The ecommerce space is rife with fraudsters looking to skim customer data and use it for online purchases. In this area, we have seen many different forms of fraud, including identity theft, chargeback fraud, and friendly fraud.
Being able to shop from your smartphone or other devices is a relatively new development and, so, mobile fraud comes from fraudsters trying to take advantage of gaps in mobile security. Between 2011 and 2020, payment fraud tripled globally.
Particularly during the COVID-19 pandemic, mobile and purchases surged for hygienic reasons, and have not abated. Mobile payments are projected to reach USD 2.1 trillion in 2023 and, with that, comes a wider window for mobile payment fraud. Let’s take a look at a few examples of how this was presented:
Account takeover or ATO is the most well-known type of fraud in the online space and remains the most prevalent. The particular danger lies in cases where financial or government account credentials are stolen. This can be done in several ways, e.g., phishing, credential stuffing, man-in-the-middle attacks, etc.
There are several ways fraudsters try to impersonate merchants. In the mobile context, it can take the form of rogue mobile apps that mimic genuine ones or false online shops.
Short links are used more and more in mobile contexts where there may not be space to display a long URL. Especially with the advent of QR code payments, it has become harder for consumers to verify whether they are following a valid link or a false one that makes it easier for their data to be pirated. The end result of these techniques is always the same - fraudsters gain access to the funds and personal data of end users.
There are several measures that online businesses and merchants can take to protect themselves and their customers from targeted mobile fraud.
Firstly, having a robust payment security system is a good starting point. Asides from complying with mandatory PCI and PSD2 requirements, including components that ensure two-factor authentication is paramount. These can include 3-D Secure or newer options like Delegated Authentication. Related to this is network tokenization, which is a type of technology that replaces PANs with a representative token, reducing the use of PANs during the payment process.
Click to Pay is another option with which PANs can be cloaked altogether. On the authentication side, merchants can also offer biometric options to clients, as an alternative to passwords. Using options such as facial recognition, hand geometry, and voice recognition may be easier and faster for mobile users and harder for fraudsters to fake.
Using a dedicated fraud engine such as risk-based authentication (RBA) is another tool in a merchant’s arsenal. This AI engine automatically assesses each log-in or transaction based on the prior behaviour of the customer, i.e., customer behavioural analytics. Other fraud prevention engines include link analysis and graph databases, providing information on flagged cards and devices, and adding an extra layer of security.
Finally, merchants can also encourage customers to follow simple anti-fraud measures, such as checking that they are shopping using a legitimate URL with an SSL certificate, using a security scanner on their device, and not downloading apps that are not from an official Apple or Android app store.
The increased rates of fraud and cybercrime in the last few years have only shown that we cannot rest on our laurels when it comes to fraud protection and prevention. Fraud methods have changed and are ever-evolving, which means we need to take a multifaced and collaborative approach to prevent it. It is also very important to analyse the customer journey to identify possible gaps in fraud prevention measures. For this reason, it is best to not stick to only one form of fraud prevention, but a combination of different tools.
With the holidays coming up and big retail events such as Black Friday, there will be a surge of potential sales and transactions in the months to come. To ensure that you maximise your business and avoid cyberattacks, you should optimise your mobile offering and make sure your defences are sharpened against mobile fraud.
Not sure where to start, or feel like your fraud defence could be better? Don’t hesitate to reach out to the Netcetera team. We‘re happy to advise you on any of the aspects above.
This editorial is part of The Paypers' Fraud Prevention in Ecommerce Report 2022-2023, the ultimate source of knowledge that delves into the world of fraud prevention, revealing the most effective security methods for companies to stay one step away from bad actors and secure their businesses.
Jumaane Hutchinson is Head of Product for Mobile Wallet and Banking at Netcetera, supporting companies to improve and innovate their digital mobile propositions. Jumaane has vast experience in managing and developing mobile-focused products within the financial services industry. A Computer Science graduate, he developed a keen interest in developing technical products and a passion for product management.
About Netcetera
Netcetera is a global software company providing individual digital solutions in the areas of secure digital payment, financial technologies, media, transport, healthcare, and insurance. More than 2,000 banks and issuers, and 150,000 merchants rely on their digital payment solutions.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now