A Silicon-Valley mobile payment company, including payment folk from Visa, Paypal and Apple, is toying with a new mobile payment security approach, one that envisions security shades of gray, as opposed to today's more typical binary open/closed approach, according to a Patent the company announced Monday (Aug. 18).
The approach outlined in the Quisk patent suggests a mobile account that could be locked, while still allowing limited transactions. Beyond ostensibly offering more convenience and access to consumers, the idea is that it would allow financial institutions the flexibility to restrict more dangerous transactions while allowing those deemed safer.
The Patent outlined quite a few variables that banks and retailers could choose from to allow select mobile transactions.
"The decreased functionality of the account while the lock feature is engaged could also result in the inability of the account to be used in certain classifications of transactions. The classifications could be set by the type of merchant involved in the transaction, the particular identity of a merchant involved in the transaction, the geographical location of the transaction, the time of the transaction, the amounts involved in the transaction, or the frequency of related transactions," said the Patent, which was published on July 22. "The lock feature could prevent the use of the account at specific merchants, specific physical stores, or cash access locations. Or it could instead prevent the use of the account for all purposes except use at specific merchants, physical stores, or cash access locations. In terms of geographical limitations, the lock feature could prevent any use of the account at POS terminals that are located outside an account holder's zip code, could prevent any use of the account in online transactions, or could prevent any use of the account in a separate state or country from a preselected location identified by the account holder. The lock feature could prevent the use of the account for any transaction exceeding a predetermined monetary value. The classification of transactions that are disallowed could be any transaction that was not preapproved prior to receiving a lock request. The classification of transactions that are disallowed could also be any transaction that was preceded or accompanied by a large velocity of numerous transactions or a limited number of transactions that exceeded a certain monetary threshold."
The Patent envisions mobile SMS messages as the preferred means for consumers to change their own settings—if permitted—or to approve specific transactions. Although it also supports call center interactions as a more secure method, the filing talks about the advantages of simple mobile messaging.
"Even if such a system were implemented using an interactive voice recognition (IVR) service, the use of a short message system is more convenient because lock requests generally require very little information, and it is easier to fire off a short message than to dial into an IVR system to provide the same message via an auditory channel," the filing said.
The argument that gradations of access can better balance convenience versus security than complete locks allows for use of today's more sophisticated card brand fraud-detection systems.
"A debit card account may be limited from being used to dispense cash to ATMs or to conduct debit card purchase at a POS terminal. Such approaches present an appealing tradeoff in terms of added security with more limited decreases in utility because there is generally less danger of fraud associated with inflows of funds to an account," the Patent said. "A more specific example of this feature would be the allowance of automatic bill pay or direct deposit salary payments to flow in and out of the account while other transfers were restricted. As a similar example, automatic top-up features for a spending account could remain be accepted even when the lock was engaged."
The idea of SMS confirmations is not new, as it's been used by PayPal's mobile app—and others—for years. What Quisk does that moves beyond that is to not merely alert a shopper to a transaction—placing the onus on the consumer to reach out if it's unauthorized—but to block anything else until the consumer confirms. Although this could be problematic if the user's phone battery dies or moves into an area without wireless access, the fact that these are mobile transactions might make such issues moot. The blocked transactions would have to come from the phone while Internet-connected, so if the phone can't make a transaction, that block wouldn't presumably be a problem.
"A user could receive an SMS message after conducting a transaction that included the details of the transaction such as: 'Please confirm you just spent $5.68 at Drug Store in Anytown.' The user would then confirm the transaction through an SMS response and would be unable to utilize their account in another transaction until they had done so," the Patent said. "The advantage of this approach would be that the user could conduct transactions rapidly and could handle the additional step of confirming the transaction at their convenience in-between transactions. This would thereby increase the speed at which transactions could be conducted while still providing a heightened degree of security to the account. The feature could also be set so that only transactions that rose to a sufficient degree of concern for a fraud monitoring system would trigger a notification to the user. For example, an account administrator may set the lock feature to shut down all usages of the account at gas stations in areas where the account administrator has noticed a high incidence of fraudulent transactions."
