Mobile Security: 5 Ways Retailers Can Protect Mobile Transactions From Fraud

Mobile retail sales grew at an exponential rate in 2012, and the channel shows no signs of slowing down this year. In fact, mobile transactions are expected to top $1 trillion worldwide by 2017. If anything, mobile commerce is poised to become even more firmly entrenched in the marketplace as retailers gear up to provide consumers with more enhanced mobile shopping experiences.

However, the rapid expansion of the mobile channel is also bringing to light a new slate of challenges and risks into the retail landscape, including the daunting task of securing mobile transactions from an evolving array of cyber threats designed to capture sensitive data from customers and brands.

Assessing the Mobile Threat
The most common mobile security threats have been adapted from proven cybercrime techniques in the financial and e-commerce markets. Like the crooks in other channels, mobile cybercriminals capture credit card numbers, gift card data and other sensitive customer information. The effectiveness of mobile-based cyber attacks is supported by a misperception that mobile devices are more secure than other platforms.

Consumers continue to believe that their mobile devices are safer than desktops or laptops, and are therefore more likely to click on malicious mobile links. Even more disheartening is the fact that mobile device manufacturers (e.g., Apple) make it difficult for retailers to use cookies and geo-locational data to keep mobile transactions safe. If retailers aren't able to effectively combat cybercrime on mobile devices, consumers will be less likely to leverage mobile shopping opportunities or engage in anytime, anywhere connections with their favorite retail brands.

Mobile Security Tips for Retailers
Although mobile is a less mature channel than traditional e-commerce, retailers need to give mobile transactions the same priority and due diligence as other online transactions. By incorporating the following tips into your mobile commerce strategy, you can dramatically improve transaction security and prevent an erosion of trust within your customer base:

1. Unified security approach: Mobile is an extension of e-commerce, not a segregated and distinct business unit. To defend against sophisticated cyber attacks, implement a unified security system capable of managing both mobile and other online transactions. All mobile transactions should be funneled through the same back-end security system as desktop/laptop transactions, and mobile access points should be monitored just as throughly as every other connection channel.

2. Jailbroken mobile devices: Jailbroken mobile devices are a standard resource in the cyber criminal's toolbox. Although Apple and other mobile providers have taken steps to prevent users from jailbreaking their devices (e.g., Apple's recent iOS 6.13 software update that prohibits users from installing the Evasi0n app), fraudsters can still leverage hacked devices to download applications that are unavailable through app stores. At a minimum, orders originating from jailbroken mobile devices should be assigned a higher risk rating than other orders in your security matrix.

3. Spoofing: The presence of spoofing is a good indication of malicious criminal intent. Spoofing enables cybercriminals to mask their identity when they attempt to execute mobile transactions. In some instances, cybercriminals spoof mobile devices by changing the browser string to make a Windows computer look like a mobile device. Although there are no surefire ways to prevent spoofing, retailers’ best defense is to exercise diligence, set a smaller screen size and leverage a cybersecurity prevention solution that can identify spoofing with transmission control protocol (TCP) packet inspection technology.

4. Application verification: Legitimate mobile transactions should originate from either a customer's own application or through an "official" browser. There have been many examples of "Fake" applications that would steal consumers’ personal information. With the right technology in place, retailers can verify the source of transactions in real time and identify high-risk transactions that originate from nontypical sources.

5. Store as little as possible: Many applications on mobile devices collect a huge amount of customer data and profiles. If that data is stored on the device, you put your application onto the radar of criminals who are just waiting for this to happen. There have been many cases where this could even be done remotely. Store only the necessary details on a device and obviously encrypt everything you store.

The demand for exceptional mobile shopping experiences isn't going away. Rather than crossing your fingers and hoping for the best, evaluate your brand's ability to prevent fraudulent mobile transactions and create a more secure mobile shopping environment for consumers.

Andreas Baumhof is the chief technology officer at ThreatMetrix, a provider of integrated cybercrime prevention solutions. Andreas can be reached at abaumhof@threatmetrix.com.