Consumer control of cards via mobile phones delivers blow to hackers

Technology reduces fraud by allowing customers to decide when, where and how their credit, debit cards are used

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

As the Unit­ed States embraces the use of chip-based, or EMV, cards to dra­mat­i­cal­ly decrease cred­it card fraud, bad actors are piv­ot­ing to revamp their tactics.

But accord­ing to start­up Ondot Sys­tems, the answer to cred­it card fraud could be sim­ple: turn over card con­trol and autho­riza­tion to the consumer.

Relat­ed: Fraud­sters adjust to U.S. adop­tion of EMV cards

Ed note_Ondot SystemsThe com­pa­ny, based in San Jose, Cal­i­for­nia, has cre­at­ed a prod­uct it describes as a “remote con­trol for a pay­ment card.” Offered either as a stand­alone mobile app or inte­grat­ed into a bank’s mobile bank­ing app, the Card­Con­trol prod­uct lets users decide when, where and how their deb­it or cred­it cards are used.

My card can­not be used any­where I don’t want it to be used,” explains Rach­na Ahlawat, Ondot co-founder and exec­u­tive vice president.

Users can com­plete­ly turn a card “off” with a sim­ply button—meaning it can’t be used any­where until it’s turned on. They also can spec­i­fy whether it can be used online, in stores and at ATMs; choose loca­tion pref­er­ences by region or prox­im­i­ty; set mer­chant and trans­ac­tion types, as well as lim­its; and access var­i­ous infor­ma­tion includ­ing alerts and balances.

We’re giv­ing card­hold­ers the abil­i­ty to bet­ter pro­tect them­selves with­out com­pro­mis­ing on the con­ve­nience of using the card,” Ahlawat says.

Ondot cur­rent­ly mar­kets Card­Con­trol direct­ly to six of the top eight U.S. proces­sors, who col­lec­tive­ly process trans­ac­tions from more than 10,000 finan­cial insti­tu­tions. Some of the app names offered through the banks and cred­it unions include Card­Valet, Mobi­Money and CardNav.

The tech­nol­o­gy uses loca­tion-based con­trols but doesn’t require car­ri­er par­tic­i­pa­tion. It doesn’t con­trol the card itself, but rather the trans­ac­tions, and it resides with­in the proces­sors’ servers.

Mobile leads the way

The under­ly­ing prin­ci­ple is not based so much on pay­ment tech­nol­o­gy as it is on wire­less and mobile—and it has to be super fast and apply user pref­er­ences in real time,” Ahlawat says.

Ondot’s co-founder and CEO Vadu­vur Bhargha­van had worked with Ahlawat at anoth­er com­pa­ny in the mobile space. The pair noticed that card fraud was a major chal­lenge, but the solu­tions were most­ly reactive.

Rachna Ahlawat, Ondot Systems co-founder and executive vice president
Rach­na Ahlawat, Ondot Sys­tems co-founder and exec­u­tive vice president

We want­ed to build some­thing that was more proac­tive,” Ahlawat says. “The idea came up, can we do some­thing unique in the pay­ment indus­try and build on our her­itage of 15 to 18 years of mobile and wireless?”

That her­itage proved to be both a chal­lenge and an advan­tage. A chal­lenge because Ahlawat and Bhargha­van launched Ondot in 2011—on the heels of a glob­al finan­cial crisis—without hav­ing any estab­lished con­tacts in the pay­ment indus­try. But that lack of indus­try back­ground also allowed them to look at the prob­lem with fresh eyes.

Not hav­ing some of the found­ing prin­ci­ples from the finan­cial indus­try helped because our think­ing was very dif­fer­ent from how banks think about devel­op­ing their tech­nol­o­gy,” Ahlawat says.

Being experts in the net­work­ing mobile and pay­ment indus­tries helped them draw par­al­lels between the two and cre­ate “net­work­ing applied to payment.”

The Ondot strat­e­gy was to mar­ket direct­ly to proces­sors while stay­ing in stealth mode, then launch­ing pub­licly in April 2014 once the com­pa­ny had actu­al data from clients show­ing how the tech­nol­o­gy helped reduce fraud. After sign­ing up more proces­sors, Ondot went inter­na­tion­al last summer.

Stay­ing in start­up mode

Although the com­pa­ny has hun­dreds of cus­tomers, Ahlawat says Ondot is still a start­up, albeit an estab­lished one.

We’re grow­ing every day, but stay­ing nim­ble to address the needs of the mar­ket, whether that’s expand­ing in the U.S. or inter­na­tion­al­ly,” she says. “In our minds, we still have to be more of a start­up, oth­er­wise our own suc­cess may get in the way of us growing.”

As with any pio­neer con­cept, once an idea proves suc­cess­ful, oth­ers try to build on that suc­cess with their own prod­ucts. In Ondot’s case, oth­ers have tak­en notice. Com­pet­i­tive pres­sure has been grow­ing, spurring the com­pa­ny to add prod­ucts and ser­vices to main­tain its com­pet­i­tive edge.

You have exist­ing cus­tomers and exist­ing com­mit­ments, and you also have to build your com­pa­ny and add more products—so you con­tin­ue to inno­vate,” Ahlawat says.

Ondot’s focus in the next 12 months is on exe­cu­tion. But there’s a broad­er oppor­tu­ni­ty, as well, as the pay­ment indus­try con­tin­ues to strug­gle with fraud, which is expect­ed to exceed $35 bil­lion glob­al­ly, accord­ing to esti­mates from The Nil­son Report (a pay­ment indus­try newslet­ter). In the Unit­ed States alone, card fraud is pre­dict­ed to grow from $6.7 bil­lion in 2014 to $9.1 bil­lion in 2018, the Aite Group estimates.

As the bad actors shift to new fraud chan­nels, banks con­tin­ue to try new solu­tions, from device fin­ger­print­ing and behav­ioral analy­sis to bio­met­rics. But Ahlawat says there’s also a fun­da­men­tal shift: The banks are “real­iz­ing the impor­tance of con­sumers dic­tat­ing their own experiences.”

For Ondot, that means not only more demand, but also an empha­sis on new con­sumer trends—currently, an increased inter­est in mobile.

We see a very big shift hap­pen­ing, and that should reflect in our prod­uct as well as our approach to the mar­ket that makes con­sumers first and mobile first,” Ahlawat says. “It’s almost like paint­ing our next-gen­er­a­tion prod­uct offering.”

More sto­ries relat­ed to cred­it card fraud:
As U.S. switch­es to EMV pay­ment cards, fraud­sters exploit still-open loopholes
New fraud headaches emerge with shift to EMV chip cards
Human fac­tors could under­mine chip-and-PIN security

Posted in Cybersecurity, Data Security, Featured Story