The Merchant in Menace
Posted May 11, 2015
Newly Launched Merchant Apps and Rise in Mobile-Channel Shopping Put Merchants in Greater Danger of Mobile Fraud
With apologies to Shakespeare for the headline, the menace to merchants and their customers from mobile fraud is up sharply. According to a LexisNexis Risk Solutions report, it jumped 70 percent from 2013 to 2014. In his article on mobilepaymentstoday.com, Will Hernandez explores the reasons for this precipitous rise. The following has been excerpted from his piece and edited to fit our format. You may find his complete, unedited article by clicking on this link.
Jumping the gun
One contributing factor to fraud exposure is that merchants unintentionally sacrifice security when they rush to market with a strategy to take advantage of current consumer shopping trends, which now are more focused on the mobile experience than ever before.
“The mobile channel is new for a lot of merchants and creates a different level of complexity and a different set of fraud signals than what you get from traditional ecommerce transactions,” observed Aaron Press, LexisNexis Risk Solutions director for ecommerce and payments….
21 percent of fraudulent transactions on mobile
[The LexisNexis’ report showed] more than one-fifth (21 percent) of all fraudulent transactions are attributed to the mobile channel….
Mobile fraud affects large and small
Mobile-fraud exposure can be more prevalent with small merchants, but Press said there are still many large merchants who are not prepared for the vulnerabilities that come with the mobile channel.
New app. New fraud
“You often get some large merchants who put an app out there, or build a mobile-optimized site, and then they haven’t figured out all the exposures that come with that, and that’s even the case with some multichannel merchants. They put out a mobile app and they expect people to shop from it and it turns out that their mobile app becomes a fraud magnet. Every time there’s a new app out there, a fraudster sees a new angle to try and expose it.”
6 percent fraud
Cherian Abraham, a payments analyst who works with Experian, sent the industry into a tizzy two months ago when he said 6 percent of Apple Pay transactions were being completed with stolen credit cards.
In a rush to make sure their cards were compatible with Apple’s new toy, many issuers did not set up proper onboarding protocols to confirm an Apple Pay user’s identity. While some industry pundits downplayed Abraham’s claims, his findings did show how a system touted as the most secure mobile payment method in the market could have a security flaw somewhere in the process.
Is it in the cards
Even before Apple Pay was a thing, the card networks were in the process of developing their own ways to combat online and mobile fraud.
American Express, MasterCard and Visa in 2013 proposed a framework for a global standard that would eliminate the need for consumers to enter card information for mobile and online purchases.
Since then, MasterCard and Visa each have pushed their respective digital wallets as a way for consumers to shop online and in apps without the need for entering card details.
American Express late last year announced the launch of its token service that eliminates the need for merchants and digital wallet providers to store consumers’ sensitive account information in their systems.
A token offering
Andrew McLennan, president of Inside Secure, [observed,] “Obviously, there’s tokenization. What’s coming very shortly is tokenization backed by robust controls on the device for theft. You’ll also see personalization happening, so when you enter your credit card information onto the device, the token will be personalized to you.”
EMV increases online fraud
Another aspect of the card brands’ push for increased mobile and online security that is sometimes overlooked is EMV. While chip cards make it more difficult for fraudsters to clone cards for use at the physical point of sale, EMV does not protect against online fraud. Every country that migrated to chip cards saw increased online fraud. The U.S. will be no exception as it faces its own EMV transition.