GPS: The Future of Authentication?
But a new report published by Gartner Research places emphasis on another use for mobile technology in the financial transaction chain - as a security layer for user authentication via global positioning.
Gartner's report, "Get Smart With Context-Aware Mobile Fraud Detection," released July 29, estimates 1.8 billion smartphones will be used across the world by the end of 2011. And Gartner predicts that by the end of 2013, location or profile information from mobile devices will be used to validate and detect fraud on 90 percent of mobile transactions.
If a card transaction is initiated at an ATM in Phoenix, but the GPS tracking says the cardholder's phone is currently in Atlanta, the bank could flag the transaction as suspect.
Most smartphones, such as the iPhone, have built-in global-positioning-system tracking. It's a nice feature for the security of the phone itself, in case the phone gets left at the grocery checkout or someone lifts it when the owner is not looking. "This is about stronger authentication, and the only device you can count on for this kind of tracking is the cell phone," says Avivah Litan, a Gartner analyst and lead author of the report.
Since most people always have their phones with them, GPS tracking of the mobile device offers a relatively reliable way to track a person's location. As a way to authenticate a financial transaction, here is how it would work: When a user conducts a card transaction at an ATM or POS terminal, the location of the ATM or POS device would be compared with the location of the user's mobile phone via GPS. So, if a card transaction is initiated at an ATM in Phoenix, but the GPS tracking says the cardholder's phone is currently in Atlanta, the bank could flag the transaction as suspect.
But there are some roadblocks.
In order for an institution to acquire a GPS location of a cellphone, it would have to gather that information from the wireless carrier. "The carrier can tell what the two or three closest cell towers are, and they can provide that information immediately," Litan says. "It's fast enough for online transactions, POS transactions and ATM transactions."
But in the United States, where the wireless infrastructure is dynamic and diverse, collaboration between banking institutions and multiple carriers could prove to be an overwhelming logistical challenge. Tracking also raises privacy concerns, and thus would have to be a program the customer or member opts in to. That opt-in would either be overseen by the institution, the wireless carrier or both.
Litan points out institutions could bypass the carriers, but that would require users to download a GPS-tracking app and then opt-in to the service. And that opens a whole new concern, since GPS tracking via downloaded app is not conducted in real-time. It can take a downloadable app between three and four seconds to pinpoint the phone's location, and that's not really effective for authentication at the POS.
The technology is not full-proof, but if card skimming continues to trend upward, this feature could soon become more attractive. It offers a proactive way for a bank or credit union to deny suspicious transactions.
I think institutions would be open to anything that could help them do a better job of that.