Need an answer… not sure it’s this

So, Ericsson is pushing their new payment security service that uses your phone to validate credit card transactions.

The deal is this: you register your phone with your bank so that your bank can get information about what country you’re in. Your bank validates the country of origin for transactions made by you – so if you decide to buy stuff your bank will look to see if you’re actually in that country or not before authorizing the transaction. So if somebody attempts a transaction in Romania – and I’m currently in the US – it’ll decline it. Whereas if I’m actually in Romania, it’ll allow it.

Now, call me cynical, but I’m not sure this is a good idea. First, I don’t like the idea of anyone (least of all “Goliath Bank”) keeping tabs on my whereabouts for any purpose. I don’t care if it’s just country of origin. I don’t care if they promise to throw it away every time after they “peek in” on where I am. I just don’t like it. I also don’t want them knowing my cell number – because sooner or later it’ll occur to someone over there that they should send my statements to it… or a few “hey you should use our credit protection for 50 bucks a year” calls… or maybe the occasional SMS about why I should transfer balances to their card.

Second, how often do we really expect this to work? It can’t be just me that turns off their phone when they’re out of the country to keep from paying extra bucks for out-of-country usage charges. And it doesn’t matter that the phone only has to be on briefly for it to work; how many people are going to turn on their phone (but not use it) for the sole purpose of authorizing credit card purposes? It seems to me doubtful that people are going to remember to do this.

Lastly, keep in mind that there’s another equation in play here. Namely, the problem of the “PAN + CVV as authentication vehicle” problem that we’ve all had to learn to deal with over the years. Here’s what I mean. If there’s so much fraud going on that banks are paying Ericsson a fee to play “Where in the world is Carmen Sandiego’s VISA card?” or “Where’s Waldo’s iPhone?” – and the only alternative to this is to lock out any transaction originating from a particular country – isn’t the real answer to fix the transaction validation problem? Bolting on location-awareness to fix the underlying broken validation doesn’t seem like the right fix.

But then again, efforts to address the transaction validation piece (like Verified by Visa, SPA/UCAF, and SET) all failed… the one advantage this has that those efforts didn’t is that this doesn’t require the merchants or cardholders to do anything (huge plus), so maybe it’s a better idea than it looks like to me at first blush…