Consumer control of cards via mobile phones delivers blow to hackers

Technology reduces fraud by allowing customers to decide when, where and how their credit, debit cards are used

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

As the United States embraces the use of chip-based, or EMV, cards to dramatically decrease credit card fraud, bad actors are pivoting to revamp their tactics.

But according to startup Ondot Systems, the answer to credit card fraud could be simple: turn over card control and authorization to the consumer.

Related: Fraudsters adjust to U.S. adoption of EMV cards

Ed note_Ondot SystemsThe company, based in San Jose, California, has created a product it describes as a “remote control for a payment card.” Offered either as a standalone mobile app or integrated into a bank’s mobile banking app, the CardControl product lets users decide when, where and how their debit or credit cards are used.

“My card cannot be used anywhere I don’t want it to be used,” explains Rachna Ahlawat, Ondot co-founder and executive vice president.

Users can completely turn a card “off” with a simply button—meaning it can’t be used anywhere until it’s turned on. They also can specify whether it can be used online, in stores and at ATMs; choose location preferences by region or proximity; set merchant and transaction types, as well as limits; and access various information including alerts and balances.

“We’re giving cardholders the ability to better protect themselves without compromising on the convenience of using the card,” Ahlawat says.

Ondot currently markets CardControl directly to six of the top eight U.S. processors, who collectively process transactions from more than 10,000 financial institutions. Some of the app names offered through the banks and credit unions include CardValet, MobiMoney and CardNav.

The technology uses location-based controls but doesn’t require carrier participation. It doesn’t control the card itself, but rather the transactions, and it resides within the processors’ servers.

Mobile leads the way

“The underlying principle is not based so much on payment technology as it is on wireless and mobile—and it has to be super fast and apply user preferences in real time,” Ahlawat says.

Ondot’s co-founder and CEO Vaduvur Bharghavan had worked with Ahlawat at another company in the mobile space. The pair noticed that card fraud was a major challenge, but the solutions were mostly reactive.

Rachna Ahlawat, Ondot Systems co-founder and executive vice president
Rachna Ahlawat, Ondot Systems co-founder and executive vice president

“We wanted to build something that was more proactive,” Ahlawat says. “The idea came up, can we do something unique in the payment industry and build on our heritage of 15 to 18 years of mobile and wireless?”

That heritage proved to be both a challenge and an advantage. A challenge because Ahlawat and Bharghavan launched Ondot in 2011—on the heels of a global financial crisis—without having any established contacts in the payment industry. But that lack of industry background also allowed them to look at the problem with fresh eyes.

“Not having some of the founding principles from the financial industry helped because our thinking was very different from how banks think about developing their technology,” Ahlawat says.

Being experts in the networking mobile and payment industries helped them draw parallels between the two and create “networking applied to payment.”

The Ondot strategy was to market directly to processors while staying in stealth mode, then launching publicly in April 2014 once the company had actual data from clients showing how the technology helped reduce fraud. After signing up more processors, Ondot went international last summer.

Staying in startup mode

Although the company has hundreds of customers, Ahlawat says Ondot is still a startup, albeit an established one.

“We’re growing every day, but staying nimble to address the needs of the market, whether that’s expanding in the U.S. or internationally,” she says. “In our minds, we still have to be more of a startup, otherwise our own success may get in the way of us growing.”

As with any pioneer concept, once an idea proves successful, others try to build on that success with their own products. In Ondot’s case, others have taken notice. Competitive pressure has been growing, spurring the company to add products and services to maintain its competitive edge.

“You have existing customers and existing commitments, and you also have to build your company and add more products—so you continue to innovate,” Ahlawat says.

Ondot’s focus in the next 12 months is on execution. But there’s a broader opportunity, as well, as the payment industry continues to struggle with fraud, which is expected to exceed $35 billion globally, according to estimates from The Nilson Report (a payment industry newsletter). In the United States alone, card fraud is predicted to grow from $6.7 billion in 2014 to $9.1 billion in 2018, the Aite Group estimates.

As the bad actors shift to new fraud channels, banks continue to try new solutions, from device fingerprinting and behavioral analysis to biometrics. But Ahlawat says there’s also a fundamental shift: The banks are “realizing the importance of consumers dictating their own experiences.”

For Ondot, that means not only more demand, but also an emphasis on new consumer trends—currently, an increased interest in mobile.

“We see a very big shift happening, and that should reflect in our product as well as our approach to the market that makes consumers first and mobile first,” Ahlawat says. “It’s almost like painting our next-generation product offering.”

More stories related to credit card fraud:
As U.S. switches to EMV payment cards, fraudsters exploit still-open loopholes
New fraud headaches emerge with shift to EMV chip cards
Human factors could undermine chip-and-PIN security