Bank of America: Card transaction authorization
On my recent trip to the UK I had some trouble making payments using cards. This is nothing new as banks routinely block transactions they deem suspicious, and as a result ask you to notify them of any planned travel.
If they know you will be in the UK over a period, and a transaction gets processed in the UK, it isn’t suspicious. If you are in the US and a UK transaction comes through, it is.
The broken way
My South African bank Standard Bank routinely blocks transactions, even after I have explicitly notified them. The confirmation of these transactions is normally to call my cell phone number on file - a South African number.
As I am travelling in the US I don’t use that number, and Standard Bank has a “contact number” field on their mobile application which they use to get in touch with you. Unfortunately this does not get used (at all) and they consistently kept trying to call me on the South African number no matter how many times I notified them of the new contact number.
This routinely led to transactions being blocked, despite me notifying the bank of the updated contact number. Additionally, I am explicitly disallowed from having a non-SA number as my contact number for OTPs or anything else.
The fixed way
During my trip in the UK I decided to use the Bank Of America card to make some payment. One payment was fairly large at over $400, and it was (rightfully) blocked as I had not notified the bank. The process from here on out was markedly better.
I immediately got an email from the Bank Of America notifying me of a possibly fraudulent transaction. I followed the instructions, logged in on my mobile device through the website, and was presented with an alert specifying that there were possibly fraudulent transactions.
After clicking on the notice, I was shown both transactions I had made to date in the UK, and given the option to approve or block them. I approved them and the notice was removed. I then tried the payment again and it went through successfully.
The result was that an important payment was made in minutes after having been marked as possibly fraudulent. The time and headache saved compared to the SA way was night and day.
This is a great example of good UX around banking and fraud prevention. I do not have the mobile app (it is in the US app store and my account is tied to the SA app store) but I imagine the email would be sent as a mobile push notification, further simplifying the process.
Old vs new
A particularly interesting point around the above implementation is the age of the institutions and market. South Africa is a newer market and as such has the advantage of being a latecomer, including having newer technology from the outset.
Bank Of America, however, has a much older technological stack to deal with. I can only guess as to how they managed to implement the real time solution above, and I have to say it is fantastic. Joining new technology onto an old platform is what will move this industry forward.
The implementation
The following is a best guess at how they managed to successfully integrate real time fraud notifications.
Banking platforms are normally monolithic at the technological level. BOA would somehow have to have slotted in to the process that either a) pushes payments or b) monitors fraud. Hooking into the latter would be the easiest as it allows less work to be done by the new real time fraud microservice.
This new microservice would then do some further analysis on the transaction, perhaps checking for last known location or the user’s own preferences, and then notify the user according to their preferred notification method. The system could also be smart here and send across several channels if the transaction is abroad to make sure the user receives the notification.
Conclusion
With the US banks’ reputation for development in the fintech space I was more than pleasantly surprised at the great UX and technology implemented around possibly fraudulent transactions. Compared to SA, a newer and more technologically developed market, BOA was streets ahead in this instance.
This may be evidence that incremental updates and microservices are the way forward in this slow moving industry, rather than the “disrupt everything” mantra of Silicon Valley players.