By Kevin Moran, Chief Financial Officer for Chase Paymentech Europe Limited
In the UK, Europe’s largest online market, consumers continue to embrace m-commerce at an astonishing speed – with an estimated one in every three online sales now made through a mobile tablet or smartphone(1). This might be excellent news for e-tailers but the growth in m-commerce also offers attractive new opportunities for determined fraudsters, says Chase Paymentech Europe’s CFO Kevin Moran, who offers tips to counteract such threats.
Fraudsters employ broadly similar tactics across e-commerce and m-commerce. However, levels of risk and fraud rates may differ between the sites as fraudsters will generally target whichever retail channel or combination of channels they perceive to be the weakest target.
The following three aspects of fraud prevention can assist you develop strategies, methods, and tools to defend effectively against fraudulent mobile transactions.
1: SHOULD YOU CONSIDER MOBILE PAYMENT FRAUD DIFFERENTLY?
Reports suggest that overall rates of m-commerce fraud tend to be higher than for other CNP (Card Not Present) channels - and that these rates are increasing(2). This is reflected in a growing number of large retailers who consider the mobile channel to be riskier than standard e-commerce(3).
Every CNP channel has its own characteristics and risks. For example, mobile devices may lack the level of security measures taken for granted on desktop computers and laptops, such as anti-virus and anti-malware software. With a 400 per cent increase in mobile malware in 2012(4), e-tailers may expect mobile fraud to continue to rise, driven by more attempts at identity theft and account takeover fraud.
2: WHAT CAN YOU TELL ABOUT TRANSACTIONS FROM A MOBILE DEVICE?
More than half of retailers consider it ‘very important’ to detect mobile transactions, yet only 16 per cent are able to identify the type of mobile device used(5). Those e-tailers capable of capturing extra data about the source of the transaction may have an added advantage. For example, analysis of the mobile operating system could help identify a higher risk - there may be different risk profiles when comparing Android’s operating system with Apple’s iOS platform.
E-tailers should also look out for fraudsters that try to make a transaction appear to come from a mobile device even though it originates from a desktop computer (emulation). This is an attempt by fraudsters to exploit any difference in the way separate m-commerce and e-commerce fraud management systems have been configured, based on the assumption that the controls for verifying mobile transactions may be less sophisticated.
3: HAVE YOU INTEGRATED MOBILE FRAUD INTO YOUR MULTI-CHANNEL STRATEGY?
Shoppers frequently use multiple devices when they buy online – and retailers can be sure that fraudsters are doing the same in their attempts to commit fraud. Some fraudsters might use mobile malware or stolen credentials to give them access to a customer’s account but then make repeat fraudulent purchases through other channels. Alternatively, they might use a number of channels together as part of a single fraud attack, such as making a fraudulent e-commerce order before contacting a call centre to change the delivery address.
According to a survey conducted by Chase Paymentech, two thirds of e-tailers interviewed review fraud rates by mobile app and nearly half track fraud for mobile-enabled websites. However, just 21 per cent of retailers interviewed can monitor fraud across all of the CNP channels they use(6). Linking together transaction data from multiple channels can enable e-tailers to build a more complete customer profile. This may help to identify cross-channel fraud as well as to enhance the accuracy of fraud-screening rules by building a better understanding of genuine multi-channel behaviour.
Every business will have its own approach to fraud prevention depending on its industry, products, customer expectations and attitude to risk. Mobile might still be emerging as a retail channel but prudent e-tailers are already integrating m-commerce into their existing fraud prevention strategy. Forewarned is forearmed! It is never too early to close the door on the fraudsters looking to exploit new channels.
1 IMRG/Capgemini: Quarterly Benchmarking (Q4 2013/4)
2 Cybersource: Mobile Payments Management Trends 2012-2013
3 Kount: Mobile Payments & Fraud Survey (2014) - page 43
4 Trustwave: Global Security Report 2013 –
5 Kount: Mobile Payments & Fraud Survey (2014) page 51
6 Dynamic Markets/Chase Paymentech: Online Retail Challenges: 2014 (March 2014) page 69 3.1.14 Channels through which CNP fraud rates can be reviewed