When a user’s card is used at an ATM or merchant location, the transaction details are sent from the core banking server to a bank’s application server. The application server matches the transaction against the user’s profile and a SMS is sent to the user. The user will be able to inform the bank immediately if the transaction is unauthorised. If the transaction is an unauthorised transaction, the bank will disable the transaction through its credit risk management software.
The SMS notifications will include the following information:-
- ATM or credit card number; or
- Amount used or withdrawn; or
- One of the following requests:-
- Request for user to call the bank directly to deactivate the card
- Request for user to SMS the bank by providing either a pin number that would authorise the transaction or deactivate the card
- Request for user to input a code at the ATM interface to confirm withdrawal (for ATM cards)
If there is an unauthorised usage of a user’s ATM or credit card, the user can send an invalidation code to the bank. Thereafter, the ATM/credit card would be invalidated and further unauthorised usage will cease. A deactivation confirmation SMS will be sent to the user.
This service helps deter fraud since information is passed on to the user in almost real time. It also provides peace of mind to users as they would be informed of any misuse immediately. When used in combination with a per transaction limit, losses could be minimised for both the user and banks.
Meanwhile, banks benefit through improved image due to added security. Banks can also build databases of cellular users, which can be used to educate customers on phone usage for banking as well as to create target 1-to-1 marketing programmes on future value-added services.