In Part I of our series on mobile fraud prevention, we provided a brief introduction to the benefits and challenges of mobile commerce. We focused on the importance of addressing mobile as its own channel, taking into account both the user experience, and the unique risks of mobile.
Here in Part II, we’ll address common mistakes businesses often make as they enter mobile commerce.
Treating mobile as a simple extension of online commerce tends to increase the risk of it. Unfortunately, that’s the most common approach taken by providers.
1. Taking the same approach as in e-commerce
Addressing mobile risk isn’t the same as addressing risk in a web channel. There are always specific techniques that are more cost effective for one channel than another, and mobile is no different. Let’s consider a couple of specific examples:
- As we mentioned in the first post, IP Geo location and IP-based risk are both common risk analysis tools in traditional ecommerce. However, these methods are less reliable when analyzing mobile traffic. Cell phone carriers, for example, may route mobile traffic through aggregators and gateways, which can be located far from the actual location of the mobile device.
- Many businesses collect less information during the payment checkout process- for example, they stop collecting full billing address, or stop comparing billing and shipping addresses.
Many mobile apps also have access to natural information users submit to improve the app experience. This can include for example, access to phone GPS to provide maps to local stores, multiple forms of user verification at login, or maintaining a history of use that is more frequent and predictable than sporadic visits to a website. However, fraud analysts often fail to use this new information, or the tools they use can’t properly apply this information to develop new fraud prevention rules.
2. Lack of Correlation
Fraudsters will use and exploit every channel they can. They will find the most vulnerable avenue and exploit it until they’ve exhausted the method, and channel.
This means that for mobile- or any other channel- information should be correlated across applications and payment methods. Fraudsters who have already been recognized by your organization and exhausted one channel will likely target it from a different direction, or another payment method — in this case, mobile.
3. Common Tracking
Better decisions are always made when there’s access to relevant data. Some providers may not have realized there are higher rates of fraud from the mobile channel than traditional web. Risk analysts and business owners may be looking at the overall fraud rate, but should track each channel separately to act properly.
An effective risk management program should track common patterns across as many factors as possible- by channel, product, location, payment type, time, and more- in order to analyze what combinations of factors contribute to the highest incidents of fraud. The better you know the risk signals and contributing factors, the better you can screen, and the more cost effective your program. Understanding and segmenting your traffic by mobile vs. online channel should be a factor in that tracking.
4. Acceptance of Risk
“Mobile is higher risk.” Well, perhaps. But there are now cost effective tools to deal with that higher rate of fraud. There’s no reason to risk revenue by simply accepting losses due to fraud, or to ignore the entire channel when there are cost effective alternatives that can help you manage that risk.
To learn more about our own solutions for Mobile Fraud Prevention, feel free to reach out to us directly at [email protected]