If fraudsters encounter strong data security when hunting the big game of corporate bank accounts or payment-processor databases, they may shift their attacks to mobile commerce.
And if they do, ValidSoft Ltd. intends to help make sure hackers seeking data from mobile transactions run into more doses of fraud-prevention frustration.
The Offaly, Ireland-based fraud-prevention software provider bolstered its mobile-payments presence after completing a partnership April 4 to provide data security for Utiba Mobility Inc. Singapore-based Utiba annually processes more than 12 billion consumer mobile payments made with small banks and payment schemes, Patrick Carroll, ValidSoft CEO, tells PaymentsSource.
Utiba, which has more than 500 million subscribers with access to its payment system, strengthened its market position by securing a processing deal as part of the MasterCard Mobile Money Partnership Program in February (see story).
ValidSoft plans to keep Utiba transactions secure through its system called Secure Mobile Architecture for Real-time Transactions, which features five layers of data security. The system analyzes consumer passwords and cell phones and adds voice biometrics, cell phone proximity correlation, and one-time encrypted certificates for data.
A few years ago, banks could have felt safe with two-factor data authentication that included a consumer password or identification number and a correlating cell phone SIM card identification for mobile payments, Carroll notes. “But all security standards show some signs of weakness, especially after fraudsters got sophisticated with man-in-the-browser fraud mechanisms that could compromise security tokens and certificates,” he adds.
The challenge for ValidSoft was to create a complex mobile-security system that remains user friendly because complicated security functions can be difficult to enter on a mobile phone, especially if the consumer has only one hand free, Carroll says.
The ValidSoft system features security factors, such as the voice biometrics–when the user is asked to call the bank and the system confirms his voice before authorizing a transaction–that the mobile phone user would never know is being used, Carroll notes.
ValidSoft clients or partners can choose which services to add to their payment networks, but a system using five factors represents a strong security model, Carroll contends.
Fraudsters will go after any target that presents an opportunity, and mobile payments are no exception, Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group, tells PaymentsSource.
“I’ve spoken with a number of mobile-payments providers that have been hammered by fraud,” McNelley says.
As a way to deter fraud, mobile-payment schemes and banks authorizing those transactions often set limits on how much consumers can transfer for a payment or how many transactions can occur per a day or week, McNelley adds.
“The challenge with those limits is that sometimes customers will get fed up and stop using the system, making it tough to build up transaction history,” McNelley contends.
Therefore, ValidSoft provides a good alternative to that problem with its behind-the-scenes protections because it protects the payment environment while not imposing fraud controls that cause consumers to quit a payment method, she adds.
ValidSoft charges Utiba an annual fee for access to the security services and a transaction fee of less than 0.5% of each sale that requires ValidSoft review, Carroll explains.
Utiba processes transactions involving underbanked consumers mostly in Singapore, Latin America and South America who use mobile phones for bank account activities, ATM access, top-ups on prepaid card accounts, and person-to-person payments, he adds.
ValidSoft marketed its mobile location-based fraud-protection software throughout the United Kingdom last year and announced its intention in late 2011 to bring the technology to consumers and banks in the United States (see story).
The Valid-POS software essentially links a consumer’s mobile phone location with his credit card when used for card-present point-of-sale transactions to help prevent fraud.
What do you think about this? Send us your feedback. Click Here.