+ Reply To This
Results 1 to 7 of 7
09-27-2016, 08:01 AM #1
MasterCard Taking Steps to Curb Online Fraud
MasterCard is working on new biometric technology to help thwart online fraud and other fraudulent transactions where credit cards are not present.
The introduction of chip card technology is proving a hindrance to much of credit card fraud that existed in the "real" world - i.e., where credit cards are present. However, the demise of the magnetic strip is pushing card thieves in a new direction: online transactions.
Chip card technology so far is working like it is supposed to. Retailers that adopted the new chips in the US have seen fraud from counterfeit charges drop by over 50%. This in turn has pushed criminals to focusing on internet transactions, where the new security chips will not slow them down.
Now MasterCard is fighting back using biometric technology. The idea is that shoppers can submit selfie's or images of fingerprints via a mobile app to prove their identity. If shopping on a PC, you can have a text sent to your smartphone to allow a verification procedure.
US Bancorp is experiment with another form of verification. If you have their app, they are tracking the location of your phone against the location of card transactions. And Wells Fargo is experimenting with eye prints.
A couple observations from all this:
1. Biometric Data. Online thieves are proving themselves to be of increasing sophistication. What happens once they are able to steal a digital copy of my biometric data, where a fingerprint, selfie or eye print? From that point on, it becomes even easier for them to steal my identity.
What protects card issuers and banks better can prove to be harmful to me. This is a fat-tail risk I am not excited about.
2. Tracking. I am not sure how tracking my location will help a bank detect fraud in online transactions. Rely on your chips instead. And stop tracking me. That is creepy. And makes me think you just want to figure out what other products you can sell me.
3. Impact on Online Retailers. Slowing down transactions to prove identities may prove costly to smaller online retailers. First, who wants to take the time and extra steps. We are buying online for convenience. Larger e-tailers may be better equipped to offer store credit or other alternatives to keep your check out process quick and easy.
Second, I suspect that implementing the systems may involve some expense that many smaller e-tailers cannot afford. Once again, another benefit for larger e-tailers.
I love Amazon. But I do not want it to be my only shopping option.
On the plus side: I am glad that card issuers and payment processors are working on reducing credit card fraud. This is a cost that we all pay for in terms of higher transaction fees for merchants that are passed on to us as higher costs. As far as I am concerned, every penny counts.
However, this must be done in a way that does not shift any risk on to consumers. Chip cards may slow us down. However, they have no long-tail risk to us. Let's get more innovation in that vein.
09-30-2016, 09:24 AM #2
If the biometric data is stored locally on your smartphone, and not centrally on a database, the risks you outline are dealt with.
If stored locally, there is no hacking risk. The value of hacking is to get a large database. That will be taken away.
The threat to you forever losing control of your identity is also minimal. Just take the case of the iPhone - where repeated knocking attempts will eventually cause it to erase all important data. This means a digitized copy of your thumb print will be erased.
A threat of you specifically being targeted still remains. But that remains whether they want your PIN code or eyeball (a la Minority Report).
10-04-2016, 01:58 PM #3
I think good points from both of you.
Cyber-security definiely needs to be better thought out. Including what data is stored locally and what is stored on a server.
I wonder how much using block-chain can help resolve these issues.
10-05-2016, 05:16 PM #4
10-21-2016, 08:04 PM #5
Using two-factor authentication is definitely the way to go when it comes to thwarting identity theft online. A lot of email providers are already doing this whenever someone logs in on a device that's normally not used by the user. This should be the norm in the future.
10-23-2016, 11:02 AM #6
10-28-2016, 07:02 PM #7