Why Retailers Need to Rethink How Their Fighting Mobile Fraud

By DJ Murphy

The mobile revolution for retailers has climaxed, as evidenced by the fact that 72 percent of consumers make purchases via their smartphone, according to recent research from iVend Retail. As such, many retailers have smartly upped investments in digital strategy to ensure they can deliver a mobile-optimized experience to consumers. However, what many often (and perhaps unintentionally) forgo is their anti-fraud strategy, likely because they're under the impression that their current desktop and traditional anti-fraud measures will work for mobile. This is not the case.

Mobile Fraud: A Growing Concern

Just as consumers are increasingly turning to mobile to make purchases, fraudsters are too. Industry data found that card-not-present (CNP) mobile fraud attacks alone grew 56 percent in the first quarter of 2019.

What makes mobile such an appealing target for fraudsters has a lot to do with the increasing amount of traffic devoted to commerce on these devices, which makes it easier for bad actors to hide. What’s more, application developers can sometimes be in such a rush to get a product to market that they don't complete comprehensive security testing, making apps available to consumers with unknown vulnerabilities. Fraudsters also create fake and malicious apps — which users download thinking they’re legitimate — enabling them to collect personal information for access to bank accounts and e-commerce accounts with stored payment credentials.

Understanding the Uniqueness of Mobile

Mobile is a very saturated channel with heavy amounts of traffic. Therefore, retailers that want to fight against mobile fraud properly must pay close attention to what a legitimate transaction coming from a genuine customer really looks like. One way to do this is by examining the device’s unique ID. Device IDs provide information on the phone carrier, software, model name and serial number.

Retailers must also pay attention to customer behavior and be able to uncover when it's suspicious. For example, if a customer all of a sudden is making extremely high-priced purchases for items they've never purchased in the past, that's a good indicator that their identity has been compromised and accounts taken over.

Mobile Fraud Prevention

There are a handful of technologies on the market that are extremely good at identifying and protecting against mobile fraud. Chief among them are solutions for identity verification, which includes items like multifactor authentication (MFA), behavior analysis and biometrics — both behavioral and physical.

MFA is one of the most common measures to protect against account takeover, whether on mobile or just in general. MFA ensures that the customer can provide additional authentication and verification through a unique code delivered via SMS, or physical biometrics like Touch ID. The more authentication methods a retailer has in place for the customer, the better their account and information will be protected.

Another strong means of protection is via behavioral biometrics. While behavioral biometrics is a newer technology, it’s incredibly powerful in catching fraud attempts by identifying unique customer behavior patterns like how they touch their screen and type on the device. These are behaviors that a fraudster could not replicate as easily.

Protecting Your Bottom Line

Retailers are placing big bets on mobile, expecting the channel to represent over half of their revenue by 2020. If they want to not only protect, but bolster their bottom line, it’s paramount they understand the uniqueness of the channel. Only then will they be able to make informed decisions on their fraud fighting strategies.

DJ Murphy is the head of content for Card Not Present Expo, a media brand generating original news, information, education and inspiration for and about the companies and people operating in the CNP space.