Debunking Myths Around Apple Pay Fraud
THE NEXT WEB: Last month David Bozin discussed how Apple Pay was highlighting crucial flaws in how banks deal with digital payments. This month, Judo CEO Dennis Jones explores fraud in m-payments and the myths surrounding it.
It didn’t take long before the great American Apple Pay experiment came face-to-face with the fraudsters, hoping to capitalise on any weaknesses in the iPhone mobile payment system. According to some experts, fraud is already accounting for about 6 percent of Apple Pay transactions, compared with about 0.1 percent of transactions using a plastic card to swipe.
Despite Apple going to great lengths to secure Apple Pay with technology, it becomes vulnerable to fraud when a user adds a credit card. To be clear, this isn’t because of a failure in Apple’s design, but in the process of validating a payment card with a specific user device by the customer’s bank.
Banks in the US are routinely accused of making it too easy for customers to be authenticated because they want to reduce the friction of adding their cards to the system. So no matter how secure the technology is, if the bank’s customer-service representatives who handle authentication questions are not sufficiently trained to spot the fraudsters, then human error will continue to prevail.
The fact is that mobile commerce is still an experiment across the spectrum and that makes security and fraud concerns significant barriers to adoption by customers and businesses alike. Technology will always be more reliable than humans in combating mobile fraud and standard e-commerce fraud prevention tactics aren’t sufficient for mobile channels.
So let’s debunk the three key myths around mobile commerce fraud and its prevention. Together, we can put the fraudsters out of business and close the m-trap.
Myth One: It’s not worth investing in mobile since the fraud cost is so high
In 2014, m-commerce accounted for £7.9 billion of a total £45 billion in online sales in the UK. M-commerce will continue to take a bigger share of all online sales (as much as 26.5 percent by 2017) and will start eating into traditionally card present sales before we know it.
To say that the cost of fraud is too high to invest in mobile is to misunderstand the impact that mobile will have on your business. The real cost to your business is ignoring m-commerce instead of investing in a mobile specific fraud prevention system and taking a proactive approach to a channel that will only continue to grow.
Myth Two: Traditional fraud prevention solutions for e-commerce are enough to cover mobile channels
Traditional e-commerce fraud prevention works on a number of basic assumptions. It assumes you are connecting to an e-commerce website through your personal desktop PC or laptop. It assumes you are connected to the internet with a unique IP address (or looks to see if you have somehow tampered with that IP address). It assumes entering information like your billing or shipping address is easy. None of these apply to mobile. Mobile payments operate in a state of flux. Customers have multiple devices for single users, often being used at the same time. Devices sit behind shared IP addresses that are not device specific.
Mobile specific fraud prevention requires mobile geolocation, device fingerprinting and tighter ID controls.
Myth Three: It is not cost effective to invest in a separate fraud prevention solution just for mobile
Best in class mobile fraud prevention systems are mobile-first, not mobile only. They build on top of what is essentially commoditised information for preventing traditional e-commerce transactions to expand the protection to mobile initiated transactions.
That means you don’t have to run dual systems to cover the spectrum of commerce channels and that makes it more cost-effective than perhaps you’d think.
Mobile first fraud prevention systems take advantage of increased data transfer speeds and our increasingly wide digital footprints to secure transactions. Whether that data is coming from a PC, a smartphone or a tablet, it is fed through algorithms and assessed against past device behaviour and what’s normal for your business, through a series of tailored rules, mechanisms and risk thresholds that enable better protection of your businesses’ margin across all channels.
With 100 percent of digital commerce growth now coming from mobile, businesses can’t afford to ignore their increasingly mobile customers. The real cost for businesses is avoiding or delaying investment in mobile out of fear of the m-trap.