While great in theory, unfortunately the issue is this.
So you’ve got to receive the request, fire off a silent background notification to APNS, wait for the phone to receive it and wake up, launch the app in the background, make a request to location services, potentially wait for it to wake up multiple radios and stabilise, receive the location, open a connection back to Mondo and send that location over a possibly crappy connection (my local Sainsbury’s has crappy to zero 3G/4G reception around the store and the way iOS handles WiFi power saving in sleep combined with the slow WiFi auth/DHCP means this could take many seconds), Mondo would then have to receive it, make a comparison between terminal and phone location, throw that in to the fraud decision making engine and come back with a reply to the process holding the connection open.
The alternative is looking at doing something like Google does with location history with very wide radiuses. Unfortunately, this option means that you would be sending everywhere your phone goes to Mondo and I don’t know how many people would be happy with that. I’d prefer if that was limited to on-device country detection.
Also consider that the data merchants provide is not always the best. I’ve had merchants report to be up in the midlands while I’m down in Stratford, London.
Because for different security and usability reasons, the range on the card’s NFC is very short. On iOS at least, the NFC hardware is inaccessible to applications. On NFC capable Android devices, Mondo could register their application to be launched whenever an EMV card is brought in to range and even communicate with it to quickly trigger an unfreeze but I don’t know how comfortable I feel about asking people to tap payment cards against Android devices considering any other application could also communicate with the card.
I believe that Mondo’s instant push notifications provide enough extra protection beyond what regular cards do, by pushing transactions to be online and notifying the user, you can immediately see when a fraudulent transaction is made and be able to report it within minutes. This shortens the window of opportunity in ideal circumstances to a single transaction that doesn’t trip automated anti-fraud.
Since you can unfreeze and refreeze the card manually (Q: In the future, would it be technically possible to freeze a physical card that has been cloned by magstripe but not a hypothetical Apple Pay/Android Pay card?), you could continue to go about your day while Mondo rush you a new card (VERY quickly as the cards are not personalised).