With high-profile hacks, malware and oversights leading to billions of dollars in credit card fraud, the unauthorized use of other peoples’ money has been a recurring theme in the world of commerce over the past year. Though Target was the biggest name with 40 million credit cards stolen, there are thousands of similar pieces of malware affecting both retail and online storefronts.
SafePay, a Toronto-based startup, is looking to add a dose of smartphone-based two-factor authentication to e-commerce, and is looking to raise funds on Indiegogo to do so. Working with firms like WooCommerce, PrestaShop, OpenCart and Magento — companies whose services you likely use every time you pay online, even if you aren’t familiar with the names — SafePay wants to insert its authentication service into the payment workflow to prevent fraud.
Users download an app for iOS or Android that acts as a conduit for receiving payment-based notifications. If a cardholder — or a fraudster — enters a legitimate credit card into a SafePay-powered e-commerce site, the API will send a verification to that connected phone; the transaction will only be approved if the user consents.
Such two-factor authentication methods have become pervasive in the online services space, as hackers continue to devalue the alphanumeric password. Companies like Apple and Samsung have implemented fingerprint readers to offer biometric alternatives, but the credit card space has little to no extra safety far up the chain.
The idea of two-factor authentication is not new, but it forms one of the major tenets of digital security: incorporating a password and a real-world object, such as a smartphone, that a fraudster or thief likely doesn’t have access to. Indeed, the two credit card companies offer something similar in Verified by Visa and MasterPass, but neither offer currently incorporate a second-screen push notification-based smartphone verification.
For SafePay’s part, partnering with e-commerce companies, which are less monolithic and a lot more transparent than the credit card issuers, the banks and the merchant service providers, was a no-brainer. Founder and CEO Mick Bhinder explained that SafePay’s solution promises to make it easy for merchants to integrate and account holders to use. Once a buyer has created an account in the SafePay app, the e-commerce companies only need to handshake with that existing login — there is no repeated login or recreation of SafePay credentials.
The company, which has been around for over two years, is self-funded, and wants to stay nimble in a world of venture-funded outfits. Working with Indiegogo, Bhinder and his team decided to raise $50,000 to improve the current iOS app and begin development of an Android version. Aimed at early adopters and developers, the intent is to heavily discount the first year of subscription service for small, medium and large businesses looking to add SafePay protection to carts currently running on its partner e-commerce backends.
Bhinder also promises that every backer will not only get priority service, but will be able to request five online merchants not currently being protected by SafePay to incentivize negotiations for new contracts. The CEO says that SafePay is currently in talks with other companies, and should be making further ecosystem announcements in the coming weeks.
While credit card theft is rampant, and increasingly virulent as fraud attempts become more complicated — and successful — the ability to verify individual transactions with a smartphone which, once denied, can be reported to credit card issuer before more money is stolen, has the potential to provide enormous piece of mind.
With over 70% of Canada’s credit card fraud taking place online, there’s good reason a product like this exists today.[source]Indiegogo[/source]