While online merchants have been getting better at combating online fraud, it still cost them $3.4 billion last year, or about 1 percent of online revenues. Now a Toronto startup is hoping to help reduce that figure by employing an increasingly ubiquitous tool: the smartphone.
SafePay Solutions Group is launching a tool in the U.S. and Canada for merchants and consumers that uses a smartphone to verify online purchases. It gives merchants an added layer of protection against fraudulent purchases and helps users prevent someone else from putting purchases on their card. But it will face a lot of challenges in trying to make an impact.
Here’s how it works: A consumers downloads the free SafePay app (on iOS for now with Android, Windows Phone and BlackbBerry coming later this year) and enters in their billing address and the first and last six digits of all the credit cards they want to register with SafePay. When that customer or someone who obtains the user’s credit card number tries to make a purchase at a site that uses SafePay, the user is sent a real-time in-app push notification alerting them to the transaction and providing them 60 seconds to approve or decline the sale.
SafePay starts working the minute it recognizes a user’s address or credit card numbers during the shopping cart process. If the user declines a purchase through a push notification, the transaction is canceled. If a user isn’t near their smartphone to deny a fraudulent charge, the merchant processes it like any other transaction. But users can flag the transaction and report it after the fact to their bank or credit card company. SafePay is working on a feature for this fall that will allow a user to set a default denial if they don’t respond to a push notification.
SafePay’s founder and CEO Mick Bhinder, a veteran of Visa, American Express and Discover, said the service will roll out first with five unnamed online retailers. Retailers will pay a $240 annual subscription for SafePay. He believes many merchants will find this valuable because of the potential for reduced fraud liability.
SafePay is part of a growing number of mobile tools aimed at combating online fraud. Banks in recent years have rolled out mobile fraud alerts, sending messages to users when a transaction looks suspect. SafePay, however, is different in that it takes a merchant angle and also asks for every purchase to be verified, not just suspicious transactions.
But it faces some big challenges to really make a dent in online fraud. Merchants will only find protection and significant cost savings if a large number of users sign on. But users won’t have much need for the service unless a lot of big name retailers are on board. Even if a user signs up and there are a good number of sites participating, a thief could still use stolen card information on thousands of sites that don’t employ SafePay. Unless it’s somehow comprehensively rolled out on most big retail sites, it’s going to be hard for SafePay to really cut into online fraud.
I’d be more optimistic if SafePay was used by banks or credit card companies, who can encourage their merchants to participate. But the financial institutions don’t bear as much penalty for fraud as the merchants do so they might not have a big sense of urgency. Still, I’d like to see a smartphone powered service like this gain acceptance at some point. We have smartphones with us all the time and they can act as a real-time tool to spot and prevent fraud.