A Payment Card Reader for the Home?New Tech Aims to Curb Online Shopping Fraud
Nicholas Percoco of security vendor Trustwave says Twitter and Facebook posts can lead unsuspecting consumers to malicious links that advertise bargains, but come back with malware and botnets. "Around the holidays, people are looking for the best deals and could become easy prey," he says.
It's like the card number is inside a token.
I get the same word of caution from Aite fraud analyst Julie McNelley and John Buzzard, client relations manager for FICO's Card Alert Service, who say banking institutions should take time to educate consumers and merchants about all types of expected cyberthreats.
It's good when all the experts agree. But solutions, beyond consumer education, seem relatively limited. And consumer education can only go so far. Socially engineered schemes such as phishing are getting more sophisticated. The spoofed websites to which they push consumers look legitimate, and the ploys they use to pull in consumers are oftentimes quite ingenious.
The good news this week: I've learned about a new security option that begins and ends with the consumer, and it takes some of the risk out of these online transactions. It's called SmartSwipe, and -- like it sounds -- it's a card reader. I've never heard of anything like this before, and the bank I spoke with that's pushing the tech to its customers says it's unique, as well. If other vendors are offering something similar, I'd love to hear about it.
I find the technology intriguing.
SmartSwipe, which is manufactured by online security solutions provider NetSecure Technologies, is a card reader for the home or office PC, where most consumers shop online. Online fraud is growing. And that same fraud will soon hit mobile, as more consumers browse and shop via mobile devices.
That convergence, coupled with a 40 percent surge in debit fraud over the last year, motivated Edmond, Okla.-based Kirkpatrick Bank, $500 million in assets, to sign with NetSecure for the SmartSwipe service.
"Knowing about the rise in fraudulent check card transactions, and a lot of it having to do with Internet purchases by our customers, I wanted to look into it," says Kirkpatrick's vice resident and chief operations officer, Robert Banks.
In a nutshell, here is how it works. The consumer attaches the SmartSwipe reader to the PC. When making an online purchase, rather than entering card and personal details into the e-commerce website, the user simply swipes a card, just like at a brick-and-mortar location. The card information is encrypted at the card-reader level, outside the PC. And the transaction is routed using what NetSecure calls transparent endpoint tokenization. The card data is encrypted at the reader, so only encrypted data is sent to the merchant.
The good news for merchants? They don't have to do anything special to decrypt or receive the transparent token. The good news for banks? It's another step toward curbing debit losses.
After three months of internal testing, Kirkpatrick Bank began selling SmartSwipe to its customers.
"I would think any financial institution would want to get as many products out there as it can that combat fraud," Kirkpatrick's Banks says. "With increases in check-card fraud, primarily from online purchases, we wanted to find something that could reduce our losses. It is a nuisance for the customer and ultimately costs us money."
I see how this tech could put a serious kink in online attacks against the consumer. I do wonder about the encryption -- how secure is it? The tech is still very new, and Kirkpatrick Bank is the only institution I know that's taking an active role in promoting SmartSwipe to its customers.
Regardless, I can't help but think about how simple yet innovative this idea is. All sorts of functional uses start bouncing around in my head, like swiping my card at home to pay for grocery purchases in advance, or buying my weekend movie tickets without having to go through that pesky online movie site. Now, if someone in the ATM space could just figure out a way to get my PC to dispense cash, the world would be a much more balanced place.
Do you or your institution have any experience with this or any other new fraud-fighting solutions?