How Mastercard is using geolocation to reduce fraud
MasterCard and Syniverse have launched an opt-in pilot program which verifies a cardholder’s proximity to their smartphone before authorizing transactions. The program is intended to eliminate the successful use of stolen or cloned cards by thieves and also make card usage easier for international travelers. When geolocation data sent from a cardholder’s mobile device matches the location of the transaction request, the likelihood of a fraudulent transaction is significantly reduced.
This is good news for cardholders and merchants alike. The U.S. Bureau of Justice reported that in 2012, 16.6 million people were victims of identity theft—46 percent of whom reported fraudulent credit card transactions. Likewise, LexisNexis reports that credit cards are linked to nearly half of all fraudulent transactions for merchants, totaling over $100 billion in fraud losses due to fees and interest associated with chargebacks.
Anti-fraud controls typically only address a part of the fraud lifecycle and a limited number of channels, making multiple controls necessary to tackle the big picture. Technology that employs point-to-point encryption, starting at the card reader, or taking the exchange of the card number out of the individual transaction process can be more effective for preventing the collection of the card number.
MasterCard’s geolocation approach won’t prevent card skimming or cloned cards, but it could be very effective in preventing a compromised or cloned card from being used in a card-present transaction.
Jim Maloney, Vantiv Integrated Payments’ chief information security officer, speculates that it could even evolve to protect online card-not-present transactions by geolocating the computer being used via its associated public IP address, and only allowing the card number to be used if the location of the smartphone is near the location of the computer.
“I like this approach,” Maloney states. “If it’s as easy to set up and easy to use as it seems, it could be a very effective anti-fraud control, providing that the user has a smartphone.”