By Amanda Mickleburgh, Director Product – Merchant Fraud at ACI Worldwide
Across all demographics and sectors, people are powering up their phones to browse and buy. COVID saw many retailers increase their ecommerce investment, upping their focus on mobile, to drive better convenience for lockdown consumers. This included:
- Reducing checkout friction and boosting conversion with mobile wallets, and one click checkouts on mobile apps.
- Encouraging spontaneous sales by delivering geotargeted push notifications and email recommendations straight to their phones.
- Allowing followers to shop straight from social posts by including ‘buy buttons’ on community platforms like Facebook, Twitter, and Pinterest.
Meanwhile, eWallets have experienced a large uptick in adoption, with Juniper’s research predicting that 50% of the world’s population will use eWallets by 2024(i). We have also seen an increase in contactless spending limits, with moves to increase this further, as people continue to ditch hard cash for mobile contactless.
This is shaking up the transaction mix. In 2020, for instance, ACI merchant customers reported that 30% of all ecommerce transactions were made on mobile devices. In the US, adoption was even higher, with 42% of ecommerce transactions on mobile representing 55% year-on-year growth.
Fraudsters are mobilising too
While mobile is really convenient for shoppers, it has also become an open door for fraudsters looking to exploit vulnerabilities in mobile-based card not present transactions. In the first half of 2020, NuData Security reported a 55% growth in high-risk traffic from mobile devices(ii). And fraudsters are not hesitating to take advantage of this.
The ACI ecommerce Fraud Index confirms that:
- Mobile fraud attempts increased by 1.22% in the first half of 2020 and a further 1.32 % in first half of 2021.
- Data fraudsters are targeting new hybrid services that have become popular during COVID, with buy online pick up in store (BOPIS) services seeing higher fraud attempt rates (7%) compared to other channels (4.6%).
- Mobile-orientated sectors were higher hit than others with gaming and telco experiencing the highest fraud attempt rates.
Looking deeper into the figures, it’s clear that opportunistic fraudsters are not always acting in silos. Increasingly, they are teaming up to steal personal data for illicit purchases with clear evidence of BOT attacks migrating to mobile in the closing months of 2020 and into 2021.
The challenge for merchants
To stay ahead of fraudsters ever more sophisticated strategies, merchants must consider and act upon a broader understanding of payments abuse, including account takeover, synthetic fraud, spam, phishing, promo scam, repetitive BOT attacks, specific sector purchase behaviour.
Many merchants are hoping that smoother mobile authentication, using the new 3DS2 standard will help. Unlike the previous version, which was not fit for mobile, 3DS2 is suitable for wearables, in-app purchases, digital wallets, etc. It provides a new mobile SDK component so merchants can integrate the 3DS process into their mobile apps, making mobile checkouts more secure while keeping them fast and seamless.
However, there is no one silver bullet against mobile fraud, and authentication on its own is not enough. Fraudsters are aware of current safeguards and are actively looking for ways round them. Researchers at Birmingham University, for example, recently identified a way for hackers to exploit vulnerabilities in Apple Pay and Visa to bypass an iPhone’s Apple Pay lock.
Merchants need multi-layered strategies to security
Merchants should look to keep all their security bases covered with end-to-end, sophisticated fraud prevention. This includes positive profiling, which allows merchants to collect behavioural and location-based data to separate genuine transactions from fraudulent ones.
For data scientists, this means deploying enhanced artificial intelligence (AI) technology within machine learning models and, in the case of mobile, even using GPS and geo-location positioning. This combination creates a smarter, more automated fraud detection process that increased effectiveness by quickly deploying updated strategies based on the most relevant information possible.
Though a customer may be using a new channel, like mobile, if their purchases or payment methods are in line with previous behaviours, merchants can quickly approve that transaction. This not only drives conversion but promotes a better cross-channel customer experience.
Fraud detection needs to get smarter and faster
When it comes to retailing, nothing is static. Both fraud and transaction patterns evolve over time. Seasonality, economic fluctuation, changes in customer behaviour and new fraud attack strategies constantly emerge – COVID is testament to this.
Traditional machine modelling solutions need to be continually retrained as fraud patterns change, and often trends are only revealed a few days – or even weeks – after they take place.
So, how can we make it smarter and faster?
Incremental learning, a new approach to modelling may help. It offers several advantages, for example:
- It enables models to “think for themselves”, making small adjustments on an ongoing basis and keeping them hyper-relevant, even as fraudster tactics and consumer behaviours change
- It takes the pressure of anti-fraud and tech team resources by automatically incorporating new data on an ongoing basis thereby reducing the need to continuously re-deploy to production.
- It performs better than traditional methods over longer periods of time – especially for mobile payments where the context and location is continually changing.
What should merchants do?
All of this is good news for merchants and their mobile shoppers, but bad news for fraudsters. For merchants, the key message is always make sure you are compliant with relevant security practices and mandates (e.g. PCI, PSD2 SCA, 3DS2) but don’t rely on these alone for mobile security.
It’s important to stay at least one step ahead of fraudsters. And you can only do that by being ready to embrace new technologies like AI, machine and incremental learning. Tools that help you predict, detect and prevent fraud before it happens are the best way to cut-off mobile criminals for good.