Discriminating indiscriminately...

Saturday, 14 February 2009

Travel and Fraud: a solution?

The Problem

Credit and debit card fraud is a huge problem which affects many people in a direct, personal way. A typical fraud is to make a card with stolen details and use it in a foreign country. This can be done simply by making a copy of the relevant data from the magnetic stripe and cloning it onto a new card.

Card issuing banks have recently attempted to reduce the incidence of this type of fraud by applying rules to prevent transaction authorisation under certain conditions, such as a transaction's source being a different country than the residential country of the cardholder; or limiting the aggregate value of transactions per 24 hour period.

How can this situation be improved for both the banks and the cardholders?

First steps

To allow cardholders to safely use their own cards when travelling, some banks request that cardholders notify them when travelling, so that their risk systems will not create "false positive" fraud suspicion when the cardholder is attempting to make a legitimate payment. The problem with this system is that it requires every single cardholder to remember to inform their bank, which is not an automatic behaviour -- it can only be learned after experiencing the inability to use a credit card on multiple trips abroad. It is also inefficient, as at some point in time, the cardholder has made arrangements for the travel, and the information about the trip date and duration is already in a computer somewhere.

Sweden's Handelsbanken is taking the lead here, by allowing their customers to manually set permissions for internet or foreign purchases on their e-banking website:
http://www.finextra.com/fullstory.asp?id=19597

A better way?

Recently some startups have provided the ability for travellers to enter or upload their travel itineraries and add contacts. So far it seems social networking is the main impetus for these startups; however, coordinating travel with other systems would be a benefit. You can see where I'm heading: Dopplr and Tripit should allow a user to link their credit card issuer to their account, so that the card issuer's risk system will automatically receive timely advance notice of a cardholder's travel plans.

To make this happen, the Dopplrs of the world should provide an interface for bank risk systems to access. Online credit card management sites could then:

  • build a UI to allow the cardholder to provide travel management site credentials
  • integrate to travel management system to pull down itineraries on a regular basis
  • feed itinerary information into the bank's risk system to be used by its rules engine
This is a fair amount of work for the issuer to perform, but it should pay for itself in reduced chargeback and fraud costs. The key to making it happen is incentives:
  • The travel management sites need to attract more users, and this is a useful function for prospective users.
  • The risk managers at banks need to reduce fraud levels, and they could tighten their risk systems if they had better information about the physical locations of their users. Presenting a financial upside to their management should make it easy to justify the integration expense.

So far Tripit seems to have the upper hand, as they allow the user to upload an itinerary from a travel agent or airline to their site. Eventually, booking sites might allow a user to provide their travel management site credentials (i.e. Tripit username and password) and have their bookings automatically fed from the reservation system to the management site then on into the

More Latitude

An even easier alternative for the traveller might be possible with Google's Latitude system. It would be technically possible to implement this scenario:
  1. User adds their credit cards to a Google account using Google Checkout.
  2. User enrols in Latitude and deploys it to their smartphone (e.g. Android device with GPS), set to automatically update their location.
  3. When Latitude detects the user has moved into a new country, it looks up the card issuer of each stored credit card, and then informs the issuer's risk system of the cardholder's current location.
This does require Google to do a lot of work, but it does lead a user to centralise their payment and travel management activities on Google, perhaps increasing user engagement with Google, and providing longer exposure to advertising or any other profitable service that Google can attempt to come up with.

Other Applications?

Making full use of travel management or location management systems will bring a variety of benefits:
  • Integrating a user's telecommunications preferences with their realtime location. A user can choose to have calls to their home phone routed to their mobile when they are out of the country, or sent straight to voicemail with a customised message. Alternatively they could route calls to different mobile phone accounts to avoid roaming charges when in certain countries.
  • Postal and parcel delivery services could be instructed not to attempt delivery when the recipient will be away, to prevent lost and stolen packages, and wasted time on futile delivery attempts. I admit that given the level of sophistication of most national mail services this may be a bit ambitious at the current time, but it's not beyond the realms of belief for private delivery services, especially when their payloads are of higher value or sensitive information.
  • Discount/promotion notification: some countries may offer special deals to foreign tourists. Currently Dopplr has user-generated "tips" for city locations; these could be more useful if you saw them in context rather than only while entering a new itinerary. There is already plenty of discussion about location-targetting for adverts and offers, of course.
I'm barely scratching the surface here, there are far more location-based ideas and startups out there. My point is merely that we need to help the user centralise their location tracking application/data to make usage simple, convenient, and cost-effective.