WASHINGTON, August 3, 2011 – U.S. customers may soon begin seeing data security technology involving ATMs and cell phones that would work without tracking people thanks to the efforts of a European security software company.
Patrick Carroll, CEO of ValidSoft Limited, discussed the company's real-time fraud detection software VALid-POS last week. The program is already in the works to be deployed through a deal with Visa Europe. Carroll believes his firm's technology answers current privacy issues lawmakers and industry professionals have been trying to tackle for several years.
“If you track people, you’re breaking every privacy rule in the book,” said Carroll.
“[Our fraud prevention technology] is based on an explicit opt-out model so that banks can start to work on detecting and preventing fraud from day one when the technology is rolled out,” said Carroll.
Founded in 2003, the company received the European Privacy Seal in 2008. The Seal is a certification of meeting the most stringent privacy laws in the European Union by European Union Commission-backed company, EuroPrise.
“We’re the only security company in the world to have a European Privacy Seal,” said Carroll.
“There are 27 states in the EU. The state that oversees EuroPrise is Germany. Germany has the most stringent data privacy rules in the world, bar none. If we can comply with Germany, we comply ipso-facto with all of the rest of Europe. But we actually have achieved compliance with each state individually as well,” said Carroll.
When a person accesses her ATM account, VALid-POS technology correlates that person’s identity through probability and proximity of a person’s cell phone to that bank’s branch office. It is not, however, a tracking technology, which has made all the difference, according to Carroll.
“To get a European Privacy Seal we’ve had to be able to demonstrate without any ambiguity that we are a totally anonymous system,” said Carroll. “
“We have, in many cases, no idea where the transaction is taking place except through our correlation technology. We can prove demonstrably that we completely protect the privacy of the individual,” said Carroll.
Amid a summer of competing cyber security legislation taking shape on Capitol Hill, geo-location data privacy legislation also made an appearance. The Location Privacy Protection Act of 2011 introduced in June by Sen. Al Franken (D-MN) could require that any company obtaining a customer’s location data from his or her smart phone must first obtain consent.
ValidSoft worked with legal experts around the world to arrive at conclusive legal opinions regarding ValidSoft’s software compliance with privacy laws in the respective countries around the world. As for compliance in the U.S., ValidSoft’s current legal opinion is that the technology is fully compliant with U.S. privacy laws.
“Privacy is a big issue, it’s not going to go away, it’s going to become more stringent,” said Carroll.
“We’re calling on the industry – the network side, governments and organizations – should look for a condition precedent in the existence of a formal certification before privacy related information can be related to any third parties. That is the only way you can prove that you are not abusing the privacy of an individual.”