As mobile commerce becomes ever more important to merchants, so too does the number of mobile payments made via apps and Web sites viewed on smart phones and tablets.
Along with this growth, however, is a disproportionate increase in fraud as a percent of m-commerce revenue, finds the “2014 LexisNexis Trust Cost of Fraud mCommerce” report released Monday.
Of the merchants in the study accepting m-commerce payments, mobile transactions accounted for 14% of total transaction volume, but 21% of the volume of fraudulent transactions. The report found that 15% of the more than 1,000 merchants surveyed accept payments in m-commerce transactions.
The lopsided fraud may be explained in part by the lack of risk-mitigation measures that incorporate data coming from m-commerce transactions, says Aaron Press, director of e-commerce and payments at Atlanta-based LexisNexis Risk Solutions.
“You’re getting a different set of information coming from the transaction and merchants may not be aware of what those differences are,” Press tells Digital Transactions News.
Fraud is the bane of e-commerce merchants. Many try to minimize their losses by using rules to automatically catch potentially bad transactions prior to payment authorization.
What many merchants may not be doing is incorporating their mobile data into these risk-mitigation systems, Press says. That data might include how the device is identified and additional geo-location information, he says. “When you bring these things together you start to see some real challenges,” Press says. “Whenever you have more complexity, you have fraudsters who understand this” and take advantage of it.
Indeed, the report finds that m-commerce fraud costs merchants more than three times the value of the initial loss. That is higher than in 2013, and partly explained by maturing m-commerce sales in which consumers buy more physical goods via smart phones and tablets than digital goods, which dominated the early patterns of m-commerce, LexisNexis says.
What can merchants do? Press says the answer depends on whether their risk-mitigation efforts are in-house or outsourced, on the workflow for processing m-commerce transactions, and how these rules are prioritized.
“You may want to have one set of rules when you see a mobile browser first or somewhere along the decision tree,” Press says. “The other thing is it’s not just a question of rules, but what information do you bring in when perhaps information you might get from another channel isn’t available.”
For example, when verifying the identity of a consumer, an address check can reveal if that person lives at the given address, he says. “Does it make sense that person standing in place A with a billing address B is shipping to place C?”
The other side of this is that merchants don’t want measures so restrictive that they prevent what might be good sales, Press says.
M-commerce transactions are still new for merchants and the payments industry, he says. When calculating their risk exposure, some merchants may not be incorporating all of the data they should, Press says.
Some may assume because they don’t have a mobile-optimized Web site or mobile app that their mobile fraud is negligible. “When you see the threat from fraud through the mobile channel, it doesn’t have to be a native site to be exposed to that fraud,” Press says.