Top Fraud Tips to protect your payments from start to finish, across all channels
Consumer behavior is changing. According to Google, “67% of people have used multiple devices sequentially to shop online.” From advanced ordering to reading customer reviews to even watching t.v., consumers expect their device to “do it all.” Payments are no exception. Merchants should begin to consider the role of mobile in their business model as well as the impacts this channel will have on profits….and losses due to fraud.
There are a number of factors that will influence continued mobile payments adoption and there are key considerations that merchants should keep in mind when determining their best defense against fraud in this channel. Whether used as an extension of online shopping or for mobile proximity payments, protecting the mobile channel calls for an appraisal of factors to arrive at an effective yet realistic fraud prevention strategy.
“Mobile” computing and payments can occur on smartphones or tablets, each with unique user experience and behavior patterns.
- Gartner estimates that 1,946,456,000 mobile phones and 320,964,000 tablets will be shipped this year (as compared to 261,657,000 traditional desk-based and notebook PCs)
- Gartner also projects that smartphones will account for 88 percent of all mobile sales by 2018. 
- The average amount of time that people are spending on their mobile devices has risen by over 177% (up to by about 40 minutes over 2012 to 1.85 hours/day)
Distinguishing amongst different devices can be done through tools like device fingerprinting that aid in fraud prevention by recognizing that a particular device was used previously in either a legitimate or fraudulent transaction.
Consumers can interact on mobile through mobile apps or browser-sessions, each with unique functionality and security implications. Apps are often built with enhanced security features while mobile browsers are an extension of what a user would experience on a desktop browser, though often “thinner.” Apps require different versions depending on the device type and platform (Android vs. iOS), while browser experiences are more unified and easily updated for operating system updates or device upgrades. Apps used to be the preferred route for mobile use, but browsers have gained popularity, which signals a greater need for enhanced security features and options. According to a study by Instart Logic, millennials are more inclined to make a mobile purchase via browser (57 percent) than through an app (43 percent).
Consumers are engaging with merchants across a number of methods and channels, each serving a specific purpose. Consumers may evaluate a product in-store and later purchase the item via a mobile device (“showrooming”) or view inventory information on a smartphone and then call customer service to verify the item is in stock at their local store. According to eMarketer, 72% of US online consumers have made a purchase online after browsing for a product in-store. Additionally, according to a PwC survey, the majority of US respondents (65%) use at least 2 channels to shop and 21% are using four or five channels to shop. These consumer interaction touch points illustrate the need for a cohesive, unified brand messaging strategy across all channels as well as the ability to collect data and obtain a unified perspective of shopper – and fraudulent – behavior.
Understanding the Challenges
There are a number of challenges that this growing channel brings to the table for card-not-present (CNP) retailers, and we’ve laid out some of the more prevalent ones to consider. While there will be novel obstacles as the mobile ecosystem evolves, there are solutions that will more appropriately address these challenges, if merchants employ a comprehensive and layered fraud strategy; one that protects the merchant’s payments across channels and throughout the transaction lifecycle.
Fraud Challenge: As mobile gains popularity and more people adopt this payment method, it will lead to new user registration for mobile sites. New users may not have much – or any – prior transaction history by which to build a user profile.
Fraud Solution: Relying on velocity controls alone to detect abnormalities in purchasing behavior is unwise. However, used in conjunction with device fingerprinting, the two can better help merchants determine whether or not a purchase is being made by a legitimate customer or a fraudster. Device authentication recognizes that a particular device is the same that was used before to conduct successful transactions in the past or, alternatively, that have been used to conduct fraud online.
Fraud Challenge: Keying in secure data on a mobile device can prove to be difficult and may result in mistakes that impact authentication. This problem is compounded by the fact that some mobile apps do not save credit card information or offer one-click purchasing.
Fraud Solution: Pairing front-end fraud security tools like geolocation – which confirms the location of a customer and uses the information as part of the transaction fraud scoring and authorization decisions – with tools like chargeback notifications on the backend is a winning combination. Chargeback notifications enable communication and collaboration between participating card issuers and merchants so that merchants can resolve disputes with the customer before they become chargebacks.
Fraud Challenge: 3-D Secure faces hurdles on mobile: merchants with mobile sites may have trouble getting the authentication pages to render, particularly if the issuer is not also mobile-aware.
Fraud Solution: Multi-factor authentication – a method of access control where a user inputs two types of authentication such as a password paired with a fingerprint – can be helpful not only bypass “clunkiness” associated with 3-D Secure on mobile, but also to provide safe, secure and user-friendly means of authentication. Some mobile devices have built in tools that can be used for authentication, such as fingerprint readers. Using inherence features like biometrics is steadily becoming common practice since there is decreased possibility of false credentials.
No matter which tools you implement, your mobile fraud prevention strategy should focus on stopping fraud without causing undue friction in the sales process or to good customers. This requires striking a balance in your overall fraud strategy between front-end fraud tools to stop fraud and backend tools that tie in feedback loops without hindering sales.
Fraud Challenge: The use of mobile phone and text features for transaction verification and in second factor authentication (the use of a smartphone as “something that the user possesses” where a user receives a one-time dynamic passcode for authentication) has been exploited to commit Account Takeover (ATO). Fraudsters have found ways to insert themselves in that process through tactics such as phone porting, which requests the number be reassigned or forwarded to another device.
Fraud Solution: Velocity controls let merchants monitor the average velocity of transactions and set limits on the frequency with which and when a credit card is used – whether it is daily, weekly or monthly – and how the card is limited (dollar amount, transactions processed or day of the week used).
Measuring variances in common behavior can be an effective way to stop account takeover. Velocity controls allow merchants to identify high-risk transactions, triggering an appropriate response that ranges from additional review to suspending a transaction. Velocity controls help focus fraud prevention where its needed and improves the efficiency of fraud prevention efforts so that time and energy isn’t wasted evaluating transactions that don’t merit further investigation.
The mobile shift is fast upon us and shows no signs of slowing down. It is sure to bring additional sales opportunities….and more fraud. Both consumer and fraudster behavior will evolve alongside the channel and merchants need to focus on both consumer experience and security to survive and thrive in this channel.
The pressure on merchants to employ a rigorously secure yet frictionless mobile experience can be overwhelming. Creating a solid fraud prevention foundation that is layered with the right, channel-specific tools and controls can aid in securing transactions from end to end without burdening the front-end with overly-sensitive measures. The mobile channel will continue to rapidly expand, achieve widespread consumer adoption and ultimately provide additional sales opportunities. Successful merchants will optimize the mobile experience as part of an overall omni-channel strategy while remaining vigilant, agile and – most importantly – secure across all channels and transactions.
Verifi, an award-winning provider of end-to-end payment protection and management solutions, was founded in 2005 to help our clients effectively manage the payments challenges they face everyday. Verifi helps merchants safely process payments, combat fraud, prevent and resolve costly chargebacks, as well as increase billings and keep loyal customers. Our best-in-breed solutions and white glove support are trusted by a wide range of industries from emerging companies to the Fortune 500. Headquartered in Los Angeles, California, we process more than $20 billion transactions annually and currently serve more than 25,000 accounts internationally.