Payments Leader

Don’t Let Mobile Payments Become a Fraud Source

December 21, 2018

Kris Carrera, Business Line Executive, Credit

How are you working to combat fraud?

The rise in mobile commerce has brought with it a rise in mobile fraud. While traditional card payments have gone through many evolutions to combat fraud – most recently in the United States, the EMV transition, which has improved security at the point of sale – fraudsters have shifted to the fledgling mobile payments world, focusing more on account takeovers and e-commerce fraud. In fact, mobile payments now make up 21 percent of fraud cases despite representing only 14 percent of transactions, according to SOURCE.

With mobile payments estimated to reach $3 trillion by 2021 – and cybercrime more automated and organized than ever – it’s vital that banks, retailers and consumers establish stronger security. Firewalls and detection tools aren’t enough. To truly stay ahead of thieves – and to catch them as quickly as possible when they get through – real-time behavioral analysis is needed.

Porting, Cloning and Spoofing

The security of mobile devices is uniquely challenging because there are several significant ways in which criminals can compromise them. One of the most common is porting, in which a victim’s phone is redirected for illicit use just by knowing some basic information – name, address, birth date, etc. – that often is stolen during a data breach. That gives a criminal access to the phone, allowing it to be used for criminal purposes.

Cloning represents another common way fraudsters operate. Criminals gain access to secure phone data, then program it into another phone, which then operates just as the original, but with all the actions appearing to come from the innocent phone. This allows criminals to intercept messages, and request financial account passwords and other credentials without the proper user’s knowledge – often accessing accounts long before customers and businesses know. If a bank’s app is not appropriately protected – if the phone alone serves as a customer identifier, for example – it can be an easy loophole for exploitation.

It is wise to understand that advances in technology help the fraudster, too. The ability to automate massive attacks using ‘bots’ greatly increases the scope and magnitude of the problem. In fact, more than 80 percent of fraudulent attacks come through automated mobile attacks – with travel and entertainment industries at particular risk. This is often achieved through device spoofing, where fraudsters delete and change settings in order to mimic the victim’s device.

If that wasn’t enough, mobile channels have also attracted money launderers. Fraudsters are using mobile apps to process payments for illicit purposes through legitimate merchant accounts. Unfortunately, given the volume of mobile transactions, plus the lack of adequate detection tools, it’s almost impossible to detect such activity.

Frictionless Through Analysis

The future requires mobile transactions that are faster, smoother and more secure. And the mobile experience already is too important to sideline while these challenges are addressed.

That’s why many are turning to behavioral and data analysis to assist in the spotting of suspicious transactions and users. There are solutions that look at multiple attributes of a device and how it is being used: screen size, operating system specifics, device size, even behavioral biometrics such as what your keystroke is like, and whether you are left- or right-handed. These signals establish device behavior, and can allow merchants or operators to stop attacks in real time. This combination of increased use of data assets and better integration with artificial intelligence engines can uncover trends and pre-emptively catch suspect behavior.

The good news is that, once properly fortified, mobile apps have the potential to be far more secure than online commerce.

Customer Present Payments

The takeover of mobile phone accounts doubled in 2016 as criminals sought not only to monetize these accounts through fraudulent billing practices, but also to leverage them to compromise the mobile-based fraud prevention. Without confidence in a service, consumer usage of mobile payments will not take off. By strengthening mobile security and reducing friction, businesses allow legitimate customers to easily and conveniently access their platform, while removing suspected fraud from the equation.

As we move to a world where more and more information is stored in mobile devices, and where transactions go from card-present to only customer-present, security is a must. Financial institutions and merchants need ongoing diligence to keep up with the latest developments and to evolve as quickly as criminals do.


Kris Carrera

Business Line Executive, Credit

With over 25 years of international payments experience, Kris was responsible for the launch of the first successful cobranded card program. A leader in risk-based pricing and target marketing using predictive data analytics, she specializes in merchant services, credit cards and home equity. Kris has received Best Travel Card, Best Cobranded Card and Best Private-Label Program awards.