Booming Mobile Commerce Comes with Elevated Mobile Phone Fraud Risk
Card-not-present (CNP fraud) is predicted to more than double by 2018, driven largely by the US rollout of EMV and expected increases in online spending in the US market from 262.3 billion in 2013 to $440 billion by 2017. In step with this, is it also predicted that retail mobile commerce (m-commerce) sales will exceed $100 billion by 2017.
Given the recent data breaches and overall increases in ecommerce fraud, the vulnerability of the mobile channel is a concern for merchants. The rollout of EMV will increase mobile fraud risks as this becomes the path of least resistance and greatest profit for fraudsters. EMV is pushing fraud into CNP Commerce and M-commerce is not immune.
So what can mobile merchants do to strengthen their risk management against emerging and increasing threats on the mobile channel? This article outlines the top risks in mobile commerce as well as some strategies to combat fraud without going overboard.
State of M-Commerce
Mobile commerce continues to gain momentum as the majority of Americans have a cell phone and increasing numbers of people are using e-readers, tablets and other mobile devices:
- 90% of American adults have a cell phone
- 58% of American adults have a smartphone
- 32% of American adults own an e-reader
- 42% of American adults own a tablet
2013 was a banner year for m-commerce, particularly during the holiday season. IBM data puts mobile traffic at 48% of all online traffic during the 2013 holiday season – a 28% increase from 2012 – and mobile sales contributed to 29% of all online sales – an astonishing 40% increase from 2012.  These trends are expected to continue to increase:
- Mobile sales are projected to account for 19% of e-commerce sales in the U.S. in 2014.
- S. m-commerce transactions (completed on mobile phones and tablets) are forecasted to total $114 billion in 2014, Forrester predicts.
- Forrester also predicts that by 2018, m-commerce transactions will account for 54 percent of the total $414 billion in e-commerce sales expected. 
Smart retailers are using this mobile boom to their advantage. Apple has been courting the idea of using Near Field Communication (NFC) – “a wireless connectivity technology that enables convenient short-range communication between electronic devices.” The company has recently deployed NFC-enabled mobile POS terminals from Verifone in its stores, signaling support for the emerging payment communication standard. Additionally, Apple recently filed patents for mobile payments and has make significant security moves that may lower security hurdles that have been obstacles to mobile payment initiatives previously. 
Also, it was recently announced that a potential deal between Apple and Visa Checkout is in the works for fall 2014.  The financial impacts for this type of move are undeniable – a payment mechanism revolving around iTunes would be a powerful alternative payment form, allowing Apple considerable control over those transactions. In addition to Apple, companies like Amazon, Google and other tech titans may be able to drive incremental revenue in a number of ways:
- Opportunity from value-added services is roughly $2 billion with 5% of digital payments
- Opportunity from offers is roughly $100 billion with 1% of digital payments
- Opportunity from core business synergies is roughly $500 million per every 1% increase in volume, assuming a 10% increase in pricing
Mobile payments continue to gain momentum and we will continue to see big name retailers harness the power of mobile technology and emerging security models to increase adoption of mobile payments at physical retailers, expanding commerce opportunities.
Perceptions and Realities: Mobile Fraud Risk
A recent study indicated that 49% of merchants value increased opportunity as the most important factor in mobile payments and see technology as a way to increase leads and sales generation into all channels.  The obvious benefit to consumers is convenience via faster checkouts and streamlined payment processing as well as the ability to shop online from almost anywhere.
Subsequently, mobile commerce continues to grow – Mobile browsers are accepted as a channel of commerce by 55% of mobile merchants while mobile applications are accepted by 38% of mobile merchants – but fraud prevention tactics in this channel need to grow at an equal pace to be effective against emerging threats. LexisNexis reports that mobile payments are accepted by more retailers than ever but these merchants are relying on fewer fraud solutions in the mobile channel.
There are mixed perceptions when it comes to mobile risk; the number of organizations perceiving mobile as “somewhat riskier” than general web e-commerce rose one-third to 32% (from 24%), but the number of organizations that believed the risk in both as equal fell. Card Associations and Acquirers are more likely to perceive the mobile channel as “somewhat” or “far riskier,” than standard web commerce, whereas card issuers consider the mobile channel “less risky.” 
