Idaho Business Review: Survey: Mobile payment options are increasing, but so is fraud

10-May-2016

Merchants are using mobile pay more and more frequently, but most don’t know if doing so increases their risk of fraud, according to a survey by the Boise-based Kount.

Kount, an electronic commerce security firm, surveyed businesses for the fourth year in a row and found that use of mobile pay has risen sharply since its first survey, in 2012. About 82 percent of merchants accept mobile pay now, compared to 54 percent in 2012. The number of merchants who receive at least 30 percent of their revenue from mobile payments has increased to 29 percent since 2014, when only 9 percent did.

But mobile fraud has increased concurrently. Don Bush, vice president of marketing at Kount, said the rate of fraud has risen about 24 percent per year, or 81 percent since 2011, but only 15 percent of business owners know there’s a fraud increase. “For the first couple of years we saw a great deal of concern with security and fraud,” Bush said about the survey. “Then there was a shift in concern to payment types about the time Apple Pay came out.”

Kount analyzed more than 100 million transactions that crossed its server between 2011 and 2015 to come up with the figure of 81 percent. Bush said mobile fraud has increased because options for mobile payment have risen.

“Criminals will always take advantage of change,” he said.

Mobile pay can be broken into two categories: Point of sale mobile pay, where a phone is waved over a card reader; and online purchases, where credit information is transferred from a mobile device to a store’s network.

Most of the business owners surveyed didn’t know whether the payment options they added carried security risks, or what to search for when looking for signs of fraud, Bush said.

“I’ve been to Nashville, Australia, the United Kingdom and Toronto and merchants all over are alike because they all say we don’t have a fraud problem,” Bush said. “It’s not because they’re stupid, but because they don’t recognize the symptoms and how it is affecting them.”

Some merchants, 41 percent, do believe that mobile payment methods are riskier than traditional electronic commerce, but most business owners said they feel pressure from customers and other businesses to offer mobile pay. About 60 percent of the businesses polled said their mobile strategy was “very important” to their overall growth plans.

“Stores are concerned that they have to accept convenient types of payment or their customers will leave,” Bush said.

Business owners can take several steps to secure mobile payments.

Point of sale mobile pay is already one of the safer payment options if customers are using trusted apps such as Google Wallet, Softcard and Apple Pay. The problem is that many businesses don’t realize they can accept these type of transactions, said Brad Arendt, former chief operating officer for Alliant Merchant Solutions, which helps businesses customize payment option services.

“A lot of these systems are out there and available for the merchant to use. They just either need to turn them on or update their system,” Arendt said.

Point of sale mobile apps such as Apple Pay and Google Wallet offer a level of security similar to that of credit cards and work on many of the same card readers, Arendt said.

A user enters the card information into the app and it is sent to the associated card provider in exchange for a token that rests on the phone. The card information is then deleted.

The token that rests on the phone communicates with the card reader at checkout and creates a duplicate one-time-use-token that is sent to the card provider. It is possible for these tokens to be intercepted, but because they are only good for one use and because the original token can be hidden behind a bio-metric scan on individual devices the process is more secure than traditional magnetic cards, Arendt said.

These apps are considered safer than apps and magnetic cards that directly transfer credit information through the system, Arendt said.

“Essentially you can’t do anything with that one token if you do manage to steal it,” Arendt said. “This is great. Even if someone got to the merchant the consumer is protected.”

Mobile purchases made through a store’s website are susceptible to many of the same risks that purchases from a laptop face and similar caution should be applied, Arendt said. Shoppers should ensure they are on a secure private network when making a purchase and watch for phishing links and email scams.

The mobile fraud rate is expected to continuing increasing as more businesses and consumers adopt the technology.

“Criminals love change because they are sophisticated,” Arendt said. “While everyone is trying to figure it out they can go in and cause trouble.”

The easiest way for a business to add mobile payment options is to work with a service provider like PayPal, Bush said. These providers usually offer some security measures, such as HTTPS, that ensure only the store’s server and the customer’s device have access to the customer information in a transaction. He also suggested business owners read Cardnotpresent.com, a mobile payment news source.

By: Benton Alexander Smith May 10, 2016 at the Idaho Business Review