Whether you already play in the mobile commerce space, are starting to or have not yet, there is no doubt that mobile commerce is gaining momentum. In 2018, U.S. mobile retail revenues are expected to amount to $133.35 billion, up from $42.28 billion in 2013. Additionally, in 2017, smartphone mobile commerce revenues are projected to amount to $31.07 billion, up from $14.8 billion in 2014. With so many options allowing physical retailers to accept mobile payments on site, the trend will only continue to grow. Mobile capabilities bring the potential for increased revenues; however, these increased profits come with potential challenges.
Given the recent data breaches and overall increases in e-commerce fraud, the mobile channel makes merchants more susceptible to vulnerabilities they weren’t otherwise concerned about prior to entering the mobile space. Additionally, with the impending EMV rollout and options such as Apple Pay and Google (News - Alert) Wallet quickly becoming a method of payment with physical retailers, the challenges will only get greater. Fraudsters will have more opportunity to profit and merchants will be left holding the bag.
So what can mobile merchants do to strengthen their risk management against emerging and increasing threats on the mobile channel? Here are a few of the challenges merchants can encounter and strategies for combating fraud.
Perceptions vs. Realities: Cutting Through the Hype of Mobile Fraud Risk
A recent study indicated that 49 percent of merchants value increased opportunity as the most important factor in mobile payments and see technology as a way to increase leads and sales generation into all channels. The obvious benefit to consumers is convenience via faster checkouts and streamlined payment processing, as well as the ability to shop online from virtually anywhere.
At the same time, mobile commerce continues to grow. Mobile browsers are accepted as a channel of commerce by 55 percent of mobile merchants, while mobile applications are accepted by 38 percent of mobile merchants. However, fraud prevention tactics in this channel need to grow at an equal pace to be effective against emerging threats. While LexisNexis (News - Alert) reports that mobile payments are accepted by more retailers than ever, it notes that these merchants are relying on fewer fraud solutions in the mobile channel.
Understanding the Challenges
With mobile commerce comes a number of challenges, and we will cover some of the more prevalent ones here.
Fraud Challenge #1: As mobile payments gain popularity, new user registrations will increase for mobile sites. New users may not have much, or any, prior transaction history to build a user profile.
Solution: Do not simply rely on velocity controls alone to detect abnormalities in purchasing behavior. Use a combined approach of velocity controls with fingerprinting to determine whether or not a purchase is being made by a legitimate customer. Device authentication recognizes a particular device is the same that was used before to conduct successful transactions in the past, or that have been used to conduct fraud online.
Fraud Challenge #2: Keying in secure data on a mobile device can result in mistakes that impact authentication. This problem is compounded by the fact that some mobile apps do not save credit card information or offer one-click purchasing.
Solution: Pair front-end fraud security tools like geolocation in the front end with tools such as chargeback notifications on the backend. Chargeback notifications enable communication and collaboration between participating card issuers and merchants so merchants can resolve disputes with the customer before they become chargebacks.
Fraud Challenge #3: 3-D Secure faces hurdles when going mobile. Merchants with mobile sites may have trouble getting the authentication pages to render, particularly if the issuer is not mobile-savvy.
Solution: Multi-factor authentication, a method of access control where a user inputs two types of authentication such as a password paired with a fingerprint, can be helpful. It not only bypasses the “clunkiness” associated with the 3-D Secure on mobile, but it provides a safe and user-friendly means of authentication. In fact, some mobile devices have built in tools that can be used for authentication, such as fingerprint readers.
Fraud Challenge #4: The use of mobile phone and text features for transaction verification and in second factor authentication has been exploited to commit Account Takeover (ATO). Fraudsters have found ways to insert themselves in that process through tactics such as phone porting, which requests the number be reassigned or forwarded to another device.
Solution: Velocity controls let merchants monitor the average velocity of transactions and set limits on the frequency with which and when a credit card is used, whether it be daily, weekly or monthly, as well as how the card is limited as in dollar amount and transactions processed. Measuring these types of variances in common behavior can be an effective way to stop account takeover.
Taking a Layered Approach
Regardless of the risk management tools a merchant implements, a mobile fraud prevention strategy should take a layered approach, meaning striking a balance between front-end fraud tools to stop fraud and backend tools that tie in feedback loops. This means a merchant should combine the right tools with predictive analytics for added insight into customers and transactions. For instance, combining a device authentication with the relevant personal identifiable information (PII), such as name, address, phone number and IP address allows the merchant to verify a customer’s identity by comparing PII to the device being used, as well as the consistent identifiers attached to that device. In order to make the purchase, there wouldn’t be any inconsistencies between the two. Most authentication tools such as digital fingerprinting can be used seamlessly during the online transaction, enabling the merchant to provide a secure transaction and a streamlined, frictionless online shopping experience via the mobile channel.
The fact is that as mobile commerce continues to gain traction, so will fraud. Taking a proactive, layered approach to fraud prevention is necessary for all marketing channels, including standard e-commerce and the emerging mobile channel. As new options arise, CNP merchants should implement tools that leverage proven technologies to evaluate and analyze the type of fraud they are experiencing. CNP merchants who fail to dedicate the proper attention to adapting the right tools to their business may find themselves with significant sales or fraud losses.
About the Author: Matthew Katz is the founder of Verifi, Inc. and currently serves as the Chief Executive Officer. Matthew founded the company in 2005 after developing the first customized solution that systematically identifies multiple types of payment risk. He is also CEO of CAMS, LLC, a privately held company he independently financed and founded in 2012. He has been profiled by the NY Times, LA Times, Forbes, and Business Week, among others. He has also served as a speaker, panelist and presenter for various industry events, including CNP Expo.
Edited by Dominick Sorrentino
Back to Mobile Commerce Insider Home