A new system lets consumers deactivate debit and ATM cards from a mobile device, reactivating them only as needed.
The security system, which one bank is testing, has the potential to make stolen card data less valuable, since a card would work for payments or cash withdrawals only when the legitimate customer permits it to. The technology, called card lock, is part of Diebold Inc.'s MobiTransact mobile banking platform.
Consumers would have the flexibility to keep a card switched off at almost all times – or to lock it only in high-risk situations, such as when it has been misplaced, says Thomas Swidarski, the company's chief executive. The system is another step towards truly mobile banking transactions, he says.
Card lock helps banks "tie the different channels together … [It protects against] fraud and skimming and the like," he says. "If you can turn your card on and off then it becomes a huge [benefit] in the marketplace."
Diebold would not say which bank is testing card lock, which it provides through mobile browsers or text messages. Diebold plans to officially launch card lock later this year.
There is a strong need in the market for a security feature of this kind, industry watchers say.
"This is exactly the kind of capability we've been calling for in our bank safety scorecards, where banks can enable new technology to lower, rather than just increase, risk, all by putting more control in the literal hands of the customer," says James Van Dyke, the president and founder of Javelin Strategy and Research.
Diebold could take the technology a step further by partnering with processors to create better controls for online transactions, he says.
"ID criminals have sometimes stayed one step ahead of bankers and vendors by attacking through the customer," says Van Dyke. "Empowerment, versus just a back-end authentication or detection capability, is the future."
Banks may have difficulty teaching customers how to use card lock, says Ron Shevlin, a senior analyst at Aite Group. Although the ability to deactivate a card is valuable, banks will face customer service issues from people who have trouble turning the card back on.
"If you turned your card off, and something happens and you don't have cell phone service, your cell phone is dead, and you need to make a payment," then the customer will be upset, he says.
Diebold's card lock function is in line with what many banks are promising with mobile wallets, which allow phones to function as payment devices. Many of the systems that are being tested or deployed today include a feature to lock the digital wallet with a PIN or password. The handset can also be locked with a PIN that's different from the one used for the wallet app, providing a second layer of protection.
However, those systems apply only to the phone. If the same account can be accessed through a mag-stripe card, the card could be used even if the phone is locked up. Diebold's system affects all copies of the card, using the phone as a remote control for the account instead of as a payment device.
Features such as card lock "will become more common and will enable consumers to have "on-the-go" control over financial matters," said Beth Robertson, the director of payments research at Javelin. "Any self-service feature designed to protect consumer security and accounts will also be more valued."