Fighting Fraud: How 2 STL Startups are Trying to Stop Cybersecurity Scams

Electronic payments are nearly universal in 2015, with customers giving out some piece of personal information on a regular basis to confirm their identity when completing that transaction.

How many times a day do you use your credit or debit cards to make transactions? Maybe you pick up your morning coffee, pay utilities online, buy tickets to a concert and stock up on groceries.

Electronic payments are nearly universal in 2015, with customers giving out some piece of personal information on a regular basis to confirm their identities when completing that transaction.

shutterstock_165303932

As a result, personal and financial information is in a state of near-constant exposure, making it increasingly susceptible to being stolen and used fraudulently. There is an entire industry centered around protecting consumers’ personal information, but as the rash of recent data breaches proves, it is a constant and ever-changing battle.

“There is no silver bullet. That’s the big thing,” says Canh Tran, co-founder and CEO of Rippleshot, a FinTech company that aims to detect and combat data breaches. “Fraud has existed since the beginning of time, it’s just going to evolve.”

Rippleshot uses algorithmic analysis to detect the source of a data breach and get ahead of the potential wave of fraudulent transactions.

Once fraud is reported on cards, Rippleshot compares points of commonality among the cards, identifying the merchant that was the source of the breach and providing warning to any card company that had cards used at that merchant. Banks can then cancel potentially breached cards before fraudulent transactions take place.

Limiting the window of availability for fraudsters to exploit stolen information is crucial, especially because outright prevention is costly and exceptionally difficult. As one potential weak point is fixed, another takes its place; often in environments many consumers never expect.

“Let’s say we cover your credit card. When’s the last time you went to the airport? Did you use the mobile phone rechargers at the airport? Well, some of those are corrupted,” Tran says.

“So now you recharge your cellphone at that charging station and they suck out all of your pictures and information and they hold it for ransom.”

On the consumer side, disciplined monitoring of assets is crucial. Even the savviest consumers make mistakes, and the most advanced prevention methods in the world can’t account for simple slip-ups.

“You could have the best protection in the world and your credit card falls out of your wallet and you lose it,” Tran says.

While Rippleshot helps mitigate the impact of large-scale data breaches, consumer awareness and control will always be the best defense. That’s the operating principle behind MiiCard, a company that offers users control of their online identity through a digital passport.

“If half of the U.S.’s personal information is out there with the fraudsters, how do you rely on that information as proof that it’s [you]?” asks CEO James Varga. “The more we share personal data, the more at risk we become for that data being used against us.”

Each time you share personal information, that information is now held by someone else. Most merchants will require that information to confirm the identity of the person on the other end of the transaction. The more you share it, the more chance it has to be exposed.

But what if you didn’t have to share it each time? MiiCard allows consumers to connect to their service using a bank login, and through that, establish confirmation of identity. Why banks?

“Banks trust banks,” Varga says. “Banks know us really, really well. Your bank knows where you work, where you live, what you do.”

“It knows if you go to the gym or not, how many movies you watch a week. Your financial profile, when you include your credit cards and everything else, is a fantastic way to connect the digital you to the physical you.”

Once the bank verifies you are who you say you are, your MiiCard acts as your digital passport in any verification. Instead of entering a litany of personal information on each site, your MiiCard is enough.

“You’ve got granular control over which information you want to share with sites or merchants,” Varga says.

By removing points of entry where fraudsters could access personal data while also giving consumers comprehensive control of that data, MiiCard hopes to mitigate risk and free up resources that were once used on detailed verification systems for other uses in the fight against fraud.

“Providing an industry-driven solution isn’t going to work. It needs to be driven by the consumer,” Varga says.

“If we establish for 50 percent of people in the U.S. a single, strongly authenticated identity where those consumers have that control and can own and manage that identity, and we took 50 percent of the pain away, we could tip the balance against the fraudsters.”