Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on April 8, 2015

Debunking myths around Apple Pay fraud


Debunking myths around Apple Pay fraud

Dennis Jones is the CEO of London based mobile payments firm Judo Payments who provide card payments for mobile apps and a platform for creating custom mobile payment solutions using any mobile device.


Last month David Bozin discussed how Apple Pay was highlighting crucial flaws in how banks deal with digital payments. This month, Judo CEO Dennis Jones explores fraud in m-payments and the myths surrounding it.

It didn’t take long before the great American Apple Pay experiment came face-to-face with the fraudsters, hoping to capitalise on any weaknesses in the iPhone mobile payment system. According to some experts, fraud is already accounting for about 6 percent of Apple Pay transactions, compared with about 0.1 percent of transactions using a plastic card to swipe.

Despite Apple going to great lengths to secure Apple Pay with technology, it becomes vulnerable to fraud when a user adds a credit card. To be clear, this isn’t because of a failure in Apple’s design, but in the process of validating a payment card with a specific user device by the customer’s bank.

applepay

Banks in the US are routinely accused of making it too easy for customers to be authenticated because they want to reduce the friction of adding their cards to the system. So no matter how secure the technology is, if the bank’s customer-service representatives who handle authentication questions are not sufficiently trained to spot the fraudsters, then human error will continue to prevail.

The fact is that mobile commerce is still an experiment across the spectrum and that makes security and fraud concerns significant barriers to adoption by customers and businesses alike. Technology will always be more reliable than humans in combating mobile fraud and standard e-commerce fraud prevention tactics aren’t sufficient for mobile channels.

So let’s debunk the three key myths around mobile commerce fraud and its prevention. Together, we can put the fraudsters out of business and close the m-trap.

Myth One: It’s not worth investing in mobile since the fraud cost is so high

In 2014, m-commerce accounted for £7.9 billion of a total £45 billion in online sales in the UK. M-commerce will continue to take a bigger share of all online sales (as much as 26.5 percent by 2017) and will start eating into traditionally card present sales before we know it.

To say that the cost of fraud is too high to invest in mobile is to misunderstand the impact that mobile will have on your business. The real cost to your business is ignoring m-commerce instead of investing in a mobile specific fraud prevention system and taking a proactive approach to a channel that will only continue to grow.

Malware

Myth Two: Traditional fraud prevention solutions for e-commerce are enough to cover mobile channels

Traditional e-commerce fraud prevention works on a number of basic assumptions. It assumes you are connecting to an e-commerce website through your personal desktop PC or laptop. It assumes you are connected to the internet with a unique IP address (or looks to see if you have somehow tampered with that IP address). It assumes entering information like your billing or shipping address is easy. None of these apply to mobile. Mobile payments operate in a state of flux. Customers have multiple devices for single users, often being used at the same time. Devices sit behind shared IP addresses that are not device specific.

Mobile specific fraud prevention requires mobile geolocation, device fingerprinting and tighter ID controls.

Myth Three: It is not cost effective to invest in a separate fraud prevention solution just for mobile

Best in class mobile fraud prevention systems are mobile-first, not mobile only. They build on top of what is essentially commoditised information for preventing traditional e-commerce transactions to expand the protection to mobile initiated transactions.

That means you don’t have to run dual systems to cover the spectrum of commerce channels and that makes it more cost-effective than perhaps you’d think.

Mobile first fraud prevention systems take advantage of increased data transfer speeds and our increasingly wide digital footprints to secure transactions. Whether that data is coming from a PC, a smartphone or a tablet, it is fed through algorithms and assessed against past device behaviour and what’s normal for your business, through a series of tailored rules, mechanisms and risk thresholds that enable better protection of your businesses’ margin across all channels.

With 100 percent of digital commerce growth now coming from mobile, businesses can’t afford to ignore their increasingly mobile customers. The real cost for businesses is avoiding or delaying investment in mobile out of fear of the m-trap.

Read Next: How Apple Pay exposes security flaws in banking

 

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with