Mobile Retail Fraud: What You Need to Know

The fact that mobile or m-commerce channel adoption is skyrocketing as merchants take advantage of the availability of mobile devices should be a good thing. Sadly, when you realize that the cost of m-commerce fraud is now actually outpacing its growth, the picture tint fades from rosy to gloomy grey.

That’s why a new study by LexisNexis has been released, just as Apple Pay and other mobile payment solutions achieve wider penetration. I pressed Press for details on what we’re really facing…

Press: It can be like drinking from the proverbial fire hose. E-commerce continues to grow at incredible rates, but it remains vulnerable to fraud due to the remote nature of the channel. Fraudsters understand this, and constantly adapt their strategies to defeat new strategies to stop them. That means fraud teams and tools must also constantly adapt.

What prompted the new study on m-commerce fraud?

Press: We have been conducting the ‘true cost of fraud’ study for several years, focusing on traditional e-commerce. More recently, m-commerce has been gaining attention, and its growth has been accelerating as smartphones and tablets overtake the market. We realized that e-commerce merchants weren’t typically making a distinction between traditional and mobile transactions, primarily because they aren’t that different from a payment processing perspective. As fraud experts, however, we believed that any new channel carries new potential risks, and wanted to better understand how that might be affecting the market. By adding mobile-specific questions to the survey, we were able to clearly see the differences between channels. Last year, we decided that the findings were worth a separate analysis effort. This year’s report is the second m-commerce study.

Press: New channels have always meant new levels of complexity, which require a different set of processes. It’s very difficult to anticipate all the potential challenges. Fraudsters have always been quick to identify and exploit vulnerabilities in new systems. Mobile is no different. The good guys have to find and close the gaps.

Press: M-commerce losses are similar to those experienced in other channels, but as the ‘true cost of fraud’ study highlights, the costs are often higher than merchants realize. In addition to the value of the lost merchandise, merchants deal with payment processing and charge-back fees, the costs of investigating the fraud, logistics fees, the cost of replacement merchandise, and other assorted administrative overhead costs. In m-commerce, that adds up to $3.34 in total costs for every $1.00 of fraud.

That’s shocking. Who’s most at risk, and why?

Press: Now that we have a better understanding of the risks associated with mobile commerce, we can create processes, rules, and models that help to identity problematic transactions before they are completed. Those most at risk are organizations that fail to differentiate between mobile and traditional e-commerce from a payments and fraud perspective and integrate that knowledge into their fraud prevention practices. This is important even if a company has not made a conscious effort to enter the mobile channel; the nature of today’s mobile devices means that e-commerce merchants have mobile customers, whether they know it or not.

RELATED: Home Depot Criminals Attacking People’s Bank Accounts

Let’s be proactive. What can we do – as retailers and consumers alike – to better protect ourselves?

Press: For retailers, the key is to collect as much information about the transaction as possible, and to use that data in a risk-based, layered approach. By examining a variety of incoming signals, such as cart contents, IP address, device attributes, and identity information, merchants can develop processes that both stop fraud and enable sales. Consumers should focus on common sense measures to protect their identities. They should transmit financial information only over secure networks, ensure they are shopping with reputable merchants, and keep an eye on payment accounts to identity fraudulent transactions as soon as possible.