THE BLOG

The Price of Mobile Payments Fraud

11/14/2013 03:39 pm ET | Updated Jan 23, 2014

It's a revolution that's been long in coming -- the mobile payments market. Mobile commerce has been steadily growing and is expected to continue at an even quicker pace in the coming years. Technology research group Gartner projects that over the next four years the mobile payments industry will experience an average annual growth of 35 percent, creating a market of more than 450 million users worth $721 billion by 2017. The North American market alone is forecast to grow 53 percent in 2013, reaching $37 billion, up from $24 billion in 2012.

In a sure sign that the mobile payments market is top of mind for businesses, some of the world's most recognizable companies have thrown their hats into the ring. Recent developments include: PayPal's acquisition of mobile payments company Braintree, Google's launch of its new and improved mobile wallet and Apple's introduction of its fingerprint scanner, adding biometrics to the mobile payments industry mix.

Despite growth projections, I've seen a certain amount of caution from both consumers and businesses in adopting mobile payments.On the consumer side, the main barrier to adoption has been uncertainty about the benefits of mobile payments over traditional payment methods. And in fact, one consumer survey found that customers of large credit card issuers don't think the ability to make mobile payments from a smartphone is very important. But other surveys have found that U.S. consumers -- especially the all-important younger demographic -- are generally interested in mobile payments.

Another primary concern about mobile payments -- as with any payment system -- is security and the management of risk. Unfortunately, it is still a common belief that mobile payment platforms are less secure than e-commerce or traditional payment methods. Concern about security continues to be the most-cited reason for consumers' reluctance to adopt mobile payments. According to MasterCard, 62 percent of respondents need confirmation that their personal information is safe in order to be comfortable making a mobile payment transaction. In another survey, 63 percent of respondents thought their personal information was more vulnerable when using a mobile phone for purchases than when using a debit or credit card; a whopping 94 percent said that they would be willing to make a mobile payment if they knew it was secure.

So how big of a problem is fraud, how exactly is fraud perpetrated with mobile payments -- and what can consumers and businesses do to prevent it?

In its 2013 Online Fraud Report, based on a survey conducted in the United States and Canada, Visa company CyberSource found that:

-- Estimated retailer loss to online fraud in 2012 was $3.5 billion, an increase of 3 percent from $3.4 billion in 2011 and 30 percent from $2.7 billion in 2010 -- but down from recent highs of $4 billion in 2008 and $3.7 billion in 2007

-- The average fraudulent online order ticket value dropped 20 percent to $200 last year from $250 in 2011.

-- In the context of total revenue, the average online fraud rates remain relatively low -- in 2012, 1.4 percent of revenue was lost to fraud; Bloomberg Businessweek predicts that the number may increase to 1.5 percent within the next five years

Identity theft remains the most common way mobile payments fraud is perpetrated. Fraudsters succeed in obtaining information about a customer, use it and have full access to the bank account of their victims. Mobile payment apps in mobile wallets and prepaid coupons offer ample opportunity for fraud. The common technique used by app fraudsters is one-click payments, in which the links are embedded within the apps. Payment is then taken from the linked credit card instantly, without the customer being aware, which in some cases can lead to thousands being stolen. Smartphone users are putting themselves at risk of having their identities stolen by failing to log out of apps and clear their browser histories. According to credit reference agency Equifax, more than a quarter of people conduct online banking on their phone, a third don't log out of social media or banking websites, 42 percent fail to clear their browser history and 45 percent do not protect their smartphones with passwords. Even worse, one in five store passwords, pins, bank account or credit card details on their smartphones. All this makes it easier for fraudsters to access personal information, including bank details, if phones are lost or stolen.

In addition to identify theft and the vulnerabilities of current apps and mobile wallets, there are many ways in which mobile payments fraud is perpetrated: vanishing, the advanced fee scam, payroll fraud, the reversal request, charge back, the false transaction, and counterfeit cards. Identity theft continues to be the biggest risk for individuals, however the above are of greater concern to businesses, e-commerce and shopping platforms. The majority of card fraud is tied to card-not-present transactions, whereas the EMV (Europay, MasterCard and Visa) standards (a global standard for the authentication of credit and debit card transactions) drastically reduce the security risks with card-present payments.

From an industry standpoint, multi-factor authentication is key to preventing mobile payment fraud. This authentication method is based around two factors, the card (or the phone) on the one hand, and a piece of information known only by the user (such as a Pin code) on the other. Taking these steps to ensure payment security is vital to increase consumer confidence in mobile payment systems -- and therefore it is vital to the industry, because as consumer confidence grows so grows the adoption of mobile payment.

Finally, simple steps can be taken to prevent fraud, the first is to take action to monitor and control your payment activities; this can be done by geo-localization, signed receipt, etc. The second step is based on simple communication: Once a problem is detected, it is imperative for the consumer to alert the bank(s) and mobile payment company involved in order to be eligible for a refund and to take measures against any recurrence, and finally as mentioned earlier it is imperative to close your banking/ payment apps and refrain from storing your pin/ login details on your phone.