Is MasterCard's fraud program just another data grab?

Evan Schuman

Marketing executives salivate at the thought of being able to track shoppers via their mobile devices. The only problem: How to get consumers to sign on to that? MasterCard might have the answer. By spinning it as a global payment convenience, MasterCard has put a happy face on a major potential information grab.

Here's the deal. MasterCard and its partner Syniverse, a global mobile telecom firm, want you to opt in to let them track your mobile geolocation data. MasterCard says that cardholders who opt in and then travel to other countries will have fewer transactions denied. You see, cardholders are supposed to call their issuer before leaving the country so that their itineraries can be fed to the issuer's antifraud systems. When the cardholders don't do that, they are more likely to have their purchases denied.

So, says MasterCard, let's make this easier for everyone. Just register your phone with us, and then when a transaction request for you comes in from, say, Greece, our system will be able to check to see if your phone is in Greece too. If it is, the transaction is more likely to go through.

The news release announcing a trial of this program said that "mobile geolocation can deliver payment security." That is not precisely true, in the sense that it is completely false. The way this program is being set up, mobile geolocation data will tell MasterCard that your phone is in the same country where someone is trying to use your card to make a purchase. If anything, the program loosens the fraud controls for the convenience of cardholders. But just think how easy it would be to subvert that. If your MasterCard were stolen at Giza and then used to buy a high-res TV in Cairo, MasterCard's new geolocation effort would take a look and decide everything must be fine, because your phone is in Egypt.

You see, the MasterCard trial doesn't, for example, react to a transaction being processed at a retailer on Via dei Calzaiuoli in Florence by checking to see if the cardholder's mobile phone is also on Via dei Calzaiuoli. The technology exists to do so, but MasterCard won't be doing it, at least not as currently planned. Executives with MasterCard and Syniverse said the system is not going to dig beyond country level. (Though even that will be in a rather haphazard manner. MasterCard and Syniverse might note your arrival in Italy, then not check again when your card gets swiped on Via dei Calzaiuoli. Meanwhile, you may have turned your phone off and flown on to Spain. MasterCard won't know that.) Although country level is better than nothing, it doesn't have nearly the fraud-prevention potential of a more specific ping. "All we care about is whether the consumer has changed the country where they are visiting," said James Davlouros, MasterCard's vice president of global strategic alliances.

1  2  3  Next Page