Visa will begin asking card holders to opt in to a new service in April 2015 which it says could help reduce credit card fraud by tracking customers’ smartphones whenever they make a purchase.
Called Visa Mobile Location Confirmation, the service uses the location features of smartphones and other mobile devices to pinpoint where consumers are at the time of credit or debit card transactions.
When a cardholder’s mobile device is in the same location as the payment transaction, the issuing financial institution “can more confidently approve the transaction,” Visa said.
The software – which Visa will make available to banks and credit card issuers for use in their mobile apps – also uses a cardholder’s location to identify when they are traveling outside of their typical “home territory,” according to the Associated Press.
The company is pitching the service as a convenience for travelers, because you won’t have to notify your bank or credit card company by phone when you’re traveling, and the likelihood of your purchases being declined by fraud-prevention measures will be reduced by about 30%.
By reducing unnecessary purchase declines and cutting out customer service calls for pre-travel requests, Visa says it can save financial institutions hundreds of millions of dollars and devote more resources to finding actual credit card fraud.
Visa says the service will be available as an “opt in” feature within mobile banking apps and can be disabled at any time – a move that has been hailed by some privacy advocates.
In fact, Visa sought feedback about the location-tracking service from the Future of Privacy Forum, a Washington, DC think tank devoted to responsible data practices, the Associated Press reported.
At Naked Security, we frequently harp on app makers who don’t give consumers the choice upfront to use their location services, because opting in to these services means people are much more likely to understand what data they are consenting to give up and how that data will be used.
It’s quite likely that many people would be happy to trade some of their privacy for more convenience and security in their banking, so long as they have a choice in the matter.
Other card issuers are experimenting with fraud prevention measures that could be considered more invasive.
MasterCard, for example, is piloting a program this year that uses unique biometrics like facial and voice recognition and fingerprint matching to authenticate transactions.
Barclays bank has announced plans to introduce biometric authentication based on vein patterns in fingers.
And fingerprint readers available in the new generation of smartphones, combined with contactless payment systems like Apple Pay, could help us do away with insecure plastic cards altogether.
The future of payment technologies will likely force us to become more comfortable with using our bodies, rather than just our names and a number or password, to identify us.
Image of tourist using navigation app on mobile phone courtesy of Kaspars Grinvald / Shutterstock.com.
LindaB
For years we have been told not to allow anyone to know where we are, so we all turn off the tracking/locating features – don’t we?
This software turns that advice on its head so now Visa and the bank can track us!
Plus I don’t use my mobile phone for any such payment systems and would not allow them to track me.
Far too dangerous for anyone’s personal safety and security. I know they are thinking of making card transactions safer – but this is not the way to do it.
Blake
I see a potential plot for a new Law and Order episode. Employee at Visa tracks victims…….
Jim
I agree. But, my solution would be to turn on GPS only when I need it, like just before I make the transaction, and back off again afterwards.
Wayne
Could this be considered a form of two-factor authentication?
John David Crawford
I should not need to opt in to this layer of fraud protection. As Pay becomes more and more available at retailers this secure form of payment will be highly desirable. A dynamic security code is generated and my card’s security code is ignored. This one-time (per transaction) code cannot be retrieved by the bank, the retailer, the purchaser, a hacker, nor Apple. I am not making my location or shopping preferences available to any one.
Mark
“I am not making my location or shopping preferences available to any one.”
Uhhh…. if you paid with a card or ApplePay, you just made that info (and a whole lot more) available. The only way to avoid it is to pay with good ole’ cash.
artiste212
The location is obvious by the merchant info. but the advantage of Apple Pay is that it does not reveal your name or account number in the transaction. The merchant does, however, receive a token for payment.
AndyB
I assume that “Pay” was supposed to stand for “Apple Pay”. But the first character (“”) only looks like an [Apple-logo] if you’re on a Mac or iPhone. People on other systems might see [Windows-logo]Pay or [KlingonCharacter]Pay or a variety of other characters.
Apple simply picked an unused character and decided “we’ll display this as an apple”. They’re allowed to do that, but there’s no guarantee that other vendors will follow suit.