Mobile phone location technology fights card fraud

Ericsson is courting major banks with a security service the company thinks could cut down on credit card fraud as well as eliminate an inconvenience for travelers using cards overseas.

Banks are increasingly blocking credit card transactions in certain high-risk countries due to increasingly levels of fraud. A business traveler who lives in the U.K. but goes to Russia can likely have a transaction rejected if the person hasn't informed the credit card company of their travel plans. It's embarrassing and inconvenient.

Ericsson's IPX Country Lookup service uses a person's mobile phone to provide a confirmation that a person is actually in the country where the transaction is carried out, said Peter Garside, U.K. and Ireland regional manager for Ericsson's IPX products.

For the service to work, Ericsson's technology must be installed on a mobile operator's network. Once installed, Ericsson will pay the operator a "small fee" every time a bank wants to verify a certain transaction by one of their customer's mobile phones, Garside said. Ericsson will then put a margin on the lookup fee and charge that to banks, he said. The lookup fee hasn't been set yet.

Garside said that Ericsson has figured out how to extract the location information from operators worldwide. The technology only identifies what country a person is in and not where they exactly are in that country. It only works for GSM networks.

To allay privacy concerns, Ericsson is recommending that the banks should get consumers' consent prior to using the transaction verification service. Once a person's approximate location has been passed onto the banks, that data will not be held any longer, Garside said.

The service will work even if someone's phone is off, but as long as they've turned the phone on at least once when they're in a new country. Mobile phones will register with the local operator when turned on in a different country, so Ericsson will be able to query the last known location.

The service comes out of Ericsson's IPX product line, which enables third parties to bill for ring tones or other content via mobile networks.

Garside said operators won't incur any costs to integrate the service into their networks and can make money from the location information they hold. "The operators are sitting on some valuable assets," Garside said.

Banks will be able to set their own policies around the lookup service. For example, a bank may decide it only wants to pay a lookup fee for card transactions that occur in Romania and a few other countries.

Ericsson's technology could be appealing to banks, which are facing ever-increasing levels of cross-border ATM fraud, said Peter Welch, an independent banking analyst who was briefed by Ericsson.

Close to 40 percent of the fraudulent transactions performed with U.K. cards in 2007 were done overseas, according to information published by APACS, a U.K. payment card trade association. Total fraud amounted to around £535.2 million (US$845 million).

The U.K. as well as most European countries now use the chip-and-PIN (Personal Identification Number) cards, which contain a microchip. Consumers must enter a four-digit PIN to complete a transaction, which is verified by the chip. But thieves who steal card details can create cloned cards and use them in ATMs in other countries whose cash machines to not verify that a chip is present in the card.

Bank customers would likely agree to opt-in to the service, especially it reduces the frequency with which overseas card transactions are denied, Welch said.

"I would think there is enormous potential for it," Welch said.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies