How to Reduce Mobile Payment Fraud by Optimizing Your Checkout
November 25, 2019
The Bolt Team
Tackling mobile fraud means first understanding what it is and how it impacts your ecommerce platform. As an ecommerce retailer, you can regain potentially lost revenue from falsely rejected legitimate payments.
As online shopping grows in popularity, more of it has shifted to mobile. With this comes increased risk and fraud attempts on mobile devices. When optimizing your ecommerce platform and payment gateway for mobile, it’s important to consider mobile payment fraud and establish tools and systems that detect and prevent fraud on mobile.
Fraud: 5 Letters that Keep Retailers Up at Night
Fraud leaves a bad taste in shoppers’ mouths, but it doesn’t have to be that way. Learn how retailers can protect their customers and sales from fraud.Download Report
Tackling mobile fraud means first understanding what it is and how it impacts your ecommerce platform. As an ecommerce retailer, you can regain potentially lost revenue from falsely rejected legitimate payments. This article will cover the following to help you improve mobile fraud security.
- What mobile fraud is and who is susceptible
- 9 types of mobile fraud
- 6 ways to reduce mobile payment fraud
- Mobile fraud trends for the future
Before we dive into strategies for reducing mobile payment fraud, let’s look at what mobile fraud is, who is a likely target, and the main types of mobile fraud.
What mobile fraud is and who is susceptible
Mobile fraud is when fraud occurs on mobile technology, including devices, platforms, and software. Mobile fraud can take many shapes, but fraud detection, protection, and prevention can be achieved by using rules and signals that help identify mobile fraud and stop it in its tracks.
Mobile fraud is distinct from phone or telecommunications fraud, which involves intentionally using telecommunications products or services to illegally acquire money or gain services without paying.
With modern technology and the proliferation of mobile purchases, everyone is susceptible to mobile fraud to some degree. Customers should do all they can to protect themselves, but as an online retailer, you should provide customers a secure, safe method of payment.
To do that better, let’s look at the main types of mobile fraud and how it commonly occurs.
9 types of mobile fraud
Mobile fraud takes a number of different forms, and can be broken down into different types. It’s important to understand the types of fraud that are occurring on your platform as well as the metrics to track to improve conversions. The more you know, the better you can tailor your defense.
Here are 9 of the main types of fraud:
1. Account takeovers
When someone gains access to a customer’s legitimate account for malicious use. This can occur in a variety of ways, such as data breaches that reveal customer information, poor authentication solutions, and physical mobile device theft. In some cases, fraudsters create fake websites, emails, and apps to collect user information for other accounts.
How to reduce impact: Account takeovers can be prevented by requiring a strong, specific password for each user account. Two-factor or multi-factor authentication also adds a layer of mobile fraud protection and helps secure your account.
2. Communication and customer support fraud
When customers call in to access their account, they are asked personal questions to verify their identity (such as date of birth, driver’s license, and social security number). If a malicious person gains access to this information, they can provide it to customer support and gain access to a customer account.
How to reduce impact: Make sure your customer support department has proper security and validation policies in place to reduce the risk of customer support fraud. Offer customers PIN and multi-factor authentication options and validate customers that contact you via customer support channels to avoid identity theft. The customer support team can also have account information sent to the registered email address to avoid giving it over the phone.
3. Service provider data breaches
Data breaches of major companies, telecommunications providers, and anywhere else customer information is stored can open your users’ account up to fraud. Individual accounts can be hacked, but also the entire server or management system used by the provider. While you may have a service provider responsible for this, you will otherwise have to manage this yourself.
How to reduce impact: Work with a service provider that offers high-quality security for stored customer information or build a robust security system if you manage your own data. Don’t cut corners, ensuring you follow all compliance guidelines (PCI compliance for credit cards) and store data safely. Recommend consistent password and PIN changes to customers to ensure they have adequate protection.
4. Subscription fraud
Fraudsters open a mobile phone subscription under the victim’s name. This allows them to transfer the victim’s phone number to a new phone, at which point they can receive messages, even intercepting alerts about password changes and access. From this point, the fraudsters control your customers’ accounts and subscriptions. In many cases, they then use the newly established phone account to purchase and subscribe to other services under your customers’ name.
Due to the level of control these fraudsters can gain from this type of fraud, it can cause serious problems for the victim.
How to reduce impact: In most cases, this fraud is not identified until law enforcement is involved, since the fraud is hard to detect. To protect your customers from this, have them regularly change to a new password and PIN. Use two or multifactor authentication and keep customer data securely stored so people are less likely to access customer information to be able to do this to your customers.
5. Stolen devices
With the number of apps, accounts, and data we have on or connected to our phones, having physical access to a mobile device gives a fraudster access to much of that person’s personal information. With automatic sign-in enabled and little security, mobile devices are a treasure trove of personal information and account access to a fraudster. Modern attempts also involve mobile malware, in which fraudsters can get access to personal information or accounts without actually stealing the physical device, but by being in proximity.
How to reduce impact: While it’s difficult to stop physical device theft, there are a few security features you can put in place. Always warn customers not to automatically save passwords to their mobile device and recommend that customers enter a password or PIN when accessing. Using a two or multifactor authentication and biometrics can’t always eliminate this problem, but will go a long way in limiting the thief’s ability to commit fraud.
Phishing scams have become more popular as we move our transactions, banking, financial, and other personal information online. Fraudsters are quite literally ‘fishing’ for your customers’ personal information, sending out emails that appear to be from authentic companies, such as credit card providers and banks. They fake the authentic site and attempt to gain customer credentials, which they then use to access accounts.
How to reduce impact: Communicate clearly to your customers how you will contact them, how they should contact you, and what contact methods should alert their suspicions. This way, people will be aware of strange behavior and be prepared when they get a suspicious message. Outline what email or phone numbers you will contact customers from and give them methods to communicate to you, ensuring that customers are not scammed by other emails, phones, or messaging attempts.
7. Chargeback or friendly fraud
Chargeback fraud, also known as friendly fraud, is when a customer makes a purchase and then requests a chargeback from their credit card company. While many of these claims are legitimate, these claims can be falsely made to gain products for free. Meant to help protect customers from fraudulent merchants, this system can be exploited to gain free goods and services.
How to reduce impact: Provide trusted payment gateways for your customers. Utilizing a payment processor that has an integrated chargeback management software will reduce the likelihood of this occurring, as it will stop these attempts before they happen.
8. Prepaid cards and false offers
Fraudsters will call consumers, offering them a discount on an existing service in exchange for a prepaid gift card. Once sent, the fraudster keeps the money and the prepaid gift card. With no way to trace the prepaid gift card, there is no way for the customer to find the perpetrator or get their money back.
How to reduce impact: If you offer gift cards, you should set up a robust tracking system that will alert you of multiple cards being purchased and blackflag gift cards that have been reported stolen or missing. Also communicate clearly to customers the ways you will contact them and available offers, so they are not confused into taking these offers from others.
9. Premium SMS
Premium SMS messages allow content providers to charge for content that is distributed to customers’ phones. In these cases, fraudsters sign up for premium SMS messaging content, with the charges going to the person’s account they frauded.
How to reduce impact: Ensure that your customer information is stored securely, so that others can’t gain access to customers’ personal information or phone details. Let customers know how you will communicate with them and make sure they do not respond or interact with messages from suspicious sources.
6 ways to reduce mobile payment fraud
Providing a great ecommerce payment experience involves perfecting ecommerce mobile UI, providing a secure payment gateway, and creating peace of mind for the shopper. Reducing mobile payment fraud means focusing on customer safety and integrating fraud systems with your online store.
Here are a number of ways to reduce mobile payment fraud on your ecommerce store. Integrate them into your strategy and add them to your system to eliminate fraud on your platform.
1. Establish a secure Wi-Fi network
While customers can access mobile payments through a home network, their mobile network, and a free network, it’s important to ensure that your network is secure. Always ensure that you protect your Wi-Fi network with basic security to stop hacking at the source.
There are a few basic practices to ensure your Wi-Fi network is secure, helping protect your team, employees, business, and customers. Follow these 3 standard security practices to keep the network safe.
- Use a unique password: Many routers will have a preset password. It’s important to update this to your own, unique, secure password rather than leaving the default. Open router settings in your web browser to update the password.
- Change the SSID name on the device: Much like a default password, your router will have a default name (ie. Linksys), which is the Service Set Identifier (SSID). Default device names are a sign to hackers of weak network protection and a lack of sophistication. Be sure to update your device name so hackers are deterred from hacking. This also ensures your employees use the right network and don’t expose you to fraud.
- Encrypt network with security: While changing settings for your router, you should make sure you encrypt your network to provide a base level of security. If possible, set up WPA2 (Wi-Fi Protected Access version 2) to secure your service for customers. On older device types, make sure WEP and WPA are enabled.
2. Biometric identification
Newer mobile devices have biometric identification, enabling users to unlock and secure their phone using their fingerprint, facial recognition, voice identification, and more. These systems add a further level of mobile payment security, as they are impossible to replicate or guess, unlike a password or PIN.
Encourage customers to enable biometric identification on their mobile device if they use it to process payments online. You can also use biometrics as part of your authentication process to add a level of security.
3. Two or multi-factor authentication
A two-factor (or multi-factor) authentication process uses an email, SMS message, or phone call to identify the customer. These added steps may sometimes slow the customer down, but it is a small price to pay to ensure that their mobile presence is secure.
Purchase a 2FA program or service and integrate this with your payment gateway, forcing customers to authenticate their identity before proceeding.
4. Detect mobile browser and prevent unprotected browsers
Despite allowing you to surf the net, there are many differences when it comes to browsers. Add a plugin or extension that will detect the browser your mobile customers are using, automatically preventing transactions from unprotected browsers.
When customers attempt to make purchases through a browser that lacks adequate security features, the payment will be halted, reducing the risk of fraud. Redirect them to a new browser or a secured app instead; customers looking to make a legitimate purchase should be willing to do this.
5. Follow PCI DSS security standards
The Payment Card Industry Data Security Standard (PCI DSS) lays out best practices for safeguarding credit card information and data when processing payments and storing billing information online.
Follow PCI DSS guidelines to ensure you can challenge chargebacks with credit card providers and protect your customers during the mobile checkout process. One of the main aspects of this is requiring a CVV code for mobile transactions. Do not approve any credit card transactions without getting a CVV from the customer.
6. Identify trends and patterns with AI and machine learning
Analytics should be a core element in your improvement process, drawing on insights from the data you’ve collected to make improvements. Even better still, consider integrating AI and machine learning into your fraud protection system, allowing it to learn, grow, and improve at detecting and preventing fraud.
Use a combination of analytics, AI, and machine learning to identify and track trends and patterns. These will help you root out fraud, but also help you prevent and protect against it properly. This combination of review and reflection with real-time alerts can help you weed out fraud completely.
Mobile fraud trends for the future
Detecting, preventing, and protecting against mobile fraud involves predicting fraudulent behavior before it happens. Your analytics will help guide this process, helping you get better at managing fraud on your platform.
To get ahead of the curve, consider these mobile fraud trends that are predicted to be the biggest problems facing ecommerce stores in the near future.
- Data breaches: With five data breaches involving major companies in 2018, this trend is growing. Customers are more cautious about who they trust with personal and financial information. Be sure to establish a secure network and platform to resist against data breaches.
- Malware attacks: Open wi-fi networks, smishing (phishing using SMS messaging), and more all lead to increased rates of malware attacks, as hackers see opportunities surrounding weak security.
- Malicious apps: As customers opt to use apps rather than a mobile website, more fraudsters attempt to create malicious apps. These apps appear to be legitimate, drawing in users who sign up and input personal information.
More than 50% of online shopping is currently being done on mobile devices, with the trend growing. Take the lessons here and apply them to your payment processing gateway, ensuring that users buying on their mobile have the security and safety they need.
If you’re interested in learning more about how ecommerce fraud affects your business and want actionable strategies to mitigate the impact of chargebacks, check out our webinar: The Hidden Cost of Fraud