We live in a world where the 7.3 billion people on the planet now have an estimated 3.4 billion smartphones. 70% of the U.S. population has a smartphone, and they're using them: Mobile commerce is expected to account for 34.5% of total e-commerce sales this year, and it's further anticipated to surpass 50% by 2021, according to eMarketer’s Mobile Commerce Roundup.
To add some perspective, each one of those devices possesses greater and faster processing power than the computers used in the Apollo missions, which NASA used to put humans on the moon.
Moving into Mobile Commerce
For online retailers, the key takeaway from this is simply that consumer expectations of mobile commerce are understandably high. Phones are our constant companions, and we expect to be able to pull them out to get almost anything - information, lunch, shopping of all kinds. We expect it to be smooth, and we expect it to be easy. That sets the bar high if you're a merchant moving into mobile commerce.
And retailers are increasingly investing in mobile commerce. About 60% of North American retail executives say their companies have a mobile web site, while more than half of the remaining 40% without one say they eventually will put one in place, according to a survey by Boston Retail Partners.
Conversion rates, however, remain low. To combat that trend, merchants try to speed and streamline mobile shopping wherever possible. There's just one problem with that drive: fraud prevention isn't necessarily on board.
More Mobile, More Mobile Fraud
If you know anything about fraud, you won't be surprised to learn that when a retail channel takes off, that channel becomes more attractive to criminals looking to make a quick buck. That's just what's happening with mobile.
The challenge for retailers is twofold. On the one hand, it's essential to optimize for (or rather against) mobile commerce fraud - otherwise you leave yourself open to losses from fraudsters who have been faster to realize the potential of this channel than you have been: the nature of their game means that they're always looking for new opportunities.
On the other hand, the last thing a retailer wants to do is add friction to the mobile purchase process. Making your customers jump through hoops isn't a great way to encourage them to complete the sale - especially on mobile, where screen "real estate" is limited, it's hard to be precise and there's always a good chance that the customer is on the go.
The Challenges of Mobile Fraud Prevention
There are certain things that make mobile fraud prevention particularly challenging for retailers who are used to dealing with e-commerce. This selection gives a sense of the kinds of things merchants have to consider:
- Unavailable data. A lot of data just isn't available from a mobile device. Browser information, plug-in info, Flash cookies... It's suddenly irrelevant and won't help catch fraud.
- Static IP addresses. Relying on static IP addresses? Stop. Mobile devices are, well, mobile. They move around a lot - changing IP addresses as they do so.
- Watch out for ATO. Customers are often careless with their devices - yet they often have passwords, account details and even payment data stored in easy-to-find ways on their mobiles. And many apps are already tied to a payment source already.
- Protect mobile wallet use. Stolen payment data can be used via a mobile wallet - something many retailers aren't primed to suspect. Payment instrument ATO represented 13.7% of fraud attacks in Q1-Q3 2017, but many merchants don't look out for it.
- Emulator attacks. "Emulators" allow fraudsters to ape mobile appearance when they're really on their laptop, making scaling mobile fraud easier and faster.
- Phones are flexible. Phones can be jailbroken or rooted to allow the user to perform actions never intended by the manufacturer. Can your system idenfity a jailbroken phone? Forter's can.
- Traditional fraud prevention can't always cope. 3D Secure redirects and passwords are badly suited to the more dynamic mobile environment.
- Sensitivizing behavioral analytics. Behavioral data is great - but customers behave differently when they're on their mobiles. Do you know the differences?
- Mobile fraud can be pricey. According to Lexis Nexis, in 2014 mobile fraud cost merchants $3.34 for every $1 dollar of fraud loss — compared to e-commerce's $2.69.
Don't Give Up: Optimize
What's above is just a short list of some of the factors that play into mobile fraud and which Forter's system takes into account. When you start to think of all the implications, it can start to feel completely overwhelming.
It doesn't need to be that way. Yes, mobile is different, and it's important to adapt to that. But it's not a whole new world. Just like making sure your website was mobile friendly before Mobilegeddon hit didn't involve relearning and rethinking everything, so optimizing for mobile fraud can build off what you know and have.
The best place to start is research. Make sure that you're tracking fraud by channel, so that you know which chargebacks were from mobile transactions. Analyze those bad orders, and compare them to good ones. Start learning the ways your customers act on mobile.
Turn your technical beam on mobile as well. There are ways to distinguish between an emulator and a true mobile user: find them and make sure your system is using them. Similarly, focus on finding ways of dealing with mobile fraud that don't add friction for your customers.
It can be done! To see how delivery.com successfully adapted to serve the 50% of their customer base who prefer mobile without increasing friction or fraud, check out this video.
This article was first published on May 09, 2016 and has been revised to reflect additional or updated information.