Mobile payments are fast becoming mainstream, with ACI merchant customers seeing 30 percent of all eCommerce transactions in 2020 being made on mobile devices. In the United States, adoption is higher, with 42 percent of eCommerce transactions in 2020 on mobile – that’s a year-on-year growth rate of 55 percent.
With the maturing of mobile payments comes both an increase (up 6% in 2020) in average ticket price on mobile devices – and, by association, a 19 percent increase in the average transaction value of fraud attempts.
All of which means that protecting the mobile channel from fraud is now critical for merchants.
Data from the Merchant Risk Council shows that, in 2019, 48 percent of merchants were not tracking fraud on mobile channels at all. Without reducing this figure, merchants are taking a big risk with an important and fast-growing channel.
It’s worth noting that it is millennials – the highest spending generation – who lead the way in shopping via mobile. Merchants must protect this channel, and the customers who use it, if they are to benefit from that spending power – and they must do so without increasing friction at the checkout as this continues to be one of the leading causes of cart abandonment.
Consumers can do much to help themselves and ensure that they can shop safely on their mobile devices. Keeping phones secure, passwords unique and private, and enabling biometric identification will make penetration more difficult and slow the path for fraudsters. But merchants must play their part too, first in understanding how and when fraudsters attack devices and then in detecting and preventing mobile fraud.
Beware of BOTS
In 2019, ACI saw a rise in BOT attacks on non-mobile devices – and our risk experts predicted that these attacks would soon migrate to mobile. We saw clear evidence of this trend in the closing months of 2020 and into 2021.
Fraudsters typically attempt to run internet BOTs (that is, automated attacks on websites or mobile apps) because they offer a low resource, high yield way to commit fraud. If BOT behavior goes undetected, it can cause an increase in customer disputes, as well as a significant increase in fraud and chargebacks, causing real impact on revenues and the success of a merchant’s online and mobile channels.
It is vital that merchants work proactively to configure risk strategies on all these channels to identify and restrict the impact of BOT attacks, before they become overwhelming.
Protecting mobile shoppers
When it comes to mobile fraud prevention, there are several steps merchants can take to protect their customers. First, while the original 3D Secure process was unfit for mobile, the new 3DS2 standard is altogether different. A new mobile SDK component means that merchants can integrate the 3DS process into their mobile apps to make checkout fast, safe and seamless. Now fit for all devices (including wearables, in-app purchases, digital wallets, etc.), 3DS2 offers a robust two-factor authentication process that improves customer authentication and reduces fraud.
Above all, however, merchants need to be aware of traffic coming through mobile devices and implement fraud strategies specific to that channel and to the products and services most frequently purchased via mobile. A multi-layered fraud prevention approach will apply a combination of sector-specific machine learning models, profiling and behavioral analytics, rules based on velocity thresholds, suspicious activity alerts and identity verification techniques to spot both mass fraud attempts such as BOT attacks as well as individual instances of mobile fraud.
Making the most of mobile
As mobile shopping takes a bigger slice of the eCommerce pie, merchants can no longer afford to ignore the specific characteristics of mobile payments and mobile fraud prevention. Strategies must be specific to the channel to ensure that fraud prevention measures enable rather than restrict growth, giving consumers a positive, easy and safe shopping experience that encourages their return.
If you’d like to learn more about how to mitigate mobile fraud, get in touch with our expert risk team at [email protected]
Learn more about ACI Fraud Management for merchants