Fraud Prevention and Security
Asking your users to run your app is asking for their trust. These users may be your customers or their employees. They are likely a crucial resource, and their trust is, or should be, sacrosanct. If there is a security breach, you will be blamed, even if it is due to the actions of another user. The trust of your users is developed over time by all the decisions that you make based on their interests. When our clients ask us to design or implement apps to be run by your users, we take that responsibility seriously. We’ll protect consumers by designing fraud prevention and security into your prepaid card app, making payment information more secure and alerting consumers to possible fraudulent accounts and transactions.
Our clients can define their own policies for fraud prevention. You know how your cards are intended to be used. Make sure that this information is leveraged to help keep your users safe. We’ll work with you to help you encode invalid use cases, such as a card being out-of-state, into rules that will trigger alerts when violated, stopping potential frauds before they occur. Your users may not thank you for it until somebody else’s system is compromised.
Things we do to protect our clients and their users
We build EMV compliance into your chip-enabled card
The EMV standard is named for the three companies that originated it: Europay, MasterCard, and Visa. These cards are secure because they have chips that not only store information but reply to queries and thus can participate in a protocol through which terminals may request particular operations or information. The card and the terminal can each decide whether or not to comply. EMV is effective enough that merchants are now liable for fraud resulting from transactions on systems that are not EMV-capable. There’s no longer any excuse for failing to use this technology. We do it in a way that minimizes the contact that we need to have with your users’ sensitive information because of the fewer potential access points for a criminal, the better.
We leverage tokenization in place of the actual debit card number
Using a token secures employee information, because unlike the card number, the token can be generated anew with each individual’s login. Systems that use the card number directly are susceptible to card skimmers, which may be installed in card readers to record these numbers when cards are used. With tokenization, the card number will not be useful to one who records it surreptitiously.
We use biometrics, like fingerprints, retina scans, face/voice recognition
By including biometrics in the generation of the token, we make it even more difficult for a thief to access a user’s account. Even if one were able to generate a valid token, to be effective it would need to incorporate that individual’s biometrics.
We scan receipts for malware upon importing them into a device
Just as your computer system may scan new programs or other files for malware such as computer viruses, your users can rest assured that we take care when uploading receipt images to verify, to the degree possible, that they are safe.
You can count on us to continue to survey and apply the latest technologies to keep users’ payment details safe.
We can’t do it all
In an ideal world, we could provide a perfectly secure app and your users could go about their business not needing to worry about security. Unfortunately, we don’t live in that world. Security of financial information is a team sport—everybody needs to do their part. As much as we do to protect the information of your users, this will remain a partnership, and as such we will still need for them to take reasonable precautions. In particular, we will need for them to protect their debit card information as well as their online accounts from all those that might try to access them inappropriately, whether, for example, through phishing emails or by taking advantage of poor password hygiene.
It’s not only us and the cardholders who must do our parts. Merchants need to maintain up-to-date technology, banks need to provide secure protocols and monitor for suspicious transactions, and governments needs to enforce appropriate standards.
We work with our clients to build systems that are both secure and convenient to use, for all who come in contact with them.