December 5, 2012
With all of the talk on mobile payments and mobile commerce, NFC and the new Apple Passbook, it is interesting that no one is talking about mobile commerce fraud.
Despite the fact that mobile commerce can make our lives so much easier – from buying movie tickets as you walk to the theater, to purchasing a flash sale dress on the train ride to work ̶ security concerns still remain a major barrier to adoption.
Among mobile phone users who have not yet adopted mobile banking, about half said they were “concerned” about security, according to a recent study by the Federal Reserve.
Unfortunately, consumers do have a valid reason to be concerned.
According to the 2012 CyberSource Online Fraud Report, 92 percent of merchants do not know their mobile fraud rates.
It is up to those providing mobile shopping experiences — merchants, financial institutions, mobile applications and payments providers — to take charge of fraud prevention by applying layered security and multifactor authentication strategies that are customized for the mobile medium.
Dealing with mobile commerce fraud is still unchartered territory, as security standards are still maturing.
Effective fraud detection on any channel is largely a function of identifying patterns around mobile identity. This includes patterns around:
• What you have – an initial profile which includes mobile number and SIM card attributes can be used as a baseline. If a phone is lost or stolen, this can be detected since it will not match the baseline profile.
• Where you are – tied to mobile device location. For example, if the mobile device location is in San Francisco but the payment transaction is occurring in another city, an exception can be flagged.
• What you know — passwords, CVV code or challenge questions.
Fortunately, mobile devices have characteristics that are inherently more secure than computers, so there are some easy steps that merchants can take to mitigate fraud.
Best of three
Here is some advice on how you can create a safer mobile shopping experience for your customers:
1. Leverage the built-in security that comes with mobile networks. Any consumer with a phone uses a wireless carrier network, which assigns unique attributes to each SIM card, making the SIM card serve as one of the pillars for mobile identity.
Leading mobile payments companies are integrating with the network to resolve the mobile number and securely authenticate the mobile identity in a frictionless and implicit way so the consumer does not have to type long usernames and passwords. This provides the “what you have” factor of authentication.
2. Use geo-location to add another security layer. If a retailer is integrated with the mobile networks, it can tap into geo-location functionality to track where consumers are making purchases.
The system can flag potentially fraudulent purchases, such as someone who lives in Wichita, KS, making a purchase in Miami, FL, and add additional security steps to authenticate the purchase. This provides the “where you are” factor of authentication.
3. Require a security code. Even if you have the credit card on file, require shoppers to enter the three- or four-digit security code.
Although this adds an extra step, it shows shoppers that your brand takes security seriously, while protecting both your business and customers from unnecessary risk. This also adds another factor of authentication, “what you know.”
By following these three rules, you will be on your way to changing your fraud paradigm to better align with the qualities and parameters of this new mobile shopping world.