As merchants race to take mobile transactions, fraudsters will proceed to exploit the vulnerabilities of people who haven’t mastered the techniques and technology to fight mobile payment fraud.
Here are five safety issues with mobile payments.
Multiple Hardware and Software
As opposed to desktop and notebook computers, the mobile device landscape is more diverse both in hardware and operating systems. Some customers still use lower-end devices running older versions of Android and iOS. This is particularly true in South America and Asia, where smartphones and mobile payments are gaining traction, but users can not afford cutting-edge technology and are not well versed in the principles of mobile security.
This makes these devices vulnerable to known attacks and exploits and makes them easy targets for fraudsters and hackers. Therefore, even if a mobile app is secure per se, an individual’s device may not be.
This can be addressed by adding a number of the newest smartphone technologies on your payment apps, such as fingerprint scanners, voice and face recognition, and geofencing — all of which connect functionality to an individual’s biometric or geographic data, which prevents fraudsters from logging into a user’s account from a remote location or unknown device and making payments or draining funds.
…even when a mobile app is protected per se, an individual’s device may not be.
However, many devices do not support these features. You’ll require a fallback method at the service level to compensate for possible lack of protection in the consumer level. By way of instance, if your app finds no biometric authentication attributes on the user’s telephone, the app can require the consumer to confirm his identity by means of a code sent to a backup email.
Malicious App Clones
Apple and Google both have strict requirements on their app shops to stop the upload of malicious apps. However, fraudsters still find ways to set up virus-infected clones of payment apps into user devices. For Android apparatus, these apps are printed on alternative, less controlled app shops or distributed as standalone .apk packs — i.e., application files sent as email attachments.
In the event of iOS apparatus, fraudsters target users using so-called jail-broken devices, which enable users of these devices to bypass Apple’s stringent app rules and set up applications that are not printed on Apple’s App Store.
Regrettably, not all smartphone users install anti-malware tools. Those users won’t have the ability to detect malicious apps installed on their devices. Malware that targets payment and banking apps are seen on many occasions, and will probably continue to be a problem as mobile payments become more popular.
Researchers are developing technologies and solutions that will help identify malicious clones. But the best approach to protect your clients against malicious apps is to make it clear in your site and your terms and conditions you will just distribute your applications through mainstream app shops and dissuade users from installing or accepting mobile apps coming from different sources.
Bad User Outcomes
Even in the event that you’ve got a dedicated mobile app, some clients may still use your site’s mobile version to place orders and make purchases. A study by payment protection startup Riskified demonstrates that the huge majority of shoppers use the Safari and Chrome browsers to produce browser-based payments.
But a small percentage continues to utilize the Android inventory browser, that’s the default browser on a lot of Android devices. Riskified discovered that of mobile browsers, the Android stock browser is the most abused by fraudsters. In actuality, 3% of travel tickets purchased via mobile devices with an Android browser are straightforward fraud, the business discovered. Safari and Chrome mobile orders are significantly safer, with fraud rates of 0.9 percent and 1.2 percent, respectively.
Applying browser detection, you can stop users from using your site through dangerous mobile browsers and urge them to use the mobile app or a secure and upgraded version of this browser.
Also, some users don’t secure their devices through lock display PIN codes or don’t install telephone remote or recovery wipe apps, which may protect them if their devices are lost or stolen. Posting general ideas and principle notifications can remind users of great mobile habits.
By using browser detection, you can stop users from using your site through dangerous mobile browsers and urge them to use the mobile app or a secure and upgraded version of this browser.
Mobile Fraud Tactics and Habits
Fraudsters are always searching for methods to hide their identities and traces. In the mobile payment planet, fraud has its own unique traits. Among the favored tactics by fraudsters is using”burner telephones,” that are cheap, prepaid mobile phones which may be gotten for as little as $20 in cash and disposed after use. These devices can sometimes be monitored through inverse number checking, but it is a challenging procedure.
Professional fraudsters will also use proxy IPs to conceal their real location. Amateur crooks, however, are more inclined to use devices which are connected to previous fraudulent transactions. Thus in the event that you’ve got a database of devices used for previous fraud action, you are able to trace and block them.
Also worth mentioning is that mobile fraud happens more at card-not-present portals than card-present mobile point-of-sale systems, such as Square and Intuit GoPayment.
Data Analysis Is Key
The key to preventing mobile payment fraud is to collect, analyze, and corroborate data. In this respect, mobile apps and apparatus offer an abundance of information, and united with historic, regional and technical trends, merchants can make sure that they detect and block fraudulent transactions without producing false declines and turning real and loyal clients.
A good example is Riskified’s ecommerce fraud prevention services. It plugs into many ecommerce platforms and seamlessly analyzes transactions, without causing corrosion. The solution employs multiple real time analytics and artificial intelligence technologies to detect fraudulent activity patterns and indicates whether transactions should be diminished as fraud or accepted as untrue.
With false reductions accounting for larger losses than fraud itself, using a solution that can detect fraud in a frictionless manner can help increase your bottom line while enhancing a client’s experience.