Mobile payment fraud and how to avoid it

The rise of mobile commerce has given way to new fraud tricks. To protect your mobile customers, you need to be aware of the risks and prevention methods.

With the advancement of e-commerce, digital payment technology has experienced significant developments, especially in mobile payments. This has led to a growth of mobile commerce, and fraudsters have taken note, adapting and developing new methods to carry out their crimes.

While merchants who sell services and goods via mobile devices should be aware of mobile fraud risks, they should not give up on this method. Mobile purchases have the potential to account for a significant chunk of revenues, and there are quite a few effective ways to avoid mobile fraud.

Before we explore the ways merchants can protect themselves and their customers from mobile fraud, let's discuss some mobile payment challenges.

Mobile fraud challenges

Mobile commerce has been shown to be more prone to fraud in certain cases, with 60 percent of transactions confirmed as fraud executed over a mobile device. LexisNexis found that fraud costs as a percentage of total revenues was higher for m-commerce merchants.

For instance, digital goods, such as plane tickets ordered online, are four times as likely to be fraudulent as physical product orders. Mobile transactions over $1,000 are three times more likely to be fraudulent than orders under $200.

M-commerce is susceptible to similar types of fraud as e-commerce, though the chances of identity fraud are higher, as a mobile device can be easily stolen and used both at a POS and for online purchases. Additionally, as mobile payments add a level of complexity, there are more options for fraudsters to find weaknesses and exploit them. The lack of technological standards for mobile payments and the fact that mobile apps are installed, not navigated to, increases the difficulties involved in content crawling and requires proprietary screen-rendering tools. The sheer number of available apps further increases these complexities.

The cost of fraud

Online and mobile fraud was valued at $10.7 billion in 2015, according to Juniper Research, and is projected to reach $25.6 billion by the end of the decade. The level of fraud as a percentage of retail revenues grew from 1.32 percent in 2015 to 1.47 percent in 2016, according to LexisNexis' 2016 True Cost of Fraud Report, with every dollar of fraud costing merchants $2.40, as opposed to $2.23 in 2015, as a result of chargebacks and their associated fees, as well as merchandise replacement costs. Furthermore, the merchant suffers from decreased customer trust, negatively affecting online and mobile sales.

Leading types of mobile and online fraud

The following are a few types of fraud that merchants must be aware of:

Identity theft – 71 percent of merchants cite this type of fraud as their chief concern. Identity fraud is when fraudsters intercept sensitive data that is not properly protected and use this identity to make online or card-not-present purchases. In the case of mobile wallets, fraudsters physically steal mobile devices and use them to make unauthorized purchases.
Loyalty fraud – This can happen when fraudsters intercept loyalty programs or members' accounts for theft and transfer of points. There are also cases in which points are sold and transferred to others for monetary gain.
Friendly fraud – This occurs when legitimate orders are disputed by the consumer, requiring merchants to refund payments (chargebacks). This form of fraud can be unintentional, with the consumer forgetting they placed the order, or one family member using another's payment card without permission. There are also cases where this is intentional fraud, with fraudsters placing orders and then claiming they never received the goods, enjoying both a refund and the purchased goods.

How should merchants protect themselves?

While mobile fraud may be on the rise, so is the awareness of the specific challenges merchants must address to protect themselves and their customers. The following are a number of best practices for m-commerce retailers to implement in their fight against mobile fraud:

1. Distinguish between e-commerce and m-commerce.

While the end result may be identical, it is important to understand the scope of fraud from each channel and effectively allocate resources to circumvent the different types of fraud. Review fraudulent attempts and successes, and distinguish between the fraud origin, to implement security programs that offer the best coverage.

2. Implement PCI DSS Level 1 security standards.

The Payment Card Industry Data Security Standard, or PCI DSS, is a set of standards ensuring the adoption of best practices and security methods to safeguard sensitive information of payment cards. It is a requirement for all merchants that take credit cards, and the levels of security are dictated by the volume of transactions performed. Level 1 offers the highest protection. Mobile retailers can implement payment methods via a certified PSP and enjoy Level 1 coverage for their transactions, decreasing their susceptibility to fraud. These payment service providers also provide risk management services and regularly analyze blacklists for increased protection.

3. Use multi-factor authentication.

Mobile devices are perfectly suited for multi-factor authentication, whether that's biometric authentication, fingerprints or even mobile sensor-powered authentication methods. Additional methods of authentication are identification questions and PIN codes. By combining authentication methods, the chances of successful identity fraud decrease. Consumers are more than willing to use these methods that serve to protect their secure data, with 78 percent willing to enter their CVV code, and 70 percent willing to answer an identification question.

4. Track customer behavior and set velocity limits.

Variances on customer behavior can signify account takeover. Retailers should use tools to track purchasing behavior of specific customers, and reach out directly to the customer for verification when purchases exceed their predefined limits.

Mobile retailers that implement seamless and secure payment solutions offer their customers a better user experience. The safer customers feel, the more likely they are to adopt and increase their mobile commerce activity.

As technologies constantly evolve, merchants must stay up to date on both the new and different types of fraud and the new security technologies available to them.