More Sales, More Fraud
It’s a double-edged sword: As sales increase, so do the opportunities for fraud, and this makes mobile a prime target. Retail acceptance of mobile has grown 50 percent annually since 2011, according to LexisNexis’s True Cost of Fraud Mobile Study, and it estimates that mobile payments will continue to grow 25 percent annually. In 2013, nearly one in 10 merchants accepted mobile payments.
But along with those increases in sales comes a related increase in mobile fraud.
According to the survey of more than 1,000 fraud and risk experts, conducted by LexisNexis and Javelin Strategy & Research, mobile merchants lost an average 0.64 percent of revenue to fraud in 2012. In 2013, that loss had grown to 0.75 percent.
“Mobile today is a real channel. Its importance for both e-commerce and point-of-sale payments is unmistakable,” says Aaron Press, director of e-commerce and payments for LexisNexis Risk Solutions. “And with anything, where the money goes, so goes fraud.”
It “presents some unique challenges that merchants need to be aware of,” he says.
Shortcut to technology
Large merchants are typically the biggest targets for criminals, Press says, and as large, financially solid merchants begin accepting mobile transactions, fraud increases. “It’s partly because of the complexity of having multiple payment channels. … That complexity allows criminals to get away with [fraud].”
One of the major findings of the study is that small merchants — 39 percent of 2013 survey respondents — add substantially to incremental increases in fraud. That’s because small merchants are “generally less protected against all types of fraud than large and medium-sized mobile merchants,” he says.
Large merchants use twice as many anti-fraud solutions as small retailers; in 2013, large merchants prevented “nine times as many attempted fraudulent transactions as were successfully completed against them [through all channels].”
In comparison, small merchants prevented 1.5 times as many fraudulent transactions as were completed against them; mid-size retailers prevented 1.2 times as many as were completed.
Larger merchants, Press says, “are investing in mobile through dedicated e-commerce technology such as having apps specifically for their stores or having mobile-friendly versions of their online sites, as well as investing in POS integration.”
Smaller merchants, on the other hand, “are embracing mobile almost as a shortcut to better technology,” he says. “Mobile POS, for example, lowers the cost of entry. It makes even the smallest merchant a credit card acceptor.”
Mobile POS is the fastest-growing payment channel in the survey: 7 percent of respondents — all small merchants — accepted mobile POS in 2013. But while credit card acceptance helps generate incremental sales for small retailers, it opens them up to credit card fraud as well. Three of every five fraudulent mobile transactions involved credit cards.
“For small merchants,” Press notes, “even just a handful of fraud instances can result in a fairly large loss as a percent of revenue.”
No ‘single solution’
User authentication and information verification are the major challenges facing all mobile merchants. The study found that 53 percent of mobile merchants recognized customer identity verification as “the most serious fraud-prevention challenge they faced.” Delay in payment confirmation was ranked second, cited by just 11 percent of respondents as a top challenge.
With numerous methods of fraud to combat, mobile merchants have a wide variety of mitigation solutions available. Half of the respondents used card verification, 45 percent used PIN and/or signature verification or transaction verification/validation and 39 percent used check verification.
However, no single solution was perceived by itself as totally effective in preventing fraud through the mobile channel. Only a third of respondents said they believed PIN and/or signature verification, card verification, transaction verification/validation services and browser/malware tracking were effective in preventing mobile fraud.
Of the channels by which mobile devices can be used to pay, mobile browsers — the most popular — was perceived by 31 percent of respondents as “most vulnerable to fraud.”
The second-most-popular channel, mobile applications, was perceived as posing the greatest fraud threat by 24 percent.
The study warned that “m-commerce merchants who are accepting payments via mobile apps are unequipped to handle the fraud that accompanies the additional transaction volume that apps facilitate.”
E-retailers who accept payments through a mobile app lost 0.81 percent of revenue from fraud, while those who accept payments only via mobile browser lost 0.63 percent.
There are fraud mitigation tools designed to better manage authentication, and those that use confidence scores to verify connections between different shipping and billing addresses and to manage device verification through IP addresses that reveal the device’s physical location. Tools can also determine if the device has been used previously in a fraudulent transaction.
“When you combine user authentication with device authentication, that creates a really strong level of fraud prevention,” Press says. Fraud can never be entirely eliminated, “but when retailers are proactive, it can be managed and minimized.”