Authorising m-commerce with location

Abstract

Global fraud in 'cardholder not present' transactions over the World Wide Web continues to grow, in line with the ever-increasing numbers of transactions carried out over this medium. Unfortunately, at present the measures designed to combat against this fraud continue to require improvements to be made to limit the fraud. In this paper we will propose a series of indicators that financial service providers should consider in their attempts to limit fraudulent transactions. The indicators make use of prevalent technologies coupled with a need to place more power to limit fraud in the hands of the customer, especially given banks are continually moving responsibility onto the customer to protect their data.

Whilst the banking sector uses a variety of measures for fraud detection at present there is only limited usage of device related indicators that customers could establish to limit the fraud on their account. For instance, whilst many users will have multiple devices the likelihood of a user performing a valued transaction on a device outside of that subset of devices is limited. Therefore, an indicator linked to device usage controlled by the customer may help to introduce further difficulties for the individual attempting to commit fraud. Similar indicators exist linked to device geo-location, service usage, time determinants and other aspects.

This thesis demonstrates that users do not find device location services too complex to use. Indeed, providing user controls to enabled personalised security settings increase users trust levels. This research proposes security controls are embedded within users banking application. The effect of this approach increases users willingness to engage with location based security controls. Any initial privacy concerns are overcome as long as the proposed controls remain within the banking application.