With over £350 million of fraudulent transactions carried out in the UK during 2010, there is a clear and present need to minimise this cost to the banks and credit card companies, enabling cheaper transaction processing for all due to mitigated risk.
One of the primary objectives of Flick is to focus on Not Present At Sale transactions carried out primarily over the phone but also over the Internet and by smartphones.
Much of the card fraud in the UK originates from telephone sales and web sites where PCI standards are either not present or not adhered to. Telephone sales are extremely high risk due to the amount of places card data is found, on tapes of recorded telephone conversations, internal systems, paper trails etc. Much of this information is often available along with the cardholder’s personal information depending on the nature of the company’s relationship with the consumer.
5D Secure?
Flick is the first native mobile API that fully supports 3D secure, enabling the liability for charge backs to be with the banks and not the merchants.
The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
- Acquirer Domain (the merchant and the bank to which money is being paid).
- Issuer Domain (the bank which issued the card being used).
- Interoperability Domain (the infrastructure provided by the credit card scheme to support the 3-D Secure
protocol).
What this now means, is that users of Flick can now perform round-trip transactions for payment, authorised by the Flick client on the mobile phone, without the need to supply card data each time.
Flick adds two further domains to this security to provide 5D secure transaction-processing engine:
- Phone Security Domain – Pin code to access the phone.
- Flick Domain Security – Alphanumeric Flick passcode.
Heuristic Fraud Detection
Our mobile heuristic service enables us to pinpoint the location of consumers at any given point of time. Any cards that have been stolen or cloned and are attempted to be used are simply denied if they fall outside of the fraud rules defined by the systems.
For example, if the Flick system sees a transaction presented for point of sale in Manchester for a card registered to a Flick user who is currently in his London office, the transaction will be informed to the user and likely be denied.
With Flick the control is put into the hands of the consumer allowing them to choose the rules surrounding the usage of their cards.
