Scramcard, a startup founded by former Westpac chief security officer Simon Hewitt, wants to solve credit card fraud – with something that looks like a credit card.
Credit and debit card fraud cost banks and businesses over $16.31 billion globally last year. Banks absorbed 62% of the losses and merchants the other 38%.
As payment fraud becomes more sophisticated, annual worldwide losses are projected to top $35.5 billion per year by 2020, with total losses amounting to $183.29 billion from 2015–2020, according to a recent Nilson Report.
Scramcard’s answer is a credit card with a keypad on it. Instead of carrying around your cards and putting them into possibly infected terminals, you connect them to your Scramcard account and use that instead.
The keypad and screen allow you to select which account to pay with, turn on the NFC chip, generate a one-off code or pin number for paying or withdrawing cash, or create a unique identifier for verification.
For the consumer this means a whole new level of safety. Unlike most of our current cards, which have an always-on Near Field Communications (NFC) chip – basically what allows us to do contactless payments – the Scramcard chip is only on just before we pay.
Consumers will also be protected from infected payments terminals, like those that allowed hackers to steal 40 million credit and debit card numbers from American Target customers, because the numbers are constantly changing.
Online and over the phone, the situation is the same – you use numbers generated for a specific transaction, making it useless to steal the details.
“You only ever type your pin in to the card. That will generate a new pin number every time,” says Hewitt.
“So if someone is looking over my shoulder or skimming the card, it’s not going to work 5 minutes later.”
ScramCard has teamed up with Mastercard to use their payments network. This means that from a merchant point of view, all the transactions are Mastercard transactions, no matter how the customer chooses to pay.
Theoretically, you could pay with an American Express at a merchant that doesn’t accept it, and they would be none the wiser. Although you would have to swallow the difference in fees (American Express charges a higher rate than many others).
“You would link your American Express card details with us. That payment would go ahead with American Express. So we are not cutting them out in terms of margin,” says Hewitt.
“We are giving them access to 26 million merchants they don’t have access to.”
Scramcard doesn’t launch until the new year, and when it does, its customers will be banks and “prestige brands”. Hewitt points out that whoever consumers get the Scramcard from doesn’t necessarily need to be a bank – the financial services are all inputs on the back end.
But if Mercedes or Qantas or another big company wanted to brand the card and sell it to their customers, they would have access to a great trove of data about our spending habits. Adding a loyalty program onto the card is a “logical extension” to the entire idea, says Hewitt.
In the end, Scamcard’s extra layer of protection is also potentially a barrier to consumer uptake. Many businesses and consumers don’t enable two-factor authorisation for their online accounts, for example, the pain of an extra step overwhelming the added security.
But this is okay says Hewitt, because when they launch in 2016 they are aiming for early adopters. And as banks and other financial institutions start to force new technology and shift the liability for fraud to merchants and banks, we all may end up being forced to use a system like this.
“Our target market is not a one-sized fits all,” says Hewitt
“For those that say ‘I don’t want to do that’, that’s fine. The intent is for those who love the technology and want to take the extra step.”