ondot-card-securityBack in the early days of the consumer internet, the thrilling new world of AOL chatrooms allowed some of my classmates at a bucolic parochial junior high to carry lists of hundreds of stolen credit card numbers around like badges of badboydom. Obtaining them was easier than filching a pack of cigarettes or somebody’s dad’s back issues of Playboy.

Public awareness of the risks of identity theft has grown steadily on the backs of increasingly alarmist news reports going mainstream last year after more than 100 million Target customers had their credit cards compromised during the Christmas shopping season.

Credit and debit card fraud is big money. According to a 2013 Nilson Report, card issuers were on the hook for $7.1 billion and merchants for $4.2 billion in 2012. Traditionally, fraud prevention has relied on actual humans to follow up the alerts generated by expensive and sophisticated fraud detection engines. The Durbin Amendment of the Dodd-Frank Act, which took effect in 2011, compounded this by reducing the margins for banks and credit card companies on plastic transactions.

Like roughly 20% of Americans, Ondot Systems President Bharghavan Vaduvur has been the victim of a card hacking. Twice. The first time, his bank reimbursed him in full and the process was relatively painless. But the second time Vaduvur noticed fraudulent transactions happening on his credit card and couldn’t get a hold of anyone at his bank.

“Sure you can call your bank,” he says, “but for some banks, you better hope your card gets stolen on a weekday during business hours.”

It was this experience that inspired him to start Ondot, which has developed a white-label product for banks that essentially allows their customers to switch their card on and off and set preferences through a simple mobile app.

Ondot raised $18 million from unnamed investors and operated in stealth until yesterday. They have done a trial run with Lone Star National Bank, a mid-sized bank in Texas, and the results released yesterday show impressive gains in card use, card issuance and, importantly, a 60% reduction in fraud prevention costs.

That drop in fraud-related expenditures alone suggests that winning banks over might not be too hard for Ondot. What will inevitably prove more challenging is convincing consumers to use the app.

Here’s how it works, from the consumer’s standpoint. Calling up the app, an especially fraud-wary user could turn their card on, buy a cup of coffee, then turn it off again. Any transactions on the card that occur while it is switched off will be declined, and will send alerts to the user and to the bank.

The app also allows customizable preferences for a variety of different types of transaction, with similar on/off switches. So if you provide your kids’ nanny with a card but only want her to use it for certain purchases, or if you want to keep your kid from using her card anywhere except the gas station, you could do that. If you lose your card, but still have your phone, you could turn it off to keep baddies from using it.

If you remain unconvinced that most Americans will actually take advantage of these preferences, I’m with you. While awareness of card fraud has grown, it hasn’t changed behavior much. Most people are content to let their banks sort out any fraud and duly recompense them, though that may just be because there’s no other recourse.

But Ondot has also carved out a proprietary technique to connect that switch to your location, and this is where I can see consumers really finding the app useful. You could set up your preferences so that real-world point-of-sale transactions are only allowed when the card is in your immediate vicinity. This could also remove the pain of having your transactions flagged by fraud engines and declined when you travel.

The tech behind Ondot’s mobile app is deviously complicated, and Vaduvur says that was a big part of why the company chose to stay under the radar for so long. Currently, Ondot is integrated with four of the dozen-odd transaction-processing companies in the U.S. with access to roughly two-thirds of all American banks. These processors represent the last link in the chain of transactions that occur when you swipe your card (unless you’re with a major bank –most of them handle the processing stage themselves.)

This integration allows the app to function in real time. Ondot’s Vice President of Products and Consumer Engagements Rachna Ahlawat demonstrated this for me at the expense of an eye-rolling cashier, attempting a series of transactions with her card variably on and off.

That the app is once-removed from the internal architecture of financial institutions also means that the security of Ondot and the security of the bank remain independent of one another.

The banking world has scrambled to reassure customers in the aftermath of last year’s Target breach, and fraud continues to be a very expensive problem for banks and consumers alike. Ondot provides a solution that could help banks recover those costs and manage those perceptions by putting effective controls in every pocket.

[image via Ondot]