The approach factors in different confirmation approaches for locking versus unlocking requests. "In an example where fraud was the main concern, the locking requests may be received via a short message service, a web portal, or a telephone call to a live consumer representative or IVR system, while the unlocking request could only be received by a telephone call to a live consumer representative," the filing said. "Aside from different channels being more secure than others, the requirement of having more than one channel required to access the features provides security by itself because it is less likely that two channels of communication will be compromised."
Consumers would also have a wide range of options, depending on what the financial institution or retailer wants to offer. The balance between flexibility and confusion—give a user too many choices and they may abandon the effort—is delicate.
The Patent envisions quite a few user choices. "The user could specify that the account should be unfrozen in the morning on all weekdays, but remain frozen at all other times. The user could specify that the account should remain unlocked for 15 minutes and then automatically revert to a locked state. The user may be able to select a number of transactions or a certain dollar amount that may be spent during the unlocked period before the account automatically returns to a locked state," the filing said. "More specifically, the user could unlock the account for $100 worth of spending or for 5 total transactions. After the account had been subsequently used to spend $100 or conduct 5 transactions, the account would revert to the locked state. The dollar limit could be set as a hard ceiling such that a final transaction exceeding the dollar amount was denied, or a soft ceiling such that a final transaction exceeding the dollar amount was first approved before the account reverted to the locked state."
The text commands suggested by the Patent might open the door to consumer confusion or at least the burden of having to memorize new commands. "The text string 'UNSTOP10' could indicate that account holders wished to switch their accounts into an unlocked state for 10 minutes before reverting to a particular locked state corresponding to the 'STOP' command. In situations where the features were varied to an even greater degree, such that users could specify transitory unlock periods based on temporal or monetary limitations, additional symbols such as the dollar sign could be employed to distinguish between the two. For example, 'UNSTOP$10' could indicate users wanted to unlock their accounts until $10 had been spent while 'UNSTOP10' would indicate users wanted to unlock their accounts for 10 minutes."
The Patent also spoke of the ability to secondarily authenticate the user via the particulars broadcast by the phone. The system "could determine the identity of the user by stripping the information from a text message sent through communication systems. In these situations, caller ID information could be stripped from the message to determine the identity of the account holder. The request could also be imbued with user identifying information such as a software token generator or a hardware identifier that is added to requests. The hardware identifier could be coded in ROM in the device as it is manufactured or added by a removable memory such as a SIM chip or any nonvolatile memory device. The hardware identifier could also be a defect signature associated with the device that is detected by a subsystem after the device has been produced. The user could also be identified using any kind of biometric input or a service provider issued user identifier. The identifier could be detected using the proprietary networks mentioned previously, an RFID reader, or any kind of NFC system."
Retailers would also have the ability to automatically—and temporarily—enable transactions, but only from within specific stores. "A user at a checkout counter could scan the QR code to send an unlock request from their phone and then scan the QR code again to send a lock request once the transaction was completed. These approaches would beneficially allow users to keep their accounts locked until they were actually present in a store and ready to conduct a transaction. The administrator could add the account holder to a list of users to be detected automatically by the merchant's systems. Alternatively, the administrator could rely on a predetermined list of GPS coordinates associated with the merchant's locations and send the lock or unlock requests automatically when the user's location aligned with any of the coordinates on that list."
Another reason that Quisk has said that it prefers SMS authentication is that keeps the market open to shoppers who are not using smartphones. "This is a significant benefit because the markets for less sophisticated mobile devices are still considerable and increasing their use in fraudulent transactions is therefore still important. Furthermore, even in situations where the relevant account holders are already smart phone users, the introduction of complex fraud detection and account security applications still requires the development and maintenance of the associated systems and programs and simpler approaches would eliminate the costs associated with those endeavors. Finally, there are significant advantages to providing one system which may be utilized by smart phones, low-end cellular telephones and other mobile devices."
The Patent said that those communications might be relatively secure—such as encrypted voice/data channels—or less secure means such as standard E-mail, voice calls, messages sent via Facebook, LinkedIn and Skype as well as from "a browser running on a television."
The approach Quisk outlined shares some similarities to efforts by another mobile payments firm, Ondot.