The Green Sheet: Nipping Mobile Fraud in the Bud
Shortly after releasing the Mobile Payments and Fraud: 2015 Report, Kount Inc. divulged key insights from its analysis in an interview with The Green Sheet. Kount, in partnership with The Fraud Practice LLC and CardNotPresent.com, surveyed 2,000 mobile channel players and merchants for this third annual report on fraud in the mobile channel. The aim was to uncover emerging trends in payments, new technology adoption and fraud prevention strategies.
"We're starting to see some fraud in the mobile channels, so we understand that we can't just do what we've always done," said Don Bush, Vice President of Marketing at Kount. "We're starting to see people move payments and purchasing, not just browsing, from the mobile channel."
He noted that in past surveys, retailers were waiting on the sidelines to determine which mobile payment solutions would pan out. In the current survey, recent entrants like Apple Pay, alongside existing Google Wallet and soon-to-launch Samsung Pay were showing signs of spurring market interest in mobile payments.
But timing of the mobile movement could prove awkward. Bush believes the combination of Europay/MasterCard/Visa (EMV) chip-card adoption, ongoing data breach exposure and mobile payments could create a "perfect storm for fraud" in the U.S. market.
"One of the things we've noticed is that fraudsters are happy to take advantage of all this new movement out in the marketplace," Bush said, noting that in assessing retailers' efforts to thwart fraudsters, one merchant recently said, "It looks like it's getting much more difficult for us and much easier for them."
But if we fail to mitigate fraud we could follow in Europe's footsteps. "In the EU, when they saw fraud go up after the EMV push, they saw it rise for a good six to eight years," he noted. "And what they did is they started making regulations, which nobody wants. They saw fraud go down, but they also saw sales go down," due to the friction additional layers of security created for users.
Mixed fraud prevention tactics
Uncertainty among survey respondents as to whether fraud tools could be used across channels was revealed by the 47.4 percent who said they felt e-commerce fraud processes and tools could not support mobile fraud risk management entirely. Equally troubling, the survey analysts found mobile payment adoption and fraud prevention strategies varied greatly by industry.
Bush believes the more barriers to fraud the less attractive a business is to cyber criminals, who prefer to target systems easier to penetrate. He recommends a multipronged mobile payment fraud prevention strategy that involves such basics as knowing what type of device an entity is interacting with, the location of the device itself and the device ID number. Sadly, the survey also revealed that identity authentication use across all organizations declined from 41.7 percent in 2013 to 38.2 percent in 2014.
In addition, Bush noted that after pegging a device as a mobile phone or tablet, tracking location can be tricky. "You need to know exactly where that device is," he said. "If I'm using a laptop, I'm connecting through an IP and you can usually use geolocation. On a phone, I may be going through a cellular network, I may be using an IP that switches as I use it; it's a little more difficult to tell the location."
However, Bush pointed out that it can be done. "If I'm buying something and I say I'm in Chicago, but my device is really in Vietnam, that's a red flag, because fraudsters try to mask who they are and where they are and what they're doing," he said.
The next step is to identify the device itself. "We call it device ID or device fingerprinting," Bush said. "It becomes more important on a mobile device, because of the way fraudsters try and mask what they're doing. They'll switch SIM cards, they'll use prepaid phones, they'll use caller forwarding, which is an interesting method of fraud."
While some retailers are beginning to catch on, there is room for improvement. The top tools currently employed by merchants surveyed are ID authentication (38.2 percent), device ID (35.7 percent), secure mobile payment methods (30.5 percent), rules engines (26.6 percent) and fraud scoring (24 percent).
Source: The Green Sheet.