Is GPS the Future of Authentication?

A new report published by Gartner Research places emphasis on another use for mobile technology in the financial transaction chain — as a security layer for user authentication via global positioning. If a card transaction is initiated at an ATM in Phoenix, but the GPS tracking says the cardholder’s phone is in Atlanta, the bank could flag the transaction as suspect. Gartner’s report, “Get Smart With Context-Aware Mobile Fraud Detection,” released July 29, estimates 1.8 billion smartphones will be used across the world by the end of 2011. And Gartner predicts that by the end of 2013, location or profile information from mobile devices will be used to validate and detect fraud on 90 percent of mobile transactions. Most smartphones, such as the iPhone, have built-in, global-positioning-system tracking. The feature provides security for the phone, in case it gets left at the grocery checkout or someone lifts it when the owner is not looking. “This is about stronger authentication, and the only device you can count on for this kind of tracking is the cell phone,” said a Gartner analyst and lead author of the report. Since most people always have their phones with them, GPS tracking of the mobile device offers a relatively reliable way to track a person’s location. As a way to authenticate a financial transaction, here is how it would work: When a user conducts a card transaction at an ATM or POS terminal, the location of the ATM or POS device would be compared with the location of the user’s mobile phone via GPS. So if a card transaction is initiated at an ATM in Phoenix, but the GPS tracking said the cardholder’s phone is currently in Atlanta, the bank could flag the transaction as suspect.

Tweet your comments to Security Magazine at http://twitter.com/securitymag