Wouldn’t it be nice if credit and debit cards came with a remote control switch? A switch that was activated by a mobile phone, could turn cards on and off instantly, and could be set to enable transactions by parameters such as location, transaction type, merchant type and amount? And suppose all that it took an issuer to enable this was to share 3 pieces of information with the service provider: BIN numbers, images/branding of the cards, and card ranges?
OnDot just yesterday went public with a solution that does just that, something that this team of now 70 people has been working to perfect in stealth mode for the last two years. The team, headed by serial mobile and internet entrepreneurs, has also managed to secure relationships with 4 of the 6 largest processors so that the process for issuers is literally, as easy as One. Two. Three.
Inspired by the vision to “bring value to plastic” and the reality that plastic cards will be hanging around yet for a while in spite of our efforts to transform them into a series of digits that reside in the cloud and are enabled by connected devices. This payments innovation was initially intended to help issuers reduce fraud by doing something very clever and even a bit counterintuitive – outsourcing the responsibility of the card to the user of that card. In an OnDot enabled world, cardholders register their plastic cards with their issuer via an issuer branded app. From that point forward, consumers take control of how and where their plastic cards are used – literally giving consumers the power to turn them off until the moment they are ready to be used. OnDot’s view is that if consumers are given the responsibility for keeping track of how and where their cards were used, perhaps fraud could be better managed since authenticating the user is now a responsibility that is shared with the consumer.
So for instance, OnDot allows its consumers to set how, where and when the cards will be used - and on the fly. And for others in the household for whom cards may be given. Want your 16 year old daughter to pay only for her new contact lenses and not the new handbag that she sees in the window of the store next to the optometrist? Mom or Dad can enable the card to be used only at the optometrist. Don’t care that she buys new clothes but you don’t want her spending more than $250 and at two or three places that you approve she shop? Simply set the spending limit and determine the geographic location and stores that are on the approved list. Inadvertently leave your card at a restaurant? Instead of cancelling it, the cardholder can literally turn the card off, go retrieve it, and not worry that every waiter and waitress at the restaurant has been charging up a storm. Consumers who are nervous about carrying cards when traveling can simply turn off the cards off until the moment before they are going to be used. And, consumers can turn certain cards off entirely, like debit cards for shopping online.
OnDot has had its application live and in use in a bank in Texas for the last 10 months. This issuer, Lone Star Bank, has seen 50 percent of its mobile users enroll and the incidences of fraud reduced by 60 percent.
“There are three aspects of security, to any security solution,” Co-founder and CEO Vaduvur Bharghavan said. “In EMV the chip gives you encryption, the PIN gives you authentication, but we are providing the authorization layer.”
There are two really interesting applications of OnDot that go well beyond the consumer empowered card experience.
The first is the ability for an issuer to enroll its entire customer base so that they can benefit from detecting patterns of fraud that can fine tune existing fraud protocols.
“Now [the banks] can set certain sophisticated preferences for getting bank personnel alerted, or by turning the card status to ‘off’ in case they find three transactions happening in Brazil,” Co-founder and EVP Rachna Ahlawat said.
The second is in a commercial/enterprise environment. Imagine being able to implement controls related to where geographically cards can be used, how much per day can be spent and even what merchants/merchant categories are within corporate guidelines.
“When we do a card swipe, we are correlating the location at the point of sale,” Bharghavan said. “What I can do [with the app] is bring up a region on the map, and whatever I see will be the region of use.”
OnDot’s capabilities are activated in real time. At our OnDot field trip to a Starbucks in Boston, we watched in real time as the card was declined when it was switched off, to less a minute later when it was flipped back on and the transaction was approved.
When we met the OnDot team, we laughed at how the power of this innovation could start many a family squabble over who turned off whose cards and when. More seriously, OnDot enables a number of capabilities that not only help on the spend management side on both a consumer and corporate front, but give consumers and issuers a new tool in fighting fraud. Cards that are “off” can’t be compromised and fraud can be minimized significantly in the event that cards are lost or stolen.
“Because in the end of it, the cardholder is in the best position to determine whether there’s fraud or not,” Bharghavan said.