Dwolla Corp., an alternative payments provider, is developing technology to help banks cut fraud as they start allowing transactions from mobile devices — and also help them decide which mobile devices are worth investing in to begin with.
The Dwolla Dashboard will provide aggregated, anonymous geolocation and device-printing information to determine, for example, whether customers accessing the bank's website on a mobile device use Google Inc.'s Android over Apple Inc.'s iPhone. After a bank develops for that channel, it can continue to track customer behavior for any red flags that indicate a device or an account has been compromised.
"If banks are developing a native application for online banking, it's valuable for them to know that 73% of their customers use iPhones," said Ben Milne, chief executive and co-founder of Dwolla. "Financial institutions, Dwolla and consumers [can] utilize this new data to make better decisions about [potential] fraud."
The dashboard, which Dwolla announced last week, is scheduled for release by yearend.
Dwolla works with 10 banks and credit unions, and has more than 10,000 end users. It lets consumers make person-to-person payments through email and through social network sites like Facebook and Twitter.
The company charges a flat fee of 25 cents for transactions because it does not rely on credit card networks to process them.
The Des Moines, Iowa, vendor recently announced a geolocation service, called Dwolla Spots, that lets consumers find nearby merchants that accept Dwolla payments. The new dashboard will leverage the technology used for Spots.
"Mobile marketing seems like a strong selling point, and [so is] being able to identify users and present things in context," said Dara Khan, a senior analyst for First Annapolis Consulting, in Linthicum, Md., who said such services were still in early phases, and perhaps too nascent to use now for customer identification and to combat fraud.
Securing P-to-P payments is tricky, because two sets of consumer information are required — the credentials of the person sending the money and those of the person who is receiving the funds.
"You have two unknown endpoints, and it's a great way for fraudsters to use stolen debit card or credit card numbers," said Julie Conroy McNelley, a senior risk and fraud analyst at Aite Group LLC.
Online and mobile alternative payment systems may also lack the anti-fraud measures developed over the years for credit and debit cards.
"Social network payments represent a less mature environment with fewer underwriting and risk-management standards," Avivah Litan, a vice president and distinguished analyst at Gartner Inc. in Stamford, Conn., said in an email.
Geolocation services are attractive to banks, but they raise concerns about consumer privacy.
"Geolocation is something a lot of financial services companies are considering," McNelley said. "It has not yet been deployed in any widespread fashion, because many financial services companies are worried about [a potential] consumer perception of them as Big Brother."
Analysts said there were other factors to consider, like not interfering with consumer transactions with an overly burdensome authentication process.
Litan said that while she favors geolocation as a means of authentication, current methods for pinpointing user whereabouts might be too slow, particularly if the geolocation service relies on standard Global Positioning System hardware.
"If [consumers] have to wait for their locations to be authorized at the point of sale, it will be too late," Litan said.
Milne said customer location information can be transmitted within seconds.
He said use of such information for authentication would also be based on a consumer's choice to opt in.
Other providers of P-to-P payments, like CashEdge Inc. of New York, currently use device printing and IP address geolocation to verify and authenticate users.
"Generally speaking, you as a consumer would be using two to three devices at the most," said Amir Sunderji, senior vice president and chief risk and payments officer for CashEdge.
"If you enter your login credentials from five different devices, it is a suspicious transaction," Sunderji said.
Fiserv Inc., of Brookfield, Wis., uses device printing for its mobile banking product Mobile Money.
While it does not do so with ZashPay, its P-to-P offering, it's something the vendor said it is considering, along with geolocation authentication.
"We can expect to use the phone information … to authenticate the user," said Calvin Grimes, mobile solutions product manager for Fiserv. "We think this is a good way to secure mobile transactions."
