hands-coffee-smartphone-technology.jpg

securedtouch blog

Online vs Mobile Fraud: Old Problems, New Solutions

Online vs Mobile Fraud: Old Problems, New Solutions

January 12, 2016

For many companies, the word “fraud” looms overhead like a dark cloud. With more and more people making transactions via desktop and mobile, the burden of fraud is increasing.


This burden is especially high when it comes to the mobile channel, as fraud costs more when originating from a mobile channel. Data from LexisNexis 2014 True Cost of Fraud study shows fraud dollars associated with mobile channels are $3.34 per dollar of transaction, while fraud via online channels costs $2.62 per dollar of transaction.

2016-01-11_9-42-27.jpg

While both channels come with significant fraud losses, current fraud prevention techniques are not sufficient to equally reduce fraud in both channels. This realization comes at a time when companies are bracing for a spike in card-not-present (CNP) fraud due to EMV chip migration. Although EMV chip migration reduces counterfeit card fraud, it causes fraudsters to seek out other avenues, mainly CNP online and mobile channels. The increasing variety of devices and payment methods has 50% of retailers feeling ill-prepared for an increase in fraud.


There is a silver lining to this problem. While the methods fraudsters use are ever evolving, companies are doing a good job of keeping one form of fraud at bay. According to a report by CyberSource, the fraud rate for online transactions (not including mobile) has been steady since 2010. This means what companies are doing to prevent increases in online fraud rates is generally working. While fraud rates are not going down, at least they are steady.


We already took a look at some of the common fraud detection methods and talked about the new player in the fraud security game: Behavioral Analysis. Now we’ll take a look at what this means for desktop and mobile channels.

Fraud Security for Desktop

IMG_9228

Online fraud has been an issue since the start of e-commerce in 1994. The internet was a new concept and businesses didn’t know what they were in for. The first online scams came in the form of fraudsters using stolen credit cards and ascribing them to popular celebrities of the time. Mass online identity theft followed. These events sparked the birth of online fraud security and a slew of innovations suitable for desktop:

  • Anti-virus programs
    These are implemented on the user-end to guard against viruses acquired online that can be used to steal a person’s identity or credit card information.
  • Site encryption
    This is implemented by the website owner to protect users browsing the web. This is especially useful when using un-secured, public wifi connections.
  • Geolocation
    This is implemented on the business-end and identifies the location of a device to detect fraud. Location of a desktop can be determined using wifi or IP geolocation.

IMG_8833

  • Device fingerprinting
    This is implemented on the business-end and identifies a specific device using a unique IP address identifier. This is one of the most common methods used for detecting fraud via desktop.
These established methods and more are used to keep online fraud from running rampant. Large e-commerce merchants are aware of many of these methods (with variations based on method, see graph below).

2016-01-11_11-36-47.jpg

What is not shown is how many of these large e-commerce merchants are aware of whether these methods can be adapted to mobile devices.

Desktop vs. Mobile

Many of the methods commonly used to secure desktops are not effective for mobile devices. For example, mobile IP addresses are constantly changing as a user moves between networks. This makes it difficult to gain any useful information from this method to inform fraud detection. The very fact that mobile is by nature “mobile” poses a challenge for traditional fraud security methods.

kaboompics.com_Men using stylus pen for touching the digital tablet screen

Luckily, behavioral biometrics is a new method that can secure mobile devices. Mobile touchscreens are equipped to gather large amounts of data like fingerprint size, pressure, swiping behavior, and more. Mobile devices have the potential to gather heartbeat data and vein patterns. A touchscreen can discern whether a user’s palms are sweating or not. Businesses continue to innovate and discover new ways mobile devices can gather behavioral data. Thus, data sets used to tell whether an individual is legitimate or a fraudster are more often correct.


While desktops can also gather behavioral biometrics, these data aren’t as diverse. They are limited to mouse and keyboard dynamics. Less data means a less telling behavioral profile, so these behavioral biometric solutions for desktop can be wrought with false positives that cause customers to run for the hills. This is one reason the mobile channel presents a unique opportunity for businesses to up their fraud prevention game by using new methods that decrease friction, false positives, and increase security.

The Future of Fraud Prevention

Many companies are choosing not to enter the world of mobile transactions because of security fears. The reality is more and more people are using mobile devices, which means companies have to get with the times or be left behind. This entails adopting better security methods to ensure a great user experience, while keeping customers’ devices safe.
It is important to recognize that desktop and mobile channels are unique. What works for desktop won’t automatically work for mobile devices. This is why new solutions like behavioral biometrics are needed to address the specific challenges associated with mobile transactions and create a frictionless, secure experience for users.

Recent Posts

The Top Challenges of Mobile Banking Security
Behavioral Biometrics & Mobile Banking: Trends, Threats & Fraud Prevention
The ROI of Behavioral Biometrics
Strengthening Mobile Payments with Continuous Authentication
Ask The Experts: The Future of Banking & FinTech in Light of PSD2, Part 2

Follow Us