Mobile commerce transactions accounted for only 14 percent of the total transaction volume, but for 21 percent of the fraudulent transactions in 2014, according to a new report, 2014 LexisNexis True Cost of Fraud mCommerce from LexisNexis Risk Solutions and Javelin Strategy & Research.
The two companies discussed their findings in a recent webinar. Their survey of 1,200 U.S.-based merchants is the largest of its kind, according to Jim Van Dyke, CEO of Javelin Strategy & Research.
Statistics account for some of the difference in the percentage of fraud in mobile transactions, said Aaron Press, director of ecommerce and payment for LexisNexis. Since there are fewer mobile transactions than online transactions, one fraud incident will account for a higher percentage of the total. But even taking that into consideration, the higher incidence of fraud in mobile transactions is statistically significant, Press said.
Criminals Love Complexity
The mobile channel presents merchants with additional complexity and novelty when compared to other channels. "Merchants aren’t really tuned in to mobile fraud and what the fraud model looks like. The data isn’t as robust [as for other channels]," Press said.
For example, a credit card issuer might have thousands of data points in its fraud algorithms and would shut down transactions quickly if a Chicago-area resident’s account started showing activity in Atlanta or filled with transactions that otherwise fell outside of normal activity. But mobile transactions are newer and don’t offer as many data points for fraud algorithms.
"Criminals, as we often see, they get there early. They love the complexity of the merchant acceptance systems [and] the fraud mitigation types. They are hiding in the complexity of your back-end systems. There are some systems for verification that are really going underused," said Van Dyke, adding that criminals will quickly find the weakest fraud mitigation solutions and will tend to attack those.
Part of the problem is the assumption of security. According to the report, mobile commerce merchants are more likely than all merchants (26 percent versus 11 percent) to believe that mobile payments are more secure than online payments. ApplePay and other payment systems that utilize tokenization – which replaces account number data with a random token – are expected to become more secure, but such systems are in their embryonic stages.
Mobile commerce merchants tend to sell through multiple channels, each with its own nuances for fraud and for fraud mitigation. Again, complexity gives criminals a way to compromise security.
Mobile commerce is also a prime target for international fraud. Though international transactions make up a similar proportion of transactions for mobile commerce and for ecommerce, mobile transactions have a 20 percent higher occurrence of fraud.
Cost of Mobile Payment Fraud
Van Dyke pointed out that the actual cost of fraud is $3.34 for every dollar in transaction, based on the LexisNexis Fraud Multiplier. This figure includes the replacement cost of the goods, chargebacks, interests and other fees charged by financial institutions.
The cost for fraudulent mobile transactions is the highest for any channel. Additionally, the cost of mobile transaction fraud has increased more than 18 percent, while the cost of online fraud transactions has dropped 15 percent since 2013.
Financial institutions don’t track the differences in online and mobile fraud because they don’t see enough difference between the two, according to LexisNexis. Most of the transactions through either channel are card not present (CNP) transactions, and the liabilities are the same, regardless of the channel.
Merchants recognize the issue of mobile commerce fraud, with 60 percent saying that the evolution of mobile payments represents a significant fraud risk for them, according to the report. But the additional risk isn’t enough to deter them from entering the mobile channel. Nearly half (48 percent) of survey respondents said that adopting mobile payments is necessary to stay competitive due to customer expectations, and 36 percent plan to invest in this technology. Just over one quarter (26 percent) plan on training employees in mobile payment technology.
Fighting Mobile Payment Fraud
Track mobile separately from online fraud. This is the only way to determine how much a particular business is subject to fraud through the mobile channel, the report points out, and can also show how well solutions already in place are -- or are not -- working. Those seeing higher incidents of mobile commerce fraud should concentrate on strengthening those fraud-fighting strategies and technologies.
Deploy solutions designed for mobile fraud. According to the report, 15 percent of mobile commerce merchants cite a lack of specialized mobile and online solutions for online and mobile fraud solutions as a top challenge. Yet they tend not to use device identification and geo-location, which can help identify fraud attempts on the mobile channel.
Review and align fraud priorities, especially if selling internationally. Mobile commerce merchants suffer from a high proportion of international fraud, yet most don’t use the solutions they believe are most effective for preventing fraud in international transactions. So merchants should review the dominant types of international fraud and the best solutions for combating those threats.
Phillip J. Britt writes for a number of technology, financial services and business websites and publications, including BAI, Telephony, Connected Planet, Savings Institutions, Independent Banker, insideARM.com, Bank Systems & Technology, Mobile Marketing & Technology, Loyalty 360, CRM Magazine, KM World and Information Today.