Attack of the Phones: Why A Mobile-First Fraud Prevention Mindset Is Important

Attack of the Phones: Why A Mobile-First Fraud Prevention Mindset Is Important


All eyes in the payment and banking worlds are on mobile phones at the moment, and with good reason. Though the past few years have already given us mind-boggling statistics like there are more cell phone users than toothbrush users on the planet, 2017 marked the first year in which it’s absolutely clear that consumers are beginning to prefer mobile phones for their payment, shopping and banking needs.

Purchases made on smartphones now make up for 40% of online sales, and mobile purchases during the holiday season actually surpassed desktop purchases for the first time in history. Meanwhile, 53% of US smartphone owners with a bank account use mobile banking on a frequent basis — and that number continues to climb.

Despite the increasing prevalence of mobile payments and mobile banking, a significant share of people still have reservations about adopting to the form of technology because they believe it is unsafe or are not sure how safe it is. In fact, 67% of people who don’t make online purchases using their mobile devices and 73% of people who don’t use mobile banking cite concern about the security of the technology as one of their top impediments to the adoption of mobile financial services. The main aspects of security that worry these consumers include fear that the phone will be hacked, fear of data interception, fear their phone will be lost or stolen, and worry that companies are not providing sufficient security to protect mobile transactions.

The instinct of these consumers is not altogether wrong. After all, the very same fears that consumers have when it comes to adopting the use of mobile phones for financial transactions are the very security vulnerabilities that fraudsters count on — especially the point about companies not providing sufficient security to protect mobile transactions. The world of mobile payments and banking exploded so quickly, many banks and online retailers are not yet fully equipped to deal with mobile fraud, especially fraud that happens via mobile apps. And hungry fraudsters are keenly aware of this vulnerability.

Fraudsters follow the money, and with more and more global transactions taking place via mobile phones, it is a lucrative hunting ground for sinister actors with criminal intent. That’s why it’s imperative that businesses and financial institutions take a closer look at their mobile fraud prevention methods. Take banks, for example. Many banks use risk management systems built on manual processes — a relic from the days when customers visited their financial institutions in person to apply for loans, withdraw money and carry out other banking activities. The very nature of mobile apps necessitates an update in banks’ risk management systems, which must be fully secure with efficient authentication protocols in place at the front end to protect both themselves and their customers.

Meanwhile, many e-commerce sites are guilty of trying to adapt existing solutions to mobile when it’s a far better mindset to think about fraud prevention solutions specifically designed for the mobile channel, where customer friction levels have the power to make or break a business. With experts predicting it’s only a matter of time before most online purchases are made via phones, it’s time to stop viewing m-commerce as a stepchild of the transaction world and give it the star fraud prevention treatment it deserves. Doing so will help alleviate some of the most pressing consumer fears about mobile transactions and help optimize the mobile environment to meet more customers’ needs.

Unfortunately, there is no switch that can be flicked to erase mobile fraud. However, banks and online retailers are able to strengthen their mobile fraud protection by utilizing strong device fingerprinting solutions. In the online world, a person’s device acts as their online identity — the technological equivalent of a real, live customer in a brick-and-mortar establishment. It’s also one piece of “identity” that is much tougher for fraudsters to continue replacing, as opposed to easily swapped out online identifiers like email addresses. Distinguishing customers’ devices through their unique characteristics and analyzing them independently of personal data allows businesses to verify transacting devices and thus, in most cases, verify the connected customer. When it comes to mobile banking, this strong customer authentication (SCA) may even eliminate the need for secondary authentication steps for positively identified trusted devices (i.e. trusted customers), which greatly reduces customer friction.

An additional option banks and businesses can turn to in the fight against mobile fraud is a mobile SDK (software development kit) solution. Mobile SDKs can be easily integrated into existing fraud prevention solutions with a short code snippet that allows businesses to detect high-risk anomalies across all mobile payment and banking platforms (e-wallets, apps, one-click payments, etc.). The help of machine learning in mobile SDK solutions can detect tampered devices, the presence of a stolen identity and even the increasingly ubiquitous account takeover fraud. This allows for instant and confident acceptance of on-demand activity within a native mobile application, whether it be a large bank withdrawal or an expensive e-commerce purchase.

With the complexity and volume of mobile fraud attacks escalating every day, now is the time for banks and online businesses to call out their fraud prevention methods and make sure the solutions that are in place are expertly developed to handle the ever-increasing and ever-changing mobile world. Companies that phone in their mobile fraud protection will most certainly get an answer: it will be from clever fraudsters who have learned to prey on our mobile-first world.

Download the original article published in Payments & Cards Network Magazine • Vol. 4 Issue 2/ 2018 (PDF)