5 Ways to Protect Mobile Transactions

The mobile channel becomes more important with each passing year. A recent ComScore study showed that three out of four smartphone owners use their device to shop. Online revenue from mobile transactions is expected to be higher than ever this holiday season.

Retailers aren't the only ones interested in mobile commerce — cybercriminals are banking on it as well. Cybercriminals are taking the techniques they've honed from online financial transactions and moving them to e-commerce sites. They can steal retail customers’ personal information (e.g., credit cards, gift card data) and put retailers at risk for fraudulent purchases.

Why Mobile is More Exposed Than Traditional E-Commerce
Mobile transactions are harder to protect from fraud and crime than other e-commerce transactions for several reasons:

• Mobile operating systems like Apple iOS are more "locked down" than most desktop operating systems. For example, you cannot use tracking cookies on most mobile devices.
• Geolocation data is less reliable (and less meaningful) for mobile devices, so it's harder to validate a visitor's location.

For these reasons and others, e-commerce transactions often lack the fraud prevention measures of other online transactions. Cybercriminals are learning to take advantage of that by either using or pretending to use mobile devices. They're also exploiting weaknesses in some mobile mini-browsers to spoof their location.

An increasing amount of malware now targets mobile devices as well. Most smartphones and tablets lack the malware protection available on desktop systems. It can be very difficult to detect if a mobile device shopping your site is infected with malware that's stealing transaction information.

5 Steps to Take Today Before the Holiday Crush
Don't give mobile applications a free pass on fraud detection. There's still time to protect mobile shoppers and your own revenues before the holiday shopping rush begins. Add the following measures to your e-commerce site:

1. Look for cybercriminals spoofing mobile devices. You can set a smaller screen size and hope that's enough. The presence of spoofing is a good indication of malicious intent.
2. Look for people using jailbroken iOS devices. These devices may be stolen or hacked to download applications unavailable through Apple's App Store. Assign a higher-risk rating to transactions from jailbroken devices.
3. Watch for signs of man-in-the-browser attacks that hide in an authenticated session and steal customer information. In the case of an e-commerce site, this could be credit cards or gift cards. There are technologies that can detect these attacks in real time.
4. Look for Android users with mini-browser alternatives to the installed browser. Criminals often use these to direct traffic through proxy sites so they seem to be in the U.S., when really they reside in other parts of the world.
5. Take a holistic approach to tracking consumers on both mobile apps and websites, creating a consolidated image of transactions across all devices. Include mobile factors in your risk scoring — mobile isn't going away any time soon.

It's Not Too Late
The holidays appear to be upon us already, but it's not too late to start putting cybersecurity measures in place. While you may hesitate to make any changes to your site ahead of the holidays, the risks of leaving mobile transactions unprotected are significant.

New fraud prevention measures can be deployed or existing measures can be extended to include mobile transactions through a number of different technologies available today. Because many solutions are available on the cloud, this allows retail sites to be up and running quickly, well in time for the holiday rush.

Andreas Baumhof is the chief technology officer at ThreatMetrix. Andreas can be reached at abaumhof@threatmetrix.com.