Mobile Payments Fraud

Mobile payments are the latest buzzword for any online retailer; with an increase in end users accessing the internet via mobile and tablet, it was inevitable that payments via these devices would increase. It is estimated that in 2015 global mobile transactions will total 47 billion. Google is putting its support behind mobile payments, with recent changes to the Google search results aimed at giving greater visibility to responsive (mobile and tablet friendly) websites when searched from mobile devices.

How to manage mobile payment fraud?

With an increase in mobile payments comes the risk of increased fraud. According to the report ‘Lexis Nexis 2014 True Cost of Fraud mCommerce’ in the US for example mobile commerce transactions are only 14% of all transactions, yet equate to 21% of all fraudulent transactions.

Current data points are low for mobile data fraud models and so the accuracy of these is lower. A large number of the mobile payment systems are in early stages of development and as such are an ideal hunting ground for criminals looking to exploit weaknesses in technology, process and operational measures, both at the provider and retailer. Just recently, the Apple Pay system has been abused by scammers taking advantage of operation processes rather than the technology to buy high value goods, ironically from Apple stores.

Consumer perception of mobile fraud

Mobile phones are however being used effectively by some of the major banks to help account holders.

According to the ACI Worldwide global consumer fraud survey data reported in the recent Aite Group research report, Global Consumers: Concerned and Willing to Engage in the Battle Against Fraud, more than three quarters (77%) of global consumers are “very interested” in being contacted about suspicious activity on their cards or accounts via a phone call, e-mail or text message, and nearly three quarters (73%) of global consumers prefer that their bank not post transactions to their card until they respond to a fraud alert.

The survey also explored consumer adoption of mobile wallets, respondents from Canada have the lowest mobile wallet adoption rates at 4% with Germany, the UK and the U.S. tied for at 6%. While they consumers aren’t embracing mobile wallets, consumer trust in the banks’ ability to protect personal data on the mobile device in these countries is mixed.  Canadians have lowered their complete trust from 55% in 2012 to 45% in 2014, while trust has grown in the U.S. from 32% to 44%, the UK from 25% to 44% and Germany 24% to 37%.

Consumer perception of fraud risks varied greatly as well.  “Using my phone or tablet to shop and pay bills” ranked on the lower end of the risk spectrum at only 5% while “theft by a computer hacker” presented the highest fraud risk at 31%.

Is there any kind of security protection?

Tokenisation

Tokenisation is a process that divides input text into units called tokens. During the transaction process card details are captured and encrypted to tokens, these are then decrypted on a secure server. Tokens can then be used in place of the customer’s card details. This eliminates the need for a retailer to transmit sensitive card details to their payment provider and the need for customers to repeatedly enter their debit and credit card details, making future payments easier for customers.  Amazon’s 1 Click Ordering is a good example of this.

How can it be detected and how to lower it?

Visa and MasterCard have both announced different methods for identifying fraudulent activity via you mobile phone.

Visa credit card issuers will be able to add location tracking to their mobile apps. Install the app, turn on location information, and Visa will be able to cross-check your purchases to your location before it shuts down an account for suspected fraudulent activity. The idea being that if you are buying in a location which Visa can identify your mobile location from then you are more likely to see no issue with transactions even if you have never purchased there before.

MasterCard, have said it will invest more than $20 million to boost security. That includes a pilot program later this year with First Tech Federal Credit Union, which will let users authenticate using biometric data, like fingerprints or facial recognition

The fact is, if your phone and cards are stolen then there is still a risk until the point when this is reported. This does however address issues with cloned cards.

How to mitigate fraud risk?

So, mitigating fraud risk in a mobile world is a complex task, demanding specialist tools and a tailored approach to fraud prevention.

The first step in creating a successful mobile fraud strategy lies in ensuring that the purchasing channel, payment method and device type can all be detected, segmented and scored appropriately during the transaction screening process. Rules must be tailored to the profile of those likely to use a mobile phone to make a payment, and those rules must have the flexibility to enable payments from trusted customers without impacting the customer experience, while still identifying malware attacks and fraudulent transactions.

Identifying the type of mobile payment is important since some will be directly linked to bank accounts or payment cards, giving merchants and issuers valuable information which can help with customer verification and allow those transactions to be treated in a similar way to eCommerce purchases. Others need to be treated differently, screened and scored according to available data, and riskier payment types flagged accordingly.

The effect of new customer profiles is important and, where possible, merchants need to take into account customer demographics and variables such as age group, location, device ID, customer history, linked data such as email and shipping address, as well as factors such as the risk profile of the purchase itself (product type, value and chosen delivery option).

Ultimately, fraud rules need to be tailored specifically to the mobile channel to take account of the particular challenges that this channel represents for fraud detection. At the same time, the mobile strategy needs to be part of an integrated solution that will work across multiple channels — to ensure that customers in an omnichannel retail environment have a consistent, high quality customer experience across channels, and to enable merchants to identify and track threats across the customer relationship.

How do you fight fraud with minimal tools?

In a previous blog we discussed how to fight fraud with minimal tools. This is still highly relevant to the subject of mobile payment. Ultimately if you are taking payments online then you need to ensure that your provider has a mobile fraud identification capability.