Startups use tech to put cardholders in charge of security
Data breaches are on the rise, but so are new options to curtail their risks
By Taylor Tompkins | Published: April 13, 2017
Former newspaper reporter now focused on rewards and fintech.
With the rise of e-commerce, mobile wallets and other digital alternatives to traditional payments, large hacks have become more frequent, and startups are looking for ways to help customers protect their credit card information, offering them new options to take security into their own hands.
“The number of people who have been impacted by these breaches is just so tremendous,” says Michael Kaiser, president of National Cyber Security Alliance. “Big companies are losing huge volumes of data, and I think that has eroded a lot of people’s trust in anyone’s ability to keep their data secure.”
In March 2017, Neiman Marcus settled for $1.6 million in a lawsuit over a 2013 attack that compromised 350,000 customers’ credit card information. Home Depot, Wal-Mart and CVS have all had major hacks in the past five years, each involving millions of customers’ data being exposed. In fact, the increase in these cyberattacks is breaking the trust between consumers and those who hold their sensitive information, according to a survey from Pew Research Institute.
Aaron Frank and Alex Cramer were two of those cardholders who experienced firsthand what it's like to be victims of one of these data breaches. The pair were trying to buy sandwiches in Berlin when their cards were declined once again. Their cards had been declined throughout the day, but the lunch tab signaled the moment they realized their cards had been compromised.
Upon their return home, Frank and Cramer realized they were among about 40 million customers whose information – including credit and debit card numbers – was stolen from Target in December 2013. In response, the pair decided to come up with a solution. They founded Final, a startup that, among other companies, is looking for new ways of protecting payments and putting customers in control of their credit cards' safety.
“The ecosystem of payments is undergoing a lot of different change,” Kaiser said.
There is still a disconnect between cybersecurity for sensitive data available to customers and what is available to corporations, said Ruoting Sun, product marketing manager with Duo, a multi-factor authentication company that works in corporate data security.
Companies like Final, Ondot and BillGuard are working to bridge that gap.
After the incident in Europe, in which Aaron Frank and Alex Cramer say they had a “really poor customer experience,” the two dove into the credit card business. Final combined the pair’s firsthand experience with data breaches and their technology backgrounds.
What it is: Final is a Visa credit card that allows users to protect their credit card information by creating linked “virtual cards” for online transactions.
How it works: The virtual cards have their own unique card number for every online store or subscription service customers buy, but are tied to the same line of credit as the physical card. This means the cardholder’s credit score won’t take a hit. These virtual cards are generated through Final’s app for mobile phones.
“Why in today’s day and age – when these breaches are happening more and more frequently and you can build technology that allows people to use a unique number for every transaction or for every merchant – [do we] use the same static, toxic data everywhere?” Cramer said.
While the creators of Final took credit cards into their own hands, Rachna Ahlawat and her co-founder, Bharghavan Vaduvur, at Ondot created a platform that banks and card issuers can offer their customers on their existing cards.
What it is: A platform available for banks to integrate into their apps that allows customers to control multiple facets of their credit cards.
How it works: Customers can tie their card to the GPS on their phone, allowing only purchases made in that immediate area to be processed, preventing fraud and false alarms by the bank. Cards can temporarily be turned on and off in the event of a card going missing, and consumers can disable certain types of transactions or merchants. Customers also can easily dispute charges from the app.
“Just the fact that in any way your identity or your credentials were compromised, or your card was misused, is a huge sort of blow to your personal security,” Ahlawat said. “Consumers these days know best.”
With a running ticker on their website of how much money they have saved from fraud, BillGuard tries to combine social media with credit card cybersecurity.
What it is: BillGuard is an app that lets users identify suspicious charges on their credit cards and alert others. (Customers looking for it in the app store will find it under Prosper Daily, the company that bought the startup in 2015.)
How it works: Customers can view all their accounts and balances on the BillGuard app. The app allows users to flag a suspicious or fraudulent charge they have spotted on their credit cards – it won’t identify these charges for them. The app then alerts other customers in the area that have shopped at the same retailer as the fraudulent charge, so customers are essentially alerting those within their proximity. As with Ondot, users can dispute purchases within the app.
BillGuard and Prosper Daily did not return requests for comment.
In the digital age, Final, OnDot and BillGuard are providing nearly-instant capabilities that allow consumers to monitor and control their credit card transactions on their smartphones. By putting the safety of credit card data back into the hands of the customer, these startups are hoping to create a more secure environment. Consumers may not trust enties with their sensitive information, but who better to put trust in than themselves.
- You may soon be able to buy lottery tickets at grocery checkout – States have to approve shoppers using smartphones linked to credit or debit cards to purchase Powerball and Mega Millions chances ...
- EMV chip card torture test – We put EMV chip credit cards through a series of tests to see how they stand up to common threats such as extreme temperatures, water and corrosive liquids ...
- Abolish the password? Card issuers are working on that – Credit card issuers and banks aim to phase out passwords over the next few years with the help of biometric authentication ...