Mobile Payments Fraud: 10 Things Merchants Need To Know
Yes, trillion with a T.
721.4 trillion, to be exact — according to Kount’s count.
That’s a far cry above what 2010’s figures registered, which was at $52.9 billion, which subsequently doubled the next year. Mobile transactions then grew at roughly 50 billion-60 billion a year for the next few years, and — according to research gathered by Kount — those transactions will amount to $563.4 billion in 2016.
But where there’s sales there’s fraud – and the “hidden costs” that make fraud more expensive than it seems on face value. Kount’s data from 2014 shows that mobile generates $3.34 in hidden costs for every dollar of fraud. Online fraud, by comparison, has a hidden cost of $2.62 in for every dollar of fraud.
Merchants beware, Kount warns.
Kount defines mobile transactions five ways: using the mobile device at the physical point of sale, using the mobile device as the point of sale, making a purchase on a mobile payment platform, direct carrier billing, and using closed/open-loop mobile payments.
The whole gamut of mobile, in other words.
An environment that more than 43 percent of merchants believe is “far riskier or somewhat riskier” than conventional commerce. In fact, more than 7 out of 10 merchants believe mobile transactions require their own fraud prevention practices.
One of the things that makes mobile risky, of course, is the basic human security gaps that come along with it. According to Kount’s research, 34 percent of users don’t lock their devices, those who do, most of the time (34 percent) set a four-digit screen lock, and the majority (62 percent) use a common, hackable code such as 1-2-3-4.
“Fraudsters have online marketplaces that allow them to exploit mobile vulnerabilities,” Kount’s research specifies. And that fraud sells online — and sells for cheap. Credit card details are sold as easily as $1-$5 online in the U.S. Identities are sold for as cheap as $14-$18, and online banking account info is sold off for around $300 (going rates are based on a fraudster online marketplace studied by Kount).
So how to stay ahead of the game? Let us Kount the (10) ways.
- Know if a mobile device is being used for transaction: Mobile app or mobile browser. This is an important distinction.
- Identify what type of mobile device is being used: Different mobile devices have different fraud and purchase profiles.
- Pinpoint the “real” location of the mobile device: Mobile devices often use proxy IP addresses or connect through carrier network IPs. If you lack the ability to gather actual location data, fraudsters have another opportunity to mask their activity.
- Determine if the device is a prepaid device: In general, prepaid devices are used by fraudsters at a higher rate than other mobile devices.
- Know if the phone number being used is a forwarded number: In account takeover schemes, fraudsters will forward a customer’s phone calls to their (fraudster’s) phone.
- Associate other transactions with the device: This capability is often called “order linking” and can reveal if a mobile device involved in a transaction has been associated with prior fraudulent behavior.
- Determine if it is a card-present or a card-not-present transaction: Mobile POS systems can give fraudsters opportunities to grab credit/debit card information.
- Ascertain if the financial information being used has been compromised: Determine if the card and other attributes involved in the transaction are associated with past fraud activity so you can stop losses and prevent chargebacks.
- Valuate if your organization has expertise, resources, time, and money to develop its own fraud solution: Developing an in-house fraud solution can be costly and time-consuming. Evaluate resources.
- Conduct “fraud audits” that include evaluation of mobile fraud prevention every 12-18 months: Fraud and payments change too quickly to merely default to what you’ve been doing the past year or two.
“As merchants race to accept mobile transactions, fraudsters have moved aggressively to exploit the vulnerabilities of those who have not fully mastered the techniques and technologies necessary to successfully fight mobile channel fraud,” Kount concludes in its report.
First appeared at pymnts.com