As online shopping grows in popularity, more of it has shifted to mobile. With this comes increased risk and fraud attempts on mobile devices. When optimizing your ecommerce platform and payment gateway for mobile, it’s important to consider mobile payment fraud and establish tools and systems that detect and prevent fraud on mobile.
Tackling mobile fraud means first understanding what it is and how it impacts your ecommerce platform. As an ecommerce retailer, you can regain potentially lost revenue from falsely rejected legitimate payments. This article will cover the following to help you improve mobile fraud security.
Before we dive into strategies for reducing mobile payment fraud, let’s look at what mobile fraud is, who is a likely target, and the main types of mobile fraud.
Mobile fraud is when fraud occurs on mobile technology, including devices, platforms, and software. Mobile fraud can take many shapes, but fraud detection, protection, and prevention can be achieved by using rules and signals that help identify mobile fraud and stop it in its tracks.
Mobile fraud is distinct from phone or telecommunications fraud, which involves intentionally using telecommunications products or services to illegally acquire money or gain services without paying.
With modern technology and the proliferation of mobile purchases, everyone is susceptible to mobile fraud to some degree. Customers should do all they can to protect themselves, but as an online retailer, you should provide customers a secure, safe method of payment.
To do that better, let’s look at the main types of mobile fraud and how it commonly occurs.
Mobile fraud takes a number of different forms, and can be broken down into different types. It’s important to understand the types of fraud that are occurring on your platform as well as the metrics to track to improve conversions. The more you know, the better you can tailor your defense.
Here are 9 of the main types of fraud:
When someone gains access to a customer’s legitimate account for malicious use. This can occur in a variety of ways, such as data breaches that reveal customer information, poor authentication solutions, and physical mobile device theft. In some cases, fraudsters create fake websites, emails, and apps to collect user information for other accounts.
How to reduce impact: Account takeovers can be prevented by requiring a strong, specific password for each user account. Two-factor or multi-factor authentication also adds a layer of mobile fraud protection and helps secure your account.
When customers call in to access their account, they are asked personal questions to verify their identity (such as date of birth, driver’s license, and social security number). If a malicious person gains access to this information, they can provide it to customer support and gain access to a customer account.
How to reduce impact: Make sure your customer support department has proper security and validation policies in place to reduce the risk of customer support fraud. Offer customers PIN and multi-factor authentication options and validate customers that contact you via customer support channels to avoid identity theft. The customer support team can also have account information sent to the registered email address to avoid giving it over the phone.
Data breaches of major companies, telecommunications providers, and anywhere else customer information is stored can open your users’ account up to fraud. Individual accounts can be hacked, but also the entire server or management system used by the provider. While you may have a service provider responsible for this, you will otherwise have to manage this yourself.
How to reduce impact: Work with a service provider that offers high-quality security for stored customer information or build a robust security system if you manage your own data. Don’t cut corners, ensuring you follow all compliance guidelines (PCI compliance for credit cards) and store data safely. Recommend consistent password and PIN changes to customers to ensure they have adequate protection.
Fraudsters open a mobile phone subscription under the victim’s name. This allows them to transfer the victim’s phone number to a new phone, at which point they can receive messages, even intercepting alerts about password changes and access. From this point, the fraudsters control your customers’ accounts and subscriptions. In many cases, they then use the newly established phone account to purchase and subscribe to other services under your customers’ name.
Due to the level of control these fraudsters can gain from this type of fraud, it can cause serious problems for the victim.
How to reduce impact: In most cases, this fraud is not identified until law enforcement is involved, since the fraud is hard to detect. To protect your customers from this, have them regularly change to a new password and PIN. Use two or multifactor authentication and keep customer data securely stored so people are less likely to access customer information to be able to do this to your customers.
With the number of apps, accounts, and data we have on or connected to our phones, having physical access to a mobile device gives a fraudster access to much of that person’s personal information. With automatic sign-in enabled and little security, mobile devices are a treasure trove of personal information and account access to a fraudster. Modern attempts also involve mobile malware, in which fraudsters can get access to personal information or accounts without actually stealing the physical device, but by being in proximity.
How to reduce impact: While it’s difficult to stop physical device theft, there are a few security features you can put in place. Always warn customers not to automatically save passwords to their mobile device and recommend that customers enter a password or PIN when accessing. Using a two or multifactor authentication and biometrics can’t always eliminate this problem, but will go a long way in limiting the thief’s ability to commit fraud.
Phishing scams have become more popular as we move our transactions, banking, financial, and other personal information online. Fraudsters are quite literally ‘fishing’ for your customers’ personal information, sending out emails that appear to be from authentic companies, such as credit card providers and banks. They fake the authentic site and attempt to gain customer credentials, which they then use to access accounts.
