Blog article
See all stories »

An article relating to this blog post on Finextra:

Visa tests SMS alert service

Visa Europe is trialling a mobile phone-based notification service that sends customers a text message every time their card is used

See article

Has Visa Europe missed a trick

Organisations in the financial services sector are finally realising the potential of SMS technology to improve their customer service offering, enabling access to real-time information and to guard against fraudulent activity.

This latest service from Visa Europe will certainly bring benefits to its cardholders, but it does not complete the circle. Should the customer receive a notification from their cardholder highlighting potentially fraudulent use of their debit/credit card, they are then faced with the lengthy task of contacting customer services to stop the transaction and cancel their card. This process is neither seamless for the customer nor satisfactory for the card issuer, who still bears the administrative burden.

Financial institutions like Visa Europe are missing a significant trick – the full automation of this process using a sophisticated two-way SMS application. This add-on to existing business processes automates and extends the workflow, boosting the customer/employee experience, without increasing costs. With two-way SMS Visa cardholders would be notified of a pending transaction, simply replying “Yes” to authorise the transaction or “No” to decline it. Based on the response received, the database is enabled to continue the workflow process, empowering the customer to instantly react and removing a costly layer of administration for the card issuer.

The crux of such a solution rests on the ability to correlate multiple outbound messages with their specific responses. This means the content of the reply can be fed back directly into the organisation’s database query triggering the next step in the workflow sequence, all without human intervention.

With the long standing ‘reply’ conundrum addressed, two-way SMS promises to be a small but significant revolution in the business-customer/business-employee relationship - breaking down boundaries, enabling direct interaction and bringing greater speed and efficiency into the equation.

Peter Tanner

Managing Director

Boomcomms Ltd


Comments: (7)

A Finextra member
A Finextra member 13 August, 2009, 00:55Be the first to give this comment the thumbs up 0 likes

Whilst an automated response as you propose is what is desireable as it is cost effective both for the organisation and the end user,  sms is not secure as a response mechanism and is limited to 160 characters.


Jim KING  

A Finextra member
A Finextra member 13 August, 2009, 11:02Be the first to give this comment the thumbs up 0 likes


You asked if VISA has missed a trick after you suggested that it seems ideal to send a SMS and wait for the cardholder to reply during an authorization request.

The answer to this is - NO, VISA has not missed this. 

Card Authorization requests are sent from the POS or card acceptor to the issuing bank (bank that issued the card) through a payment processor. Note that not all card transactions require authorization by the issuing bank. For chip and pin card payments, the floor limit, for example, can be 100 euros. What this means is that an authorization request is sent to the issuing bank only if the amount is over 100 euros. Floor limit for signature-based card transactions is lower. There are other rules that apply...

With a 4-party card scheme, a merchant bank also participates in this seamless process, which usually only takes seconds to complete. Most issuing bank's authorization systems are ported on a mainframe platform, some using CICS (also sometimes referred to as 'kicks').  

A user interface that might pause, stop or control the flow of a card authorization request does not exist and will not work because of business and technical reasons. 

You may consider these authorization requests as application transactions that are sent and queued to the issuing bank's authorization system for processing. Once a card authorization request is sent by the card acceptor (merchant), there is no stopping this seamless process. 

Thus, the process and system closest to what you described is a system that enables the cardholder to set limits prior to the card authorization request. This can be done via several interfaces (web, IVR, SMS or mobile). These 'limits' are then sent to the issuing bank's card authorization system where they are recorded. Once a card authorization request is sent by the card acceptor, the issuing bank's authorizations system then checks, matches and updates these 'limits' before it approves or rejects the authorization request.

In conclusion, VISA has not missed the system that you described since it will not work. It has, however, missed the system that I described since it is patented and VISA applied for the same thing, 13 months too late.


Tom Hay
Tom Hay - Payment Systems Europe - London 14 August, 2009, 12:02Be the first to give this comment the thumbs up 0 likes

As well as the technical hurdles mentioned in the previous comment, there is the issue of the customer experience.  While an interaction that involves the customer receiving an SMS and sending a reply to confirm the transaction might be acceptable for internet transactions, it would be intolerable for POS transactions in the physical world.  Imagine standing at a busy checkout waiting for an SMS to arrive!  Since this would only happen for potentially fraudulent transactions it would also be unpredictable and confusing for the consumer.

Michael Kyritsis
Michael Kyritsis - ACI - London 17 August, 2009, 19:14Be the first to give this comment the thumbs up 0 likes

Dear Peter, you've ignored a significant additional cost: assuming you're not proposing to hold up the online authorisation with SMS messages (as pointed out above the entire authorisation needs to complete on average in fractions of a second) it means you're suggesting that the cardholder should reply "YES" or "NO" after the auth, but before the transaction is settled (i.e. the Visa BASE II record is processed). Effectively you're giving the cardholder the ability to initiate a chargeback, which is an expensive, time consuming process as it requires the merchant to retrieve original source documents, and submit them (sometimes via fax).


A Finextra member
A Finextra member 11 September, 2009, 11:51Be the first to give this comment the thumbs up 0 likes

Dear all,

Thank you for your comments, to which I thought I would respond. The option I suggest is not that SMS should be used to complete immediate on line authorisations.  I am proposing that the advent of full circle, two-way SMS will improve the service experienced by the customer and afford greater management and control for the bank or card company. The additional layer of fraud control prior to automatically cancelling or barring a card, avoids disruption to the customer’s daily routine and would be a great place for both the banks, and their customers to be.

Where a bank for example, would usually flag a potential fraudulent transaction by taking immediate action to bar the card, or request customer contact via a help desk, I propose the use of a text message to prompt the required information from the customer instead. As this communication would be automated into the workflow process, the bank itself can define the amount of time it is prepared to wait for a response from the customer before it continues with its standard practice. Furthermore, security requirements can be defined within the SMS process, and the bank can either escalate or close the workflow as it sees fit, based on the SMS response, or lack of one.

Crucially, this means that for the first time, a bank can securely integrate SMS into its customer management processes, including credit card options, account management, overdraft alerts, fraudulent warnings and much more. In turn, the customer is empowered to take appropriate action by SMS, a function many of us take as second nature, and the bank has the potential to make huge savings by removing some of the administrative burden, and also by potentially reducing fraudulent activity.

For consideration:

- Text message can often be delivered anywhere in the world within 60 seconds

- Nearly every mobile handset can be reached by SMS

- There is no need for training and no software download  required

- SMS is already fundamentally secure as a message will only ever go to the phone number it is sent to

- There is always a full audit trail of communications, including delivery receipts

- Text messages are admissible in a court of law

- Texts can be delivered in any language

Implementing a text messaging solution that guarantees the correct SMS response is delivered back to the original database record that issued the message, allows for a completed workflow transaction.

It’s all about the humble SMS - I say keep it simple!!

A Finextra member
A Finextra member 17 October, 2009, 08:20Be the first to give this comment the thumbs up 0 likes

"While an interaction that involves the customer receiving an SMS and sending a reply to confirm the transaction might be acceptable for internet transactions..."

Not really, a card issuer does not have any control over how the card payment is accepted. Authorization requests for online card payments can be processed on a real-time or sometimes later via batch. So, this will also not work for card-not-present transactions. 


A Finextra member
A Finextra member 17 October, 2009, 13:32Be the first to give this comment the thumbs up 0 likes

The first thing I learnt about retail payments is 'speed is essential'.

While premium SMS can be quick, it also has a premium fee.

I'm very happy to see Visa doing what they're doing, but not for the reasons you might imagine. I'm looking forward to them rolling out RFID too :)


Now hiring