Dwolla Says Its Grid Payment Network Is More Secure than Card Networks

Dwolla wants to bring customers onto the Grid.

The online and mobile payment startup says it has been building a payment network called Grid that will be more secure than the Visa and MasterCard card networks.

Most of the $1 million per week in transactions coming through Dwolla are online payments, says Ben Milne, the company's founder and chief executive.

The highest dollar transactions are business-to-business transfers and consumer-to-business payments such as rent. But the new growth is in mobile, Milne says.

"This makes a lot of sense, because we just recently rolled out updates to our iPhone, Android and Windows 7 apps to add social context, or peer-to-peer transactions," he says.

Dwolla has made sending person-to-person transactions easier on its iPhone app. Now users can pay another person by simply clicking on that person's name in a contact list. Previously the recipient had to set up an ID number that the sender would need to type in.

The Visa and MasterCard payment networks have been in place for a long time, and the card associations have built in mechanisms to try to help banks detect fraud and handle dispute resolution and chargeoffs.

But Milne says that the Visa and MasterCard world is vulnerable to fraud.

"Every time you swipe your card, you're leaving behind the actual information that would be used with that card," he says.

"Every time you engage in a transaction, you're leaving behind information in places you don't even know you're leaving it. That's an exposure potential. This is something we all live with, and it's part of the system. What we're trying to ask is, if they had or could start over today, would they knowingly let merchants or hardware providers store credit card information that could be used to commit fraud?"

Milne says he believes, naturally, that they would not.

"They would probably do it in a way that allows them to securely connect, authorize the payment, and get paid without leaving that critical financial data behind that could be used for fraud and increases cost for everyone," he says.

This is what Dwolla's Grid does, according to Milne. It lets people use third-party apps to make purchases, the way Facebook Connect presents a user's credentials and profile to a new site.

"It allows you to actually engage in a transaction without that piece of software ever getting access to your bank information," Milne says. "It can't be stolen after that, or it's less likely to be stolen. It adds an additional tier to protect the consumer." Once the consumer connects, he can manage which applications have rights to his account information. He can also remove permission to access individual pieces of data such as account history, ability to spend money, and contacts.

So what exactly is Grid?

"Grid is the software that connects to other software that securely allows people to connect," Milne says. "It's a relatively simple concept, but the implementation is very complicated."

The software mimics the way social networks attach to third-party networks and applications without allowing direct access to your data. "We're using the social network model and putting the consumer in control," Milne says. "You basically authorize an app to charge you, rather than enter your credit card number. At the end of the day, that software will not have access to information that can be used to commit fraud."

Grid uses industry standards and procedures similar to those of banks to prevent unauthorized entry, the company says. It also requires users to enter their PIN codes to change or revoke data sets specific to that user. For example, to remove a social network previously connected to Dwolla (to send and receive money through Twitter or Facebook), a PIN would have to be entered.

Some observers are skeptical that Dwolla's service is truly more secure than the card networks.

"With a service like Facebook Connect, you're still subject to your user name and password being hacked," says Gartner analyst Avivah Litan. "Security is only as strong as its weakest link, which is the user name and password, which can be hacked. Malware has attacked every mobile platform out there."

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER