If you missed our webinar on June 8th, “The State of Mobile Payments and Fraud,” this blog post provides a convenient summary recap.
- Greg Andrews, Director of Risk Management & Fulfillment, Entertainment Benefits Group
- Justin Staskiewicz, Fraud Analyst, The Wendy’s Company
- Don Bush, VP of Marketing, Kount
- DJ Murphy, Editor-in-Chief, CardNotPresent.com
The webinar featured a discussion around the findings and implications of the just-released Mobile Payments and Fraud Survey: Report 2017. The panelists first discussed the current state of the fraud landscape, agreeing that fraud is getting easier for the bad guys and harder for the good guys.
- According to CardNotPresent.com, fraud attacks have increased more than 40% in 2016.
- MasterCard reports that fraud directly related to the implementation of EMV and fraudsters moving online has seen a 27% increase since EMV was required in the US.
- MasterCard is estimating that there are 14 billion mobile devices in use in 2017. They also claim that the average person has access to 5 mobile devices.
- More than 18 new payment types were introduced in 2016: Android Pay, Samsung Pay, AMEX Express Checkout, MasterPass, Visa Checkout and more.
- Over 1,000 data breaches were reported in 2016, a 48% increase Y/Y from 2015 to 2016.
Next, DJ Murphy introduced the first audience poll question: “What is your biggest challenge related to the mobile channel?” Detecting fraudulent orders was the reported by 41% of the audience to be their biggest challenge.
Don then discussed how this year’s Mobile Payments and Fraud Survey was different from previous years. In the past, acquirers, card associations, card issuers, and service providers had participated along with merchants. But this year, the focus was solely on merchants. Some statistics about the survey population:
- More than 800 merchants participated
- From 14 countries
- Representing 30+ industries, verticals
- All sizes of companies from under $5m to over $500m
- Experienced in mobile, 80% had 5+ years of experience
- Both eCommerce “pure play” and multi-channel organizations
Mobile Channel Revenue
The discussion moved on to the importance of the mobile channel to merchant revenue, and the survey results showed a clear pattern of increasing importance. The percentage of merchants saying that mobile is “Very Important” to revenue (62%) nearly doubled since the inaugural survey in 2013. Similarly, the percentage of merchants saying the mobile channel was “Not Important” fell from 19.2% in the 2013 report to just 7.1% in the 2017 report.
Greg confirmed that mobile is increasingly important for his business – online tourism, travel, and ticketing. Further, his guests not only want to purchase through the mobile channel, but want the ability to present their e-tickets on their mobile devices in order to gain entrance to the venue or performance. He noted that for a few venues that still honored “paper-only” tickets, customers had called or emailed to ask how soon e-ticketing would become available.
Justin also discussed how mobile revenue is also becoming more important for Wendy’s. After being a predominantly card-present business, they have seen strong benefits as they have introduced mobile payment and mobile ordering capabilities, allowing them to interact with their customers in new ways that had not been possible previously.
This importance of mobile was also evident in the survey results. Nearly 60% of merchants projected that at least 30% or more of their total revenue would be coming from the mobile channel within the next two years, nearly double the current percentage.
Justin said this data was consistent with Wendy’s experience, and that they see mobile as having the potential to be a new and cutting-edge way to interact with customers. Their consumers are letting them know that there is a big revenue potential in mobile and indications are that this demand will continue to increase.
Greg added that his company, seeing the increasing demand for mobile, had to decide how to deliver information and transactions via the mobile platform. They weighed the pros and cons of a mobile app versus a mobile-optimized website, and opted to pursue a mobile-optimized website approach. They see this as requiring less development time and resources, providing more flexibility and increased opportunities for updating and optimizing payment types.
The discussion turned to mobile wallets and which ones are most popular with consumers and with merchants. Don highlighted the popularity of mobile wallets that have been around for a while—such as Apple Pay, Android Pay, PayPal, Visa Checkout, and MasterPass—while noting the relatively rapid acceptance and market penetration of newcomers like Samsung Pay, AMEX Express Checkout, Chase Pay, and AliPay.
Greg thought that consumers might still harbor lingering questions about the security of mobile payments, and that the strength and familiarity of the Apple, Samsung and PayPal brands explains why they are preferred. He contrasted this with consumers being warier of providing information using mobile platforms or websites that are less familiar.
Justin addressed the issue of proliferating wallets, i.e., is it really feasible for merchants to set up their payment systems to accept dozens of different mobile wallet types? He commented that the growing number of wallets indicate consumer acceptance of them, and that the data showed merchant and consumer consensus gathering around established and known brands, like Visa Checkout and MasterPass. Nonetheless, getting the right mix will be difficult to sort out.
Greg pointed out that his website uses PayPal to process mobile payments, based on PayPal being established in the marketplace and having broad acceptance by customers. He also noted ease of accounting and attractive rates as other benefits that led them to adopt PayPal. His company also accepts conventional credit and debit card payments through a mobile-optimized payment gateway.
Justin pointed out that Wendy’s accepts American Express, Discover, MasterCard, and Visa in their mobile app and on their website, but do not currently offer mobile forms of payment. However, they are looking at mobile wallets, especially for the added fraud prevention benefits they may offer.
Mobile Security vs. Ease of Use
Another critical issue that the panel discussed was balancing consumer concerns about security in mCommerce against the need for ease-of-use in mobile transactions. In the survey results, 69.6% of merchants thought that consumers were more concerned with ease-of-use, while 30.4% thought security was of greater concern. Justin said that many merchants look at this as an “either-or” scale, with greater security reducing ease-of-use or greater ease-of-use negatively impacting security. However, Wendy’s is looking “outside-the-box” to find ways of collecting information about mobile transactions that increase security without slowing down checkout. At the end of the day, consumers expect greater ease-of-use and intuitive operation from mobile apps, and it’s important to balance the two. Greg remarked that security is often the greater concern for merchants, and that they find themselves striking a balance between having more security tools and processes around mobile transactions versus the need to make mobile checkout as smooth and seamless as possible (in order to minimize mobile checkout abandonment).
Detecting a Mobile Transaction
One of the fundamental requirements for fighting fraud in the mobile channel is a merchant’s ability to detect whether or not a mobile device is involved in a transaction. Don pointed out that there has been a dramatic improvement in this area since the first survey in 2013, when nearly 56% of merchants were unable to detect if a mobile device was being used. That number has now dropped to 14.4%, indicating increased sophistication on the part of merchants.
Justin employed a metaphor of a fishing net being use to catch fraudsters in a pond. The more data points (i.e., type of mobile device being used), the stronger and more effective the net. For example, knowing a mobile transaction originated on an $800 iPhone would affect his perception of risk versus if it came from a cheap 1996 mobile device that can be purchased online for less than a dollar.
Greg commented that in addition to knowing the type of device, other information can help inform decisions about fraud: the geolocation of the device, default language of the device, what time zone is the device located in, etc. These can provide strong signals about fraud. He noted a specific example, where PayPal transactions originating out of Taiwan, apparently linked to a recent data breach, always tied to a specific mobile device. This visibility into all the data points surrounding those mobile transactions enabled them to easily blunt the fraud attack.
The group moved on to the second poll question, which asked webinar attendees: “What best describes how you detect mobile fraud?” 45% of the audience reported that they use a comprehensive fraud prevention solution.
The panelists thought that the trend towards using a comprehensive fraud prevention platform was a positive development, and agreed that this approach was the best way to address the issue. Greg pointed out that this allowed integration, which is key to ease-of-use, lower costs, and greater efficacy. Having multiple, standalone data points that require manual or human intelligence to resolve ultimately leads to a complex, costlier, and unworkable system.
This discussion elicited a question from one of the attendees: “What is a comprehensive fraud solution?” Don explained the four pillars that enterprise-class fraud solutions like Kount should be built upon:
- Real-Time Analytics. Multiple, advanced fraud screening technologies (Device Fingerprinting, Proxy Piercer, Transaction Velocity, Persona™ Technology, Cross-Merchant Linking, Geolocation, etc.) that analyze massive amounts of data in real-time. The more data points available about a mobile transaction, the more likely it is that fraud can be detected and defeated.
- Advanced AI and Machine Learning Technology. All this data would be overwhelming for humans to look at, assess, and make decisions about in milliseconds. But artificial intelligence and real-time machine learning have the computing power and storage capacity to review hundreds of millions of transactions in real-time and spot risky behavior.
- Experienced Human Intelligence. You cannot underestimate the human factor. Artificial intelligence and machine learning should be reviewed by experts with in-depth fraud expertise and results should be refined by a business owner who knows their business intimately.
- Real-Time Fraud & Risk Data Orchestration Hub. When questions arise that the initial screening process can’t resolve, it’s vital to have the ability to check other data sources for information like email addresses, mobile phone numbers, credit records, chargebacks associated with a card, etc. in real time.
Want to know more about the state of mobile payments and fraud? Download the full mobile report, “Mobile Payments and Fraud Survey: 2017 Report,” with over 65 charts and tables covering dozens of critical variables in the mobile commerce ecosystem.