If you’ve done much traveling, then it’s certainly happened to you. It’s your first day in a new city and you present your credit card for payment and things grind to a halt.
Depending on the circumstances, the transaction may require the clerk to check your identity, or it may require that you speak to someone at the credit card company so that you can confirm that it’s really you that’s buying lunch in London or Paris, or in my case in Frankfurt, Germany.
And it might not even involve international travel. You might find yourself having to prove who you are in New York or San Francisco. What’s happened here is that your purchase triggered the credit card company’s fraud analysis system and they need to make sure that whatever it is that you’re buying is a legitimate purchase.
Normally such requirements for proof are simply annoying, but every so often they can lead to the denial of a charge, which can be a real problem. The security folks at Visa International think they’ve found a way to prevent this sort of inconvenience by tying the location of your phone to the location where your credit card is being used.
“This really ties into a lot of our core processing,” said Visa’s senior vice president of risk products and business intelligence Mark Nelsen. “Every time you use your Visa card we determine the likelihood of fraud.” Nelsen said that Visa examines every charge that way. Of course so do other credit card companies including MasterCard and American Express. In fact, it was a purchase at the Frankfurt Airport several years ago that developed into my most recent call from American Express to confirm a charge.
Normally you can avoid this sort of thing by calling your credit card company or your bank and letting them know of your travel plans. But when your plans change, perhaps because of an unplanned layover, you can get those calls again.
Now Visa is tying your actual location, as determined by your smartphone, to the location of your card transactions. The way this works is through the banking app that you’ve downloaded to your phone. That app will know where you are even if you haven’t opened it and it will report your location to Visa. “Visa would compare your phone location and purchase location,” Nelsen said.
What’s actually happening behind the scenes is that Visa and other credit card companies are computing the likelihood of fraud for each purchase. That likelihood is presented to the issuing bank as a risk score, and the bank decides what level of risk is acceptable to it. When the risk score goes above a certain point, it triggers a confirmation call and ID check or in some cases it causes the charge to be declined.
There are some obvious holes in this plan. For one thing, customers must have the banking app for the credit card they’re using. For travelers with Windows Phones or BlackBerry devices, this may not be possible.
Visa Wants to Link Up Your Credit Card, Phone Location to Cut Fraud
It also requires that the phone has some means of communicating with the relevant bank or the location process won’t work. And of course such communications require use of your data plan while traveling, which can get expensive depending on the carrier involved.
Once a customer has downloaded the banking app, they will be required to decide whether they want the app to track their location for fraud control purposes. Customers can choose not to allow it and in that case Visa will fall back to the older method of risk analysis, and more confirmation checks would result.
Of course, the financial institution has to enable the location tracking and the back-end processes to communicate the location data to Visa. Only when those steps are accomplished can the Visa location tracking be enabled. Visa said that this location tracking process should be available to all of its banking customers by April 2015.
In one sense, customers are giving up a share of their privacy by agreeing to the Visa location tracking, but in reality, they’re not really giving up all that much. After all, when you use a credit card during travel, your location becomes known immediately anyway.
Likewise your mobile carrier always knows where you are if only to allow you to make and receive phone calls. What’s really happening here is that Visa has developed a way to connect those pieces of information and in the process to make your day-to-day travel activities a bit easier.
Visa’s Mobile Location Confirmation may also eliminate one other risk for customers by making it clear exactly where the travel is taking place. I recall hearing about a traveler who found that several fraudulent charges took place in India while he was traveling in Europe.
The problem turned out to be that his credit card issuer had him listed as simply “traveling” without any indication as to where and even though charges were happening in India and Europe within a few minutes, it didn’t trigger an alert.
I think that this is one area that can ultimately add to overall security at every step up the line. Now that mobile phones can be locked with biometrics or passcodes, it helps ensure that the right user has the phone.
Couple that with a reasonably certain authentication method such as EMV chips and PINs and fraud becomes harder to accomplish. The privacy impact is minimal because the entities involved already know where you are anyway.