TheRunDowN

Consumers bank online, shop online, make purchases in-store and engage in many other activities from their mobile devices, and each of these activities is susceptible to risk. Based on the amount of identity, personal and payment information that can be stored in a mobile device they are quickly becoming the target of choice for fraudsters.

The following top 10 list is an excerpt from The Fraud Practices’ Fraud and Security Primer for M-commercewhite paper dated February 2012 and written by David Montague.

The top 10 list provides a sampling of the underlying risk factors that indicate why The Fraud Practice believes the mobile platform, at least over the next 1 to 3 years, has elevated risk factors that would warrant additional attention by fraud and payment professionals.

For more information on the Fraud and Security Primer for M-commercewhite paper please contact The Fraud Practice directly.

 

 

Subscribe to our newsletter

 

 

introduction to Mobile Payments

The Introduction to Mobile Payments online training course covers the the available mobile payment process flows defining each of the "payment players"; reviews payment concepts such as SMS payments, Mobile Wallets, Contactless Payments, RFID, NFC and different billing methodologies.

 



 

LIMTED TIME OFFER: Enroll in the Introduction to Mobile Payments online training course and receive a FREE copy of the Fraud and Security Primer for M-commerce white paper.

 

Press Release: Top 10 Reasons Why The Fraud Practice Recommends Increased Attention on Mobile Purchases and Payments within A Fraud Strategy

Sarasota, FL, February 16, 2012 / Internal Release - M-commerce presents large scale opportunity to engage and transact more efficiently between consumers and merchants, making it easier, faster and potentially more economical to conduct business across all channels. However, merchants should be aware that M-commerce is very new and the devices and behaviors consumers are using to conduct M-commerce are not fully hardened or matured against fraud and security breach.

img-33

As payments transition from plastic cards and magnetic stripes to mobile devices they will experience a new set of risks posed by the mobile platform. Consumers bank online, shop online, make purchases in-store and engage in many other activities from their mobile devices, and each of these activities is susceptible to risk. Based on the amount of identity, personal and payment information that can be stored in a mobile device they are quickly becoming the target of choice for fraudsters.

The following top 10 list is an excerpt from The Fraud Practice's “Fraud and Security Primer for M-commerce” white paper dated February 2012 and written by David Montague. The top 10 list provides a sampling of the underlying risk factors that indicate why The Fraud Practice believes the mobile platform, at least over the next 1 to 3 years, has elevated risk factors that would warrant additional attention by fraud and payment professionals.

1) Because mobile devices are more transportable they are more susceptible to loss and theft. It’s difficult to lose or misplace a computer, even a laptop, but mobile devices are small enough to slip out of pockets leaving them more susceptible to loss and theft. According to a recent study by TNS 22 percent of consumers surveyed had lost a mobile phone at some time in the past, while 12 percent reported having their mobile phone stolen.

2) Consumers tend to take their mobile devices wherever they go. Theft from a fraudster doesn’t have to mean a consumer “loses” their device. A fraudster could simply grab a device commit a fraudulent transaction and put the device back in a restaurant or bar to be found by the consumer. In which case the consumer would never know the theft occurred. This same threat mode could also be done from friends and family increasing the risk of 1st and 3rd party fraud on the platform.

3) Consumers typically have their email accounts and quick links to social media sites and bank accounts setup with one touch access on their mobile devices. Fraudsters that get access to the phone have access to email, social media sites and banking information (meaning the fraudster can see email notification attempts where the consumer has existing accounts and can respond to automated security messages from account changes). A lost or stolen mobile device presents serious account takeover threats.

4) Most consumers don’t use any form of antivirus protection or internet security software on the mobile devices or tablets. Symantec surveyed over 12,000 people from 24 nations in 2011 finding that only 16 percent of respondents installed up-to-date security on their devices even though one in ten reported that they had been the victim of mobile cybercrime.

5) Most consumers don’t use a password to lock out people from the phone to gain access, those that do use poor passwords that are more convenient to get in. Authentication can be completed by a password, PIN or swipe pattern, but consumers aren’t required to activate these features, and many who do use them with weak PINs or codes. When it comes to PINs many consumers still default to 1234 or their birthday, and passwords can be just as weak. New device unlocking methods include a swipe pattern, but even this leaves an oil residue on the screen over time which traces the exact path needed to unlock the device.

6) Mobile device such as the iPhone, iPad and Android devices offer poor security features for passwords which are using low value capabilities (easy to hack, small number of options). The most common method for locking a mobile device today is to require a four digit PIN, which is easy to crack relative to a full password or other authentication mechanisms. The fact of the matter is, with a 4 digit PIN consisting only of numbers, there are only 10,000 possible combinations.

7) Data on the phone is typically stored clear text and not encrypted. Often the use of an authentication mechanism to lock a mobile device only deters the amateur fraudster or thief. Just as data can be stolen from a computer with only a password protected user account, the same is true for mobile devices. 

8) Easy access to mobile apps with low controls on who is offering them, especially in the Android market, makes it easy for fraudsters to get malware onto devices. The Apple App Store is known for being strict in which apps they will allow, but the Android Market is more open which has led fraudsters to spreading their malware through illegitimate Android apps.

9) Hackers are focusing more and more on mobile devices. The potential pool of consumers a fraudster can attack with mobile malware targeting the major mobile operating systems has greatly increased and is continuing to grow. Meanwhile, the amount of personal and payment information kept in a mobile device has increased as well, providing plenty of incentive for fraudsters and hackers to focus more on mobile devices.

10) Because it is ‘mobile' the concept of geolocation loses some value when trying to connect a consumer’s billing location, shipping location and actual location at time of transaction.

 

Post Questions and Comment Here

 

About The Fraud Practice

The Fraud Practice, http://www.fraudpractice.com, is a privately held US LLC based in Sarasota, Florida. The Fraud Practice provides consulting services on eCommerce payments, fraud prevention and credit granting as well as prepared research and online training for payment and fraud professionals. Businesses throughout the world rely on The Fraud Practice to help them build and manage their payment, fraud and risk prevention strategies.

Contact:

The Fraud Practice LLC
David Montague,
President and Executive Consultant
Toll Free: +1 888-227-0402
dmontague@fraudpractice.com

Additionalresources

  • introduction to Mobile Payments.

    Covers the the available mobile payment process flows defining each of the "payment players"; reviews payment concepts such as SMS payments, Contactless Payments, RFID and different billing methodologies.

    LIMTED TIME OFFER: Enroll in the Introduction to Mobile Payments online training course and receive a FREE copy of the Fraud and Security Primer for M-commerce white paper.

  • Managing Fraud Related to ePayments in a Business
    Fundamentals for Understanding Geolocation & Device Identification.

    Covers the use cases and methods for integrating and making use of geolocation data and device indentification in the context of a fraud prevention strategy.

  • Introduction to eCommerce Credit Card Payments.

    Covers the credit card process flow defining each of the "payment players" and reviews payment concepts such as authorizations, settlements, reversals, chargebacks and the credit card association's high risk programs.