Mobile fraud: a reality check
Everyone is talking about mobile fraud but the threat is not as widespread as it is made out to be, says Helen Holmes.
Helen Holmes, Worldpay
If there was any lingering uncertainty as to whether m-commerce is here to stay, Google swiftly quashed it this year. In April, the maker and breaker of online fortunes began optimising its search rankings for smartphone users. For another indication of just how prominent mobile search has become, consider that in the UK this February mobile devices accounted for nearly half of all ecommerce traffic.
With a growing number of people storing their payment details on their mobiles, making in-app purchases and just spending more money via their smartphones in general, businesses have become much more concerned about combatting mobile fraud.
While such misgivings are completely understandable, is the threat as widespread as many merchants believe?
There have been a number of high profile mobile hacks in the past year – most recently one of the world's largest coffee chains saw its mobile payments app compromised in a very public way – but on a global scale mobile fraud rates actually remain lower than those for traditional online fraud.
The issue is that many companies still aren't monitoring fraud by channel, which means they can't see where a threat is coming from or adapt their defences to address it. Recent research from the Merchant Risk Council reveals that less than half of merchants today track fraud specifically via mobiles despite their growing importance, and less than a third track via mobile-optimised web.
It is critical that merchants track and treat fraud across each channel differently. Their fraud management tools should allow them to easily set up different risk profiles by channel to mitigate what may be quite different fraud patterns and levels of risk for each.
For those that do manage fraud by channel, new technologies and methods of payment are making mobile transactions much more secure. For example, device fingerprinting technology allows merchants to identify which unique device has been used for a specific transaction and check its transaction history. If they find the device has indeed been used for fraudulent activity, they can then blacklist it instantly.
The rise of services such as Apple Pay has brought another security measure into the limelight – tokenisation. Tokenisation is the process by which payment information is represented by a virtual “token” during transactions rather than being shared explicitly. These tokens are useless to anyone other than the business they are intended for, so even if they are intercepted or a merchant encounters a security breach consumers' details are kept safe.
Some level of fraud may always persist, and with 6.1 billion people expected to be using smartphones by 2020 merchants do need to turn their attention to mobile transactions. The latest research from Worldpay and RiskGuardian shows that 75% of organisations expect their mobile fraud rates to rise in the next two years.
That said, while concerns around mobile payments are not without foundation the current state of affairs represents less of a security Armageddon and more a general shift in how people pay for things. As with any change of this nature, the bad guys that were hacking into what were previously our favourite devices (our PCs) have just turned their attention to our new favourite, our smartphones.
The technologies businesses need to detect and counteract this threat are now widely available and only getting more effective. The onus now falls on merchants to focus their security strategies and give mobile customers the peace of mind of knowing they're in safe hands.
Contributed by Helen Holmes, product director for risk products at Worldpay.