ThreatMetrix Releases Data on Mobile Device Transactions: Will Android Beat iOS on “Mobile Monday”?
Posted November 17, 2011
Despite 50% Growth in Mobile Transactions Year-Over-Year, ThreatMetrix Predicts As Many As One in Four Sales Will Be Lost on Cyber Monday Due to Incorrect Fraud Classification
SAN JOSE, CA – November 17, 2011 – ThreatMetrix™, the fastest growing provider of cloud-based fraud prevention solutions that do not require personally identifiable information (PII), today released year-over-year data on the breakdown of transactions by mobile device. The information was compiled from the ThreatMetrix™ Global Network of more than 15 million daily transactions.
From November 2010 to November 2011, ThreatMetrix found that mobile as a percentage of total transaction volume decreased for the iPhone by 35%, the BlackBerry by 51%, and the Palm by 96%. Conversely, Android mobile volume showed a massive uptick in 2011, with a 661% increase in overall transactions coming from a mobile device. Windows devices showed a more moderate increase, at 19% year-over-year.
“Based on our findings, the iPhone is still the dominant device where mobile transactions are taking place, but we’ve seen Android gain a lot of traction in 2011,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “It’s now become a two-horse race with mobile. The question does not center around whether or not consumers will make mobile purchases this season, but which device will come out ahead on what’s now deemed ‘Mobile Monday’.”
According to ThreatMetrix Fraud Facts data reported by ThreatMetrix in March of this year, mobile conversions were up by 50% year-over-year. The data specifically showed that, on average, 3% of transactions worldwide now come from a mobile device, up from 2% in 2010.
“Mobile transactions have higher conversion rates because they are intention-driven,” added Faulkner. “This makes it even more critical for retailers to ensure they are not only delivering an excellent mobile experience, but have a solid mobile fraud prevention strategy in place.”
Faulkner noted that while many retailers will likely experience a record number of purchases coming from mobile this year, many still maintain insufficient or incorrect fraud tools in this channel. The consequence will be lost revenue based on both fraudulent transactions taking place, as well as valid customers being turned away because of incorrect fraud classifications. Faulkner predicts as many as one in four mobile transactions may be incorrectly classified this year.
Top Fraud Threats During Peak Season
With an increased volume of online transactions during the holidays, this leaves retailers with less time for manual screening and review of transactions – whether they are coming from a laptop, desktop computer, tablet or mobile device. It makes automated fraud screening vital during this high-volume period.
1. Mobile device spoofing – Merchants are put at increased risk with mobile transactions simply because it’s more user-friendly for fraudsters. Today, most fraud coming from the mobile channel actually originates elsewhere; the device acts like a mobile device.
2. Use of botnets and malware – This is a prominent concern on both traditional desktop and laptop computers, as well as mobile devices, as malware can steal passwords and payment account information. On top of that, many of today’s consumers fail to install appropriate fraud prevention software on their mobile devices, according to Faulkner. Analyzing anomalous behavior and checking third-party IP reputation can help detect malware.
3. Cookie-wiping – Merchants could previously track repeat visitors through cookies, yet many of today’s consumers and fraudsters remove cookies by using add-ons and private browsing modes. This makes it difficult to recognize suspicious repeat visitors and identify returning good customers; cookieless device identification is more important than ever.
4. IP address cloaking – It has also become easier for fraudsters to spoof or mask IP addresses today. This makes it harder for merchants to know the “true” IP of the visitor and distinguish the good transactions from the bad. Identifying proxied visitors is crucial; this can be done by inspecting HTTP headers, maintaining a blacklist of known proxy sites, dynamically detecting proxied requests and piercing the proxy with a callback request.
5. Use of Virtual Private Networks (VPNs) – VPNs use separate software on the originating device to place it on a different network, showing traffic is originating from a different address than its true network. To identify fraudsters who are using VPNs, it’s important to monitor time zone and language settings, as well as global anomalies.
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.