The Cost of Mobile Payment Fraud

Mobile payment adoption in the U.S. is surging, legal and risk management service provider LexisNexis reminds us in a recently-released report. At the same time, the traditionally browser-based mobile payment environment is rapidly diversifying, with a notable shift this year toward mobile point-of-sale (mPOS) hardware use (services like Square and PayPal Here).

The trouble is that also increasing are the fraud challenges faced by the merchants, financial institutions and consumers who are participating in them. Yet, it turns out that, though the payment channel may be new, the underlying weakness exploited by the fraudsters, is quite familiar: payment cards. Most of the fraudulent m-payment transactions involve credit cards, we learn, with much of the rest being funded by debit cards.

Also familiar is the researchers’ prescription for dealing with mobile payment fraud: merchants need to focus on tackling identity fraud, which is found to occur more frequently in mobile-commerce settings than it does in a more traditional e-commerce environment. The authors hasten to add that merchants are unprepared for meeting the mobile fraud challenge, which, of course, is why they have published this report. Let’s take a look at it.

M-Payment Adoption up by 50%

Acceptance of all mobile payment types rose by 50 in 2013 to reach 9 percent of merchants, up from 6 percent in 2012 and 4 percent in 2011, we learn. Convenience for the customer is the biggest reason merchants are adopting mobile payments, with larger merchants also doing it, because they hope m-payments will help them grow business (64 percent), meet customer expectations (68 percent) and remain competitive in the market (67 percent).

Mobile Browsers Are Preferred Payment Platform

Small merchants, like their larger counterparts, are more likely to accept payments through mobile browsers and apps than any other mobile payment type, we learn. However, mPOS hardware (Square and its clones) is used widely and almost exclusively by small merchants: 18 percent of small merchants accept mPOS transactions, compared to 0 percent of medium-sized merchants and 1 percent of large merchants.

Small Merchants Are Less Well Protected Against Fraud

On average, small merchants use half as many fraud technology solutions as their larger counterparts. They are less likely to use solutions that protect in-person transactions, such as PIN or signature, which is used by 24 percent of small merchants, compared to 34 percent of medium-sized merchants and 46 percent of large merchants, and solutions for authenticating online transactions, such as device identification, which is used by only 2 percent of small merchants, compared to 6 percent of medium-sized merchants and 13 percent of large merchants.

The effect of this discrepancy between large and small merchants’ use of anti-fraud solutions is that the influx of small merchants into the mobile segment is bringing down the average level of protection among all mobile merchants, as illustrated in the chart below.

Mobile vs. Non-Mobile Fraud Losses

Mobile merchants have seen a drop in the total costs of their fraud losses since 2012, measured on a per-dollar basis — from $2.83 in 2012 to $2.29 in 2013. However, this reduction is the result of reduced fraud costs across all payment channels, the researchers tell us, not exclusively the mobile channel.

Distribution of Mobile Fraud Losses

The types of m-payment fraud costs depend on the industries accepting mobile payments. Mobile merchants this year attributed 23 percent less of their total fraud cost to replacing and redistributing lost and stolen merchandise compared to 2012, as seen in the chart below. Replacement and redistribution costs are determined by the value and weight of the items lost, stolen, or shipped to fraudulent addresses. Non-store retailers and electronic and appliance stores, which together account for nearly half of all mobile merchants in 2013, report successful fraudulent transactions with a high ticket value of $228 and $253, respectively.

Credit Cards Account for Most M-Payment Fraud

Credit cards are the criminals’ favored payment method for defrauding mobile merchants, 58 percent of whom reported that the fraudulent transactions against them involved a credit card, as seen in the chart below. As the researchers note, this is not surprising, because most mobile payment channels require a credit or debit card. MPOS and mobile contactless payments are both in-person card transactions and many mobile browser and app payments also involve credit- and debit-card payments.

The authors tell us that the prevalence of check fraud is explained by the revenue composition of the mobile merchant segment. Those mobile merchants who receive a high volume of checks tend to be smaller merchants who receive 18 percent more of their total transaction volume through checks compared to medium-sized mobile merchants and 57 percent more than large mobile merchants. Moreover, small merchants are more likely to use mPOS hardware for customer convenience to supplement cash and checks.

Merchants Are Underequipped for Preventing Mobile Fraud

Merchants’ mobile fraud-prevention capabilities have diminished as the composition of this segment has changed over the past year, we learn. While identity fraud affects all merchants, those accepting mobile payments are more likely to encounter this type of fraud due to the payment channels they use. While the average mobile merchant utilizes a greater number of fraud-mitigation solutions than the average general merchant (four vs. two, respectively), many mobile merchants are nevertheless underinvesting in the types of solutions necessary to fully protect them from identity fraud.

Verifying Customer Identity Is Top Challenge

Customer anonymity in m-commerce transactions leads to a significantly higher rate of identity fraud, as compared to non-mobile transactions (21 percent vs. 17 percent, respectively. Recognizing this challenge, 53 percent of merchants consider verifying customer identity as their top fraud-prevention m-payment concern.

No Clear Winner among Fraud Solutions

No single fraud solution is perceived as most effective for preventing mobile payment fraud. Despite heavy use of mobile browsers and apps among mobile merchants, even device fingerprinting, which can more closely tie a user to a device, and automated-transaction scoring, which is both device- and payment-agnostic, are seen as being of moderate utility, winning the trust of 23 percent and 20 percent of the respondents, respectively.

The Takeaway

The lack of replacement and shipping costs for digital goods helps mobile merchants limit losses by eliminating one of the most expensive items associated with fraudulent purchases. However, chargebacks and payment processing fees are still incurred with fraudulent card-not-present (CNP) purchases. The researchers conclude that mobile merchants selling digital goods can limit their fraud losses by thoroughly authenticating CNP transactions through the mobile devices.

Combined with authentication solutions such as device fingerprinting, merchants can verify their customers’ identities while at the same time protecting consumer payment information. Failing to utilize these capabilities can expose merchants to an increased rate of identity fraud, which even now is more common at mobile merchants than it is at non-mobile ones.

Image credit: Visa.com.