This is a guest blog post by Forter, a certified Demandware LINK technology partner
With a phone in every pocket, it’s no surprise that all eyes in the retail industry are turning towards mobile commerce. Every phone has more processing power than the computers that sent men to the moon, so there’s a world of unexplored potential within the devices that have become an essential part of our daily lives.
According to Forrester’s Vendor Landscape: Mobile Fraud Management Solutions report (paid subscribers), US mobile commerce (phones and tablets) will top $252 billion by 2020, while mobile payments will exceed $141 billion in 2019.
Yet many online retailers are not yet fully equipped to deal with mobile fraud. Nearly 50% of merchants still don’t track fraud by channel, according to the CyberSource Annual Fraud Benchmark report – and if you don’t know where your fraud is coming from, you’re at a serious disadvantage when it comes to stopping it.
Moreover, the fraud prevention methods devised for ecommerce aren’t necessarily a perfect fit for mobile. There are three categories of difference here: methods that aren’t relevant for mobile, methods that need adjusting for mobile, and methods that exist only for mobile.
- The first category shows why you can’t just use the fields you’ve developed for ecommerce for mobile. Some of the things ecommerce fraud fighting relies on aren’t appropriate for mobile, like the details that can be gained from computer browsers, and IP addresses that are static rather than, well, mobile. They’re specific to the ecommerce platform, and a good sign that mobile needs consideration as its own channel.
- In the second category, other methods such as behavioral analytics can be enormously valuable but need to be recalibrated for mobile. Customers don’t behave the same way on mobile that they do on websites. Your marketing folks know this, but fraud prevention often ignores this fact. That’s unfortunate (not to mention dangerous) because basing your behavioral expectations on the wrong norms will let the bad guys through, and block some good ones.
- As far as the third category goes, if you’re not taking advantage of the data that mobile devices provide, you’re missing out. There are all kinds of things you can learn from devices that are designed to move around which aren’t relevant to static equipment like desktop computers. Your fraud prevention system won’t be able to take these into account if you don’t give mobile the attention it deserves as a developing channel.
As Forrester points out, “fraudsters are quickly moving to the mobile channel” and therefore it is necessary “to adapt the risk-scoring models in enterprise fraud management (EFM) solutions to account for the unique nature of mobile fraud.”
Tighter security controls no doubt make life harder for online criminals, but when it comes to card not present fraud, online merchants are the ones who pay the price. Retailers need sophisticated antifraud mechanisms to protect their own interests, their reputation and their revenue. In fact, Forrester encourages retailers to ask the tough questions when evaluating mobile fraud management solutions. Specifically:
- Is mobile fraud management built in natively?
- Are users profiled across mobile devices?
- Are GPS, accelerometer and power-setting tracking monitored?
- Is the solution able to detect jailbroken devices?
- Does the solution offer a mobile SDK that allows for the collection of certain attributes?
Mobile is attractive to fraudsters for one simple reason: online criminals go where the money is. If they can find a way to scam retailers and/or consumers, they will invest time and effort finding vulnerabilities. The challenge for retailers is to keep fraudsters out without jeopardizing the shopping experience for legitimate customers.
Achieving this delicate balance is particularly challenging on mobile, due to high customer expectations and the ever-increasing ingenuity of criminals.
There are many ways fraudsters can infiltrate mobile commerce: They can take over an app account, register stolen card information to mobile wallets, break into mobile banking apps, divert single use passwords to their own phones, use retailer’s mobile apps to make fraudulent payments, and more. We’ve seen cases this year where criminals managed to get their own details added to a victim’s bank account – and you can just imagine the danger.
Traditional fraud prevention solutions try to adapt existing solutions to mobile instead of creating something that’s designed for the unique profile of the mobile channel. This may have made sense when mobile commerce was insignificant but it is growing very fast. It’s time to stop treating it like ecommerce’s little brother and start optimizing for mobile customers’ needs.
Making the most of mobile commerce, and allowing your customers to do the same, requires fraud prevention that’s designed for mobile. It should facilitate a frictionless customer experience, with no extra demands for information or delays. Like every other aspect of the business, antifraud can contribute to great consumer experience, happier customers and increased sales.
You have optimized your site for a great mobile shopping experience. Don’t overlook a mobile-first approach to fraud prevention.