Digital Transactions Authoritative, insightful and timely information for payments professionals
The promise of mobile devices to generate new payment transactions and better service for bank customers comes with a big potential downside. Risk-control executives strongly believe fraudsters have their eyes on smart phones and related mobile devices, according to new research from Aite Group LLC.
Asked if “mobile fraud is the next big point of exposure in financial-services fraud,” 38% of an international group of executives from banks, card issuers, payment processors, gateways, and related companies Aite surveyed at a conference last month strongly agreed and another 50% agreed, while only 13% disagreed.
On the other side of the coin, 42% of respondents strongly disagreed with the statement that “the concern about mobile security is overblown” and another 25% disagreed. Two-thirds of Aite’s respondents claimed their institutions already were working on fraud-prevention technology while 25% said they expected their organizations to do so but were waiting to see what kind of threats emerge. Only 8% said nothing was in the works.
“The overwhelming response was yes, indeed, this is something folks are concerned about,” says Julie Conroy McNelley, senior analyst at Boston-based Aite Group. “One of the biggest fears out there is the fear of the unknown. Everybody fully expects there’s going to be some holes that the bad guys are going to find that we’re not even thinking about.”
Aite’s respondent base of 24 executives at the FICO World 2011 conference in New York City was too small to draw statistically valid conclusions, but the survey findings generally reflect concerns about mobile commerce’s vulnerabilities that are beginning to get attention in the payments industry and the press. The worries come as the increasing adoption of smart phones and tablet computers position m-commerce for an expected boom. Research firm eMarketer Inc. estimates U.S. m-commerce sales will reach $6.7 billion this year, a tiny fraction of overall retail sales but a 91.4% increase over $3.5 billion in 2010. Next year, New York City-based eMarketer predicts sales will rise another 73.1% to $11.6 billion.
Online commerce and mobile commerce share many technological underpinnings but only 37% of Aite respondents reported their firms have an integrated fraud-prevention strategy for their online and mobile channels. “That was another area that really surprised me,” says McNelley. “What I think this is attributable to is the relative nascency of the mobile platform.”
Banks and processors deploy a number of different tactics and technologies to secure their mobile channels. Aite’s results show the most popular is the PIN in either its static or dynamic (variable) form, used by 43% of respondents today with another 43% planning to use it within two years. Only 14% said they have no plans to use PINs.
Some 40% of respondents said they were using chip-based technologies drawing on the embedded SIM cards or micro Secure Digital (SD) cards in mobile devices to store the so-called secure element in an encrypted manner. Another 35% said they plan to adopt chip-based security within two years while 25% said they have no plans to use it.
Knowledge-based authentication, which involves multiple-choice questions, is used by 40% of respondents for mobile security, another 40% plan to use it within two years and 20% have no plans to use it. Biometrics claims 10% of Aite’s respondents as users with another 38% planning to adopt them in 24 months. Fifty-two percent have no plans to deploy biometrics, which consists of several technologies with varying degrees of effectiveness, cost and ease of implementation.
Another technology is so-called complex device-printing, which examines identifiable hardware and software attributes of a computer or mobile device to find digital fingerprints that indicate possible fraud. Twenty-four percent of Aite’s respondents use device-printing and 38% plan to do so within two years. Respective figures for another technology, behavior analytics, are 33% and 48%.
Minneapolis-based Fair Isaac Corp., the developer of the ubiquitous FICO score used by lenders to assess borrower risk and other data-based fraud-prevention products, sponsored the FICO World 2011 conference.
