The rapid growth of mobile as a first channel for commerce offers challenges and opportunities for accepting payments. The potential for fraud on mobile is high, so what can you do to manage risk?
As we increasingly utilise mobile for so much of our everyday activities, consumers and merchants alike need to be aware of what has changed and what that means for the potential of fraud. Consumers clearly want to buy on mobile but they need assurances that their money is protected. Merchants have to constantly adapt with both technology and legislation to keep ahead of the fraudsters and offer consumer confidence.
IP address monitoring, which forms much of the ecom fraud backbone world, is pretty useless as a standalone guard to fraud on mobile. Not only can IP addresses be spoofed but mobile operators often mask IP address ranges and the high availability of public wifi networks means we need to think of other methods.
The card schemes are delving into partner agreements with operators to share information on location of device and location of card – At its most basic level, a card in the UK and a phone in the US could point towards a strange pattern of behaviour which could flag a potential fraudulent transaction. But this is far from ideal as a ton of false positives will prevail, leading to both merchant and consumer frustration.
The card schemes and the issuing banks often suggest 3D secure, which again stems from the ecom days but on mobile, it is not fit for purpose.
Not only can 3DS be potentially hacked but it will kill a merchant‘s conversion rates. The merchants that decide to go down the 3DS route feel a false sense of protection as they are taken out of risk exposure but are also denied legitimate spending customers who switch off through the additional layer of friction or worse still go elsewhere.
Ask yourself this important question – when building a mobile channel to attract new customers and retain loyal customers are you prepared to accept risk but manage it with a ton of new tools that can help OR do you decide to not manage any risk, push your consumers down to 3DS and accept that your sales will be crushed and app ratings be potentially damaging?
In some markets 3DS works. It really does. It makes consumers feel confident about their purchase. But mCom is not eCom. Mobile is a new and exciting channel – it needs to be treated in a new way.
So what can you do?
Starbucks is the most successful mobile app and a load of information on why its so successful has been written about time and time again. In my opinion the success of that app comes down to a few easy to understand factors:
Firstly a great brand with great products, secondly Starbucks makes it easy to use and engage. But importantly Starbucks are prepared to manage potential risk and weigh that with how much revenue is generated through this vital channel.
With this approach they ensure the consumer journey is compelling and vitally make it secure and seamless without offloading all the potential risk.
So what can you do to balance risk effectively?
For the most potentially risky transactions consider 3DS but only for a small percentage. For all other transactions look at all the factors, as many as possible including but certainly not limited to: device ID, app store ID and location, longitude and latitude, velocity checks – and the list goes on.
If we harness all of these data points we can offer an effective real time assessment of all transactions.
Fraudsters will continue to try their luck and will continually pick the scab of easy target apps. Don‘t let them win. Wake up to mobile fraud before it hurts you. There is a better way.