Seeking to reduce merchant-account fraud, also known as merchant bust-out fraud, and provide merchants with a way to authenticate consumers, payments-technology provider On The Fly POS is adding Ipsidy Inc.’s Identity as a Service (IDaaS) biometric identity-verification technology to its platform.
Ipsidy’s app validates a merchant’s identity by comparing a government issued photo identification, such as a driver’s license or passport, provided by the merchant to the credential on file with the government or agency that issued the ID. Ipsidy IDaaS technology can also detect if the ID provided has been altered. Ipsidy can validate more than 9,100 official identity documents issued in 245 countries and read and recognize 95 different languages on those documents using optical character recognition.
Merchant-account fraud is a problem because criminals will pose as merchants to set up an account to run fraudulent card transactions through it, receive payment for those transactions, then disappear
“Biometric authentication also helps merchants with day-to-day account management, because they no longer need passwords to log into their account, nor do they need to have to practice password hygiene and change their passwords every six months to maintain account security,” says On The Fly POS chief executive Juan Manuel Garcia. “This is a security tool that not only confirms a merchant’s identity, but can also be used by merchants to confirm a consumer’s identity at the time of purchase.”
Indeed, On the Fly plans to offer Ipsidy’s IDaaS solution to its merchants for use verifying consumers at the time of purchase. Observers say IDaaS is well-suited for protecting consumers from alterations of account information kept on file with a merchant. For example, a criminal who has stolen a consumer’s log-in credentials with a merchant can change the shipping address on the account, make purchases using the consumer’s card on file with the merchant, and then have the merchandise shipped to the new address. Since the criminal used the consumer’s credentials to log in, the merchant is unlikely to suspect fraud.
“Account credentials can be socially engineered using information on the Internet” or gathered through phishing scams, says Ipsidy chief executive and chairman Phillip Kumnik. “Just because someone has the right log-in credentials, does not mean that they are who they say they are. Asking the consumer to authenticate themselves biometrically assures proper authentication. Multi-factor authentication is the way the world is going.”