Author: Brian Borneman, VP product strategy manager, Bank of America Merchant Services
If cash is king, we may be in the final days of its reign. According to a recent study, roughly half of American adults no longer worry about carrying cash1 as they increasingly reach for their smartphones instead of their wallets.
Within the past year, nearly a third of U.S. adults used one or more mobile payment options (like mobile wallets or apps) to make a payment or transfer money.2 The challenge for businesses accepting these payments is that consumers aren’t the only ones leaning into this payment system – fraudsters are increasingly targeting these transactions as well.
By implementing a multilayered approach to security, businesses can better protect their mobile environment and customer payment data.
Today’s cybercriminals aren’t just looking for credit card information. They’re targeting usernames, passwords, email addresses, social security numbers, bank account information and other sensitive data that can allow them to take over a consumer’s mobile app account. Account takeovers, which can be the basis for one-time fund transfers or ongoing exploitation, are one of the most prevalent forms of fraud in today’s mobile environment.
Hackers often acquire information needed for an account takeover through phishing attacks. They’ll send victims what appears to be a legitimate email or message from a trusted entity; by following the