ValidSoft tackles problem of credit-card blocking

The software checks if a person's mobile phone is in the same country as a transaction so the card isn't blocked by the bank

ValidSoft is pushing forward with software it says banks can use to avoid unnecessarily blocking credit card transactions, an occasional frustration for travelers outside of their home country.

The product, called VALid-POS, checks to see whether a person's mobile phone is in the same country as where the card transaction occurred, said John Petersen, ValidSoft's global head of business development.

The software is designed to reduce the frequency with which banks mistakenly block someone's payment card, either for ATM or POS (point-of-sale) transactions, Petersen said. Banks use risk engines based on historical transactions and other patterns that tell them if a transaction looks suspicious, such as if a person's card is used in Russia when the person normally buys items in the U.K. Banks do see much card fraud involving out-of-country transactions.

But banks frequently wrongly block cards, which requires someone to call the bank in order to get their card unblocked, Petersen said.

Most of Europe uses EMV (Europay, MasterCard, Visa) cards, also known as the chip-and-PIN (personal identification number) system. About 94 percent of the cash machines in Europe are capable of confirming the presence of a microchip that verifies the card's four-digit PIN, which has proven to be effective against cloning.

But the card's essential account details are still stored on the magnetic stripe on the back. Criminals install so-called "skimming" devices to collect that information, then clone a card without the microchip. Those cards are then used in countries with ATMs that do not verify the presence of the microchip.

When someone engages in a card transaction, ValidSoft's product uses network traffic data from mobile operators to see where a person's phone is located. If the transaction is in Russia and the phone is in Russia, ValidSoft provides that information to the bank, which can then make a further decision as to whether to block the card. When a mobile phone is turned on in a different country, it will register with a local operator.

VALid-POS confirms if the phone is in the same country as the transaction but does not tell the bank where the phone is, Petersen said. It merely confirms what the bank already knew, he said.

The lookup takes about a half a second. VALid-POS has an API (application programming interface) that can be used to incorporate the software into a bank's existing risk analysis systems, Petersen said.

ValidSoft is owned by ElephantTalk, a telecommunications company, which has access to the network traffic data essential for routing calls between different network providers and identifying where a phone is located. ValidSoft is in the process of negotiating agreements with operators to use that data for other commercial purposes, Petersen said.

If the phone is not in the same country as the transaction, VALid-POS also has callback system where a customer will be called. A person can use an automated menu to either approve the transaction or, if the transaction appears to be fraudulent, be connected to a live customer service representative.

Banks would pay for VALid-POS on a per-lookup basis or would buy an annual license with a lower per-lookup fee, Petersen said.

VALid-POS was recently give a seal of approval from EuroPriSe, an organization funded by the European Union that tests products for compliance with E.U. data protection and privacy regulations.

Under European regulations, banks would be able to deploy VALid-POS as an opt-in program, where users would be automatically enrolled and have to opt-out if they did not wish to participate, Petersen said. VALid-POS has been tested with three banks, he said.

ValidSoft's technology does have potential as banks look for better ways to detect fraud without imposing on their customers, said Avivah Litan , an analyst and vice president with Gartner. It is relatively inexpensive, but a small niche since it will only work with those customers who have a mobile phone, she said.

"They [banks] don't want to block the cards," Litan said. "They don't want to inconvenience their customers."

Join the CSO newsletter!

Error: Please check your email address.

Tags ValidSoftposbankingcredit cards

More about dSoftetworkGartnerVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place