How to reduce impact: Communicate clearly to your customers how you will contact them, how they should contact you, and what contact methods should alert their suspicions. This way, people will be aware of strange behavior and be prepared when they get a suspicious message. Outline what email or phone numbers you will contact customers from and give them methods to communicate to you, ensuring that customers are not scammed by other emails, phones, or messaging attempts.
Chargeback fraud, also known as friendly fraud, is when a customer makes a purchase and then requests a chargeback from their credit card company. While many of these claims are legitimate, these claims can be falsely made to gain products for free. Meant to help protect customers from fraudulent merchants, this system can be exploited to gain free goods and services.
How to reduce impact: Provide trusted payment gateways for your customers. Utilizing a payment processor that has an integrated chargeback management software will reduce the likelihood of this occurring, as it will stop these attempts before they happen.
Fraudsters will call consumers, offering them a discount on an existing service in exchange for a prepaid gift card. Once sent, the fraudster keeps the money and the prepaid gift card. With no way to trace the prepaid gift card, there is no way for the customer to find the perpetrator or get their money back.
How to reduce impact: If you offer gift cards, you should set up a robust tracking system that will alert you of multiple cards being purchased and blackflag gift cards that have been reported stolen or missing. Also communicate clearly to customers the ways you will contact them and available offers, so they are not confused into taking these offers from others.
Premium SMS messages allow content providers to charge for content that is distributed to customers’ phones. In these cases, fraudsters sign up for premium SMS messaging content, with the charges going to the person’s account they frauded.
How to reduce impact: Ensure that your customer information is stored securely, so that others can’t gain access to customers’ personal information or phone details. Let customers know how you will communicate with them and make sure they do not respond or interact with messages from suspicious sources.
Providing a great ecommerce payment experience involves perfecting ecommerce mobile UI, providing a secure payment gateway, and creating peace of mind for the shopper. Reducing mobile payment fraud means focusing on customer safety and integrating fraud systems with your online store.
Here are a number of ways to reduce mobile payment fraud on your ecommerce store. Integrate them into your strategy and add them to your system to eliminate fraud on your platform.
While customers can access mobile payments through a home network, their mobile network, and a free network, it’s important to ensure that your network is secure. Always ensure that you protect your Wi-Fi network with basic security to stop hacking at the source.
There are a few basic practices to ensure your Wi-Fi network is secure, helping protect your team, employees, business, and customers. Follow these 3 standard security practices to keep the network safe.
Newer mobile devices have biometric identification, enabling users to unlock and secure their phone using their fingerprint, facial recognition, voice identification, and more. These systems add a further level of mobile payment security, as they are impossible to replicate or guess, unlike a password or PIN.
Encourage customers to enable biometric identification on their mobile device if they use it to process payments online. You can also use biometrics as part of your authentication process to add a level of security.
A two-factor (or multi-factor) authentication process uses an email, SMS message, or phone call to identify the customer. These added steps may sometimes slow the customer down, but it is a small price to pay to ensure that their mobile presence is secure.
Purchase a 2FA program or service and integrate this with your payment gateway, forcing customers to authenticate their identity before proceeding.
Despite allowing you to surf the net, there are many differences when it comes to browsers. Add a plugin or extension that will detect the browser your mobile customers are using, automatically preventing transactions from unprotected browsers.
When customers attempt to make purchases through a browser that lacks adequate security features, the payment will be halted, reducing the risk of fraud. Redirect them to a new browser or a secured app instead; customers looking to make a legitimate purchase should be willing to do this.
The Payment Card Industry Data Security Standard (PCI DSS) lays out best practices for safeguarding credit card information and data when processing payments and storing billing information online.
Follow PCI DSS guidelines to ensure you can challenge chargebacks with credit card providers and protect your customers during the mobile checkout process. One of the main aspects of this is requiring a CVV code for mobile transactions. Do not approve any credit card transactions without getting a CVV from the customer.
Analytics should be a core element in your improvement process, drawing on insights from the data you’ve collected to make improvements. Even better still, consider integrating AI and machine learning into your fraud protection system, allowing it to learn, grow, and improve at detecting and preventing fraud.
Use a combination of analytics, AI, and machine learning to identify and track trends and patterns. These will help you root out fraud, but also help you prevent and protect against it properly. This combination of review and reflection with real-time alerts can help you weed out fraud completely.
Detecting, preventing, and protecting against mobile fraud involves predicting fraudulent behavior before it happens. Your analytics will help guide this process, helping you get better at managing fraud on your platform.
To get ahead of the curve, consider these mobile fraud trends that are predicted to be the biggest problems facing ecommerce stores in the near future.
More than 50% of online shopping is currently being done on mobile devices, with the trend growing. Take the lessons here and apply them to your payment processing gateway, ensuring that users buying on their mobile have the security and safety they need.
Bolt is built with mobile payment fraud in mind, with a smooth, seamless checkout across all device types, designed and optimized to reduce checkout abandonment. They stand by their service, offering a 100% guarantee for your ecommerce platform.