U.K. bank Lloyds TSB is working on a mobile app to simplify the process of verifying a customer's identity at store checkout, Finextra reported on Friday (April 19). The current proof-of-concept version, which calls out to credit agency Experian for a credit check, was developed in an unconventional way: over just a few days, as part of a Microsoft(NASDAQ:MSFT)-sponsored hack-a-thon.
To use the app, a customer who has installed it clicks a button to connect it to Lloyds' ID-checking service, which itself calls out to Experian and credit-checking software. That returns an encrypted message indicating that the customer's identity either has or hasn't been verified. The customer passes that message to the merchant, who decrypts it and completes user verification (or, presumably, tells the customer no if verification has been declined).
Two things stand out as clever here. One is encrypting the response message, so the customer has to pass it to the merchant to decrypt. That both confirms that the response hasn't been tampered with (unless the encryption has been broken) and keeps the customer from knowing the result in advance, which means a fraudster with a stolen phone wouldn't have any warning that the merchant had gotten the equivalent of a "retain card" message.
The other interesting thing is how the proof-of-concept app was developed. The two-programmer team said in a video interview that they probably wouldn't have come up with the idea and quickly assembled a prototype if they'd been in the office; being offsite at the event meant they first spent a day or so hearing about projects at other organizations, then had a short, hard deadline to rapidly prototype their app.
There's no guarantee that the bank will ever release a production version of the app. But any approach that brings a new idea from zero to proof-of-concept in a week is probably worth considering, whether that means a vendor-sponsored hack-a-thon or an internal offsite competition.
- See this Finextra story