March 16, 2023
As consumer smart phone adoption has grown over the years, so has the share of online purchases transacted via mobile devices—and with it, incidents of fraud.
CNP has created a guide outlining nine actions (summarized below) to help merchants identify and prevent mobile fraud. Go to icba.org/BancardRiskMitigation for the full original document.
Separate mobile orders from desktop—Merchants should categorize specific types of orders originating from each channel (desktop website viewed on mobile device, mobile website or mobile app, for example). From there they can review fraud attempts and successes, assign the fraud origin and then implement specific security measures.
Pay attention to device ID—Every smartphone or tablet carries a unique identification number, which tracks the device regardless of the wifi network to which it is connected. Device ID also yields valuable information like the default language on the phone, type of phone, and the phone carrier.
Track customer behavior, set velocity limits, and verify suspicious orders—When authorizing suspicious as well as high-value orders, or higher-than-normal value, call customers directly to confirm their identity. Antifraud systems based on real-time machine learning can be an effective tool for digital goods merchants that don’t have time to review orders before delivery.
CVV/CVC can be your ally: Require It—While most credit card numbers for sale on the Dark Web come with CVV numbers, requiring your customers to enter the three-digit code can help increase authorizations by issuers. Use the information as a data point in making a fraud decision, but not as a sole determinant.
Use MFA to make fraud DOA—The safer your customers feel, the more likely they are to embrace m-commerce. Multi-factor authentication, which can include biometric authentication techniques such as fingerprints or more traditional methods like PIN codes, identification questions or SMS text message confirmation, can be an effective tool to thwart fraudsters and are even more powerful when combined.
Try to implement required account registration—The data entry required during account creation generates additional information for screening and can slow down fraudsters enough to get them to abandon your site. Unfortunately, it can slow down customers as well. Many mobile-focused companies view this requirement as a point of friction and will not do it. In those cases, backend fraud prevention tools are a must.
Bots will try to steal from you—Fraudsters increasingly are using bots to scale their attacks. Automated credential stuffing, for example, has made it easy to leverage username/password combos stolen in breaches to take over online accounts. Utilize technologies that look for non-human conduct.
Consider new technologies to fight fraud—Machine learning and advanced artificial intelligence can help predict emerging fraud threats and trends. Behavioral biometrics systems—technology that can identify users by the way they hold the phone, interact with the screen, type passwords, etc.—is especially effective for preventing mobile fraud.
There is no substitute for experience—This may seem evident, but if fraud is a problem for your business, having an experienced team in place to manage it is essential. Make sure that your fraud prevention systems are set up and fine-tuned by fraud industry experts who are up to date on the most recent fraud trends.