Mobile Fraud Protections Are Erratic and Poorly Understood

As the mobile commerce channel continues to surge, a new study finds that merchants are not keeping pace with growth when it comes to fraud and mobile payment adoption.

The 2015 Mobile Payments & Fraud Survey, from Kount, CardNotPresent.com and The Fraud Practice, found that exponential growth in uptake by consumers has led to many organizations’ confusion about best practices in payments and fraud mitigation. This may be one reason there appears to be a slight slowdown in adoption and policies surrounding the mobile channel.

In addition, concerns over the implementation around new payment methods such as Apple Pay have arisen. And while new tools are available to merchants to meet increased fraud, there is very little consistency in adoption of these tools across industries.

“As barriers to mobile adoption continue to fall and mobile payments of all kinds surge, a greenfield is emerging for fraudsters,” said Steven Casco, CEO of CardNotPresent.com, in a statement. “What was once not worth their time is becoming very lucrative and companies throughout the e- and m-commerce ecosystem are just beginning to understand how vulnerable they actually are. This report is the most comprehensive treatment of attitudes toward the mobile channel available, examining how merchants and service providers are trying to protect it and how fraudsters are attacking."

A major issue appears to lie in visibility. Nearly half of organizations surveyed (40.8%) said they are uncertain if fraud increased following a major data breach, and over half (60%) of respondents are uncertain if mobile fraud is growing at a faster, slower or equal pace as their overall mobile transaction volume.

There’s also very little knowledge around devices and how they’re being used. Just less than 40% of organizations can detect if a customer is transacting from a mobile device, and only 17% can determine the type of mobile device.

The survey found that mass merchants are most likely to identify mobile devices by type (45.5%), whereas zero% of insurance companies surveyed could determine whether transactions are coming from a mobile device at all.

Gaming/social sites are the only merchant category able to identify all transactions that come from mobile devices, but only one-quarter (25%) can determine the device type.

Less than 40% of merchants surveyed track fraud by channel and differentiate it from standard e-commerce transactions overall.

Organizations are split on where the fraud originates, as 32% indicated mobile fraud was coming from domestic transactions, while 31% stated most mobile fraud comes from international sources.

“The data shows that the industry as a whole is further behind on mobile adoption and fraud protection than they were a year ago, and in fact, some are even pulling back from it,” said Don Bush, vice president of marketing at Kount. “It seems everyone knows that mobile is finally poised to make an impact, but the urgency to make sure mobile fraud protection is in place is lacking. To successfully support the growth of mobile, organizations must first ensure IT departments are talking with fraud teams to understand risks and rewards or mobile fraud will grow to a bigger issue in the coming years.”

Fraud protection strategies appear to be wildly inconsistent as well. Respondents are uncertain if fraud tools can be used across channels, with nearly one half (47.4%) reporting that e-commerce fraud processes and tools can’t support mobile fraud risk management completely.

Merchants are employing more tools and services to combat mobile fraud, as 79% overall say they are using one or two tools, while only 40% of merchants listed just one service; the number rises to three for merchants with greater than $50 million in revenue.

Across all organizations, the top three tools for preventing fraud in the mobile channel are reported to be ID authentication (49%), device ID (48%), and secure mobile payment methods (44%).

Meanwhile, consumers are using various payment methods for mobile transactions: credit cards are the preferred method (62.6%), but PayPal (13.5%) is almost as popular as paying with a debit card (14.5%). The number of merchants that consider managing the complexity of new payment types the biggest obstacle to mobile adoption more than doubled to 20% in 2014 from eight% in 2013, and has tripled since 2012 (6.5%).

While Apple Pay launched less than six months ago, it already has equal levels of merchant acceptance as Google Wallet; both are accepted by 32% of merchants that accept mobile wallets. However, support for Apple Pay (42%) by service providers and non-merchant organizations already exceeds that for Google Wallet (39%). Less than one quarter (23.7%) of merchants accept mobile wallets at all, which is the lowest among all respondent groups.

 “Overall, organizations are earning more revenue and implementing new solutions to meet the needs of customers and merchants in the mobile channel,” said David Montague, president and executive consultant at the Fraud Practice. “At the same time, there is a noticeable shift from a focus on risk management to managing the complexity of payment methods and channels, including mobile wallets and mobile point of sale payments. Organizations must work to find a balance in managing both as the industry continues to make strides in all aspects of mobile channel development.”

What’s Hot on Infosecurity Magazine?