaming data is expensive, will the bank offset this?

If your phone battery dies can you still use your card?

If both your phone and card is stolen what is the protection? 

Andrew, John,

don't think of this as the only thing that wil be used to determine if this is a valid transaction or not, just another layer in the security onion. And as for the data cost, then that's always under your control. If it only happened when you made a trasaction, it would be so infrequent that you would never notice it.

You can turn it off if you like, but you would lose the other features that are already enabled on the app, like balance notifications.

It's also highly unlikely that any bank would refuse transactions based soley on the location of the phone, at least at this point in time.

However, think about what this could do when you link it with a real time data analysis engine. The link between the phone and the card transaction is strong. It is possible to tell where the user is whether they are at an ATM or carrying out a PoS transaction is a shop. You can even narrow this down for internet transactions as the system can know where you are and where the transaction is originating from.

What I'm not sure about is why a bank would need the Fico system though. Their phone app could just interogate the phone and compair its location with the transaction location.

And Andrew, lending your card to someone else and giving over your PIN is definetly a big no-no. And then admiting it in print...

UK banks are all too aware of the customer service and satisfaction implications of aggressive decline strategies in place today, resulting in high false-positive rates for travelling cardholders. The decision of UK banks to adopt this invisible and highly effective solution to prevent false-positives, without any negative impact on fraud detection is in stark contrast with a number of European countries looking to implement Geo-blocking of cards which will have a major negative impact on the cardholder and issuer alike. Reducing card fraud through blanket decline policies is not effective in terms of customer service and the cost of false-positives, Proximity Correlation is

Hi Dave,

I understand your points, but for me the link isnt strong enough to add any real value to the whole fraud detection process, especially if I can turn it off etc etc. If your arguement is a big data one, then that holds more weight for me personally. There is a lot to learn from consumer habits, and phones linked to transactions deliver highly valuable data...

However, I have a strong view point that I shouldnt be using cards full stop, I should be using my mobile device of choice on a scheme designed specifically for mobile transactions. But that is just my opinion.

Finally, I am not saying I give out my PIN and card to anyone. I am simply stating that many of "us", as in consumers, do do that. I think that it is a fact of life and something many people do, so no matter if it's a big no no, it does happen and surely things that do happen MUST be taken into consideration. No matter if they should or shouldnt...I strongly believe, we cannot design and deliver systems that do not take into consideration the actual actions of end users...

Many people - including me - tend to use different, lower cost SIMs while traveling abroad. GPS is not very reliable indoors. Because it drains battery rapidly, some people - including me - keep GPS switched off except while using the smartphone for navigation. These are formidable hurdles in front of proximity correlation. Against that backdrop, the only way I can bring myself to believe that this technology has "slashed the number of 'false positives' on overseas transactions by up to 70%" is if the bank simplistically rejected all overseas transactions as being fraudulent. Personally, I find 2-way SMS Alerts to be a more reliable yet lower cost solution.

@Mr Ketharman, the assumption that Proximity Correlation and GPS are the same is actually an incorrect one. Your lack of knowledge is however understandable since Proximity Correlation is a new capability and as the inventors of Proximity Correlation Logic®, this patent pending technology (that has been granted a European Privacy Seal) is fundamentally different. Your points, therefore, on “formidable hurdles in front of proximity correlation” are not applicable. I am intrigued nonetheless on your view that 2-way SMS alerts are a more reliable solution - more reliable than what, specifically? By the time an individual receives an SMS the transaction has more than likely already been declined, as SMS cannot be used in the real-time authorisation process. However, as you state that you use a different SIM when travelling abroad, I’m unclear as to how you would ever receive such an SMS from your issuing bank, as they would not keep a foreign PAYG number on their systems. The upshot would be you’d end up ringing them from abroad, at your own cost, as distinct to Proximity Correlation which costs the cardholder nothing. In terms of the false-positive rates quoted in the article, I think that we all agree that it’s relatively easy to stop fraud. Simply decline more transactions. The consequence of aggressive fraud prevention strategies is that the False Positive rate goes through the roof (we have observed rates as high as 98%). Whilst Proximity Correlation can of course address the fraud issue, the real benefit to us all is that Proximity Correlation addresses the serious False Positive issue also. And it’s future proofed. As mobile payments become an increasingly common form of payment, the convergence between the payment method and the device, with the right security checks in place, provides the ultimate framework for Proximity Correlation.

@PatC:

In addition to clarifying that Proximity Correlation Logic® (PCL) is not based on GPS, it'd help have a more meaningful discussion if you did throw some light on what it is based on (SMS or USSD?), whether it needs data connectivity, and so on.

It'd also help have a more meaningful discussion if you specified the baseline condition under which you've observed 98% False Positives before the introduction of PCL. If it's "Decline 100% of overseas transactions", I must say that none of my credit card issuers follow such a practice. And no amount of technology will save a bank that adopts such a "throw the baby out with the bathwater" kind of practice. 

I presume that PCL needs the same SIM. In talking about 2-Way SMS Alert, I've assumed the same. So, the SMS message would indeed reach the cardholder and at no cost to her. 

Why should the transaction "already be declined" by the time the cardholder receives the SMS unless the baseline condition is to "Decline all overseas transactiions", which, as I said earlier, doesn't match my personal experience.