Since the first iPhone was released in 2007, mobile transactions have grown 72% year-on-year. Customers today use their mobile devices to search for products, compare online prices while in brick-and-mortar locations, and tap-and-go in checkout lines.
But although consumers tend to view mobile as a safe channel for purchases, nearly a third of all fraud attacks now target a mobile device.
It’s therefore critical to be aware of the top emerging m-commerce risks, so you can know how to protect both your customers and your business.
From fraudulent Irish lottery scams to fake Nigerian princes requesting you send them your bank information, fraudsters have long been launching phishing attacks in which they contact their victims and pose as an authority figure from a legitimate company in an attempt to get the victim to reveal confidential data.
Lately, mobile users have become their preferred targets. iOS users are now 18 times more likely to be phished than they are to download malware.
Mobile phishing is successful because it’s harder for users to verify links on mobile devices. Phony websites also often look more legitimate on small mobile screens than they do on desktop computers.
Fraudsters can place mobile orders, receive the product or service, and then intentionally file a chargeback through the credit card company with the goal of receiving a full refund and keeping the product. Scammers use this chargeback fraud as a way to purchase expensive items, like computers and jewelry, and then resell them on the secondary market.
Fraudsters can also hack into unsuspecting customers’ loyalty apps to steal airline points, credit card data and even stored value on gift cards and turn it into cash. In 2015, fraudsters hacked into Starbucks customers’ apps and transferred the cash value in the app to gift cards the fraudsters controlled. When these Starbucks accounts hit zero, many of them auto-reloaded — and the fraudsters took that new balance, too.
Fraudsters are finding these alternative payment systems to often be easier to hack than are larger financial institutions, making them an attractive target.
Stealing smartphones is yet another way cybercriminals can easily defraud customers. If the rightful owner has selected the option to “keep me logged in” to bank, credit card and other store accounts, fraudsters can easily make purchases, transfer funds and change critical account information.
Unfortunately for e-commerce merchants, the same security methods that work to defend against fraud attacks made from desktops aren’t always as effective on mobile transactions. That means you need to be using the latest in security solutions for the mobile channel, including the following:
Layering identity assessment strategies — i.e., using at least two factors from something customers know (e.g., user names and passwords), something they are (like voice or fingerprint recognition) and something they have (smart cards, etc.) — makes it harder for fraudsters to compromise sensitive data. Each new layer backstops the one before it, protecting against current threats and legitimizing a customer’s identity claim.
Traditional static knowledge-based authentication (KBA) methods — like “Where did you go to high school?” or “What was your first pet’s name?” — are easy for fraudsters to compromise, given the prevalence of personal details that can be found online.
But dynamic KBA creates time-sensitive questions that are harder for a fraudster to quickly answer but easy for the legitimate customer, like, “On what street have you lived in the past 10 years?” or “What was the amount of your mortgage payment last month?” Data for these questions is gathered from public records or third-party agencies and is delivered to, but not stored on, your authentication system.
Velocity filters can help prevent fraudsters who are testing stolen credit card numbers from doing serious financial damage, by monitoring the usage of specific data elements (like email addresses, phone numbers, or billing/shipping addresses) and preventing the number of times transactions that include the same data elements can be processed in a certain time frame. For example, a velocity filter may be set to allow no more than three transactions with the same email address from being processed on the same day.
But as mobile phones and fraudsters become smarter, it’s your responsibility to be even smarter with your fraud prevention strategies. One effective approach to combine the latest in artificial intelligence with a trained team of fraud protection specialists. This can prevent your customers from being defrauded and give you additional insight into your customers and incoming transactions.
To help you better understand your fraud risks in the evolving m-commerce market and the steps you need to take to protect your business and customers, we’ve created the “Merchant Guide for e-Commerce Fraud Protection.” This free guide gives you all the information you need to select the fraud prevention solution that will secure customer data and ensure fraudsters aren’t slipping past your defenses and cutting into your profits.