Top Tools Merchants Can Use to Mitigate Mobile Risk – Best Tools as Perceived by Merchants
Most organizations are aware that fraud risk associated with the mobile channel is higher than standard web e-commerce and 75% of merchants believe that specialized tools are necessary to mitigate risk in the mobile channel.  In fact, only about a quarter of merchants believe that standard e-commerce fraud processes are sufficient for mitigating mobile risk, compared to 37% last year. The number of merchants who believe that mobile requires highly specialized tools increased 15% this year.  These perceptions seems to vary based on merchant size: merchants with annual revenues less than $5 or greater than $50 million were most likely to answer positively that additional tools are needed to manage risk in the mobile channel where merchants with annual revenues between $5 and $10 million did not believe that was the case. 
|MOST POPULAR TOOLS FOR PREVENTING FRAUD IN THE MOBILE CHANNEL|
|TOOL||HOW IT WORKS|
|ID Authentication||Uses one of three factors in which a customer can authenticate his or her identity:
|Device Authentication||Authentication by way of recognizing that a particular device is the same that was used before to conduct successful transactions in the past or, alternatively, that have been used to conduct fraud online.|
|Mobile Geolocation||Geolocation data can confirm the location of the customer and use the information as part of the transaction fraud scoring and authorization decision for online transactions.|
|Telephone Number Identification||Tool used to identify the type of the telephone number customers are providing (mobile, and line, VoIP, etc.) as some types are more likely to be fraudulent.|
|Velocity Controls||By monitoring the average velocity of transactions, merchants can set limits on the frequency with which and when a credit card is used – whether it is daily, weekly or monthly – and how the card is limited (dollar amount, transactions processed or day of the week used).|
|These tools were most likely to rank in merchants “top three” for preventing fraud in the mobile channel. |
Merchants appear to be using a variety of tools to fight fraud in the mobile channel and are increasingly using the tools in the table above, though tools like mobile geolocation are only used by 3% of merchants today and only 3% of merchants plan on adding velocity checks to their arsenal this year.  Merchants plan to add the following to their fraud tools in 2014:
- Complete Fraud Platform (24%)
- Device Identification (16%)
- ID Authentication (15%)
The Best Answer to Mobile Fraud – Use the Right Tools & a Layered Approach
The right combination of tools paired with predictive analytics gives merchants added insight into customers and transactions. For example, a powerful approach to authenticating consumers is to combine a number of tools in a meaningful, tailored way that makes sense for a merchants business. One example is combining device authentication with the relevant personal identifiable information (PII), such as a name, address, phone number and IP address. This allows the merchant to verify a customer’s identity by comparing PII to the device being used (and the consistent identifiers attached to that device) to make the purchase and ensure there are no inconsistencies. Most of these authentication tools like device data or digital fingerprinting can be obtained seamlessly during the online transaction, and allows merchants to provide secure, streamlined and frictionless online shopping experiences for customers via the mobile channel.
One size does not fit all. As mobile commerce continues to gain traction, so too will malicious criminals that seek to exploit it. A layered approach to fraud prevention is necessary for all marketing channels, including standard web commerce and the emerging mobile channel. CNP merchants should seek to find that “just right” balance by leveraging proven technologies to evaluate and analyze the type of fraud they are experiencing. Mobile commerce has unique vulnerabilities and merchants should ensure they are using the right combination of tools that address this channels’ nuances. Given the rapid pace in which mobile channel adoption is expanding, CNP merchants who fail to dedicate proper attention to adapting the right tools to their business may find themselves with significant sales or fraud losses in the very near future.
Since 2005, Verifi has been a leading provider of global electronic payment and full-suite risk management solutions, helping card-not-present merchants improve their bottom line with industry-leading funds recovery rates of over 50%*. The highly customizable payment and real-time reporting platform serves as a foundation for Verifi’s suite of fraud solutions and management strategies. With a commitment of reducing risk while increasing profitability for clients, Verifi’s multi-layered approach enables transaction risk management and mitigation, business optimization strategies, cardholder authentication and chargeback representment for all major credit card brands. Verifi is PCI Level 1 certified and headquartered in Los Angeles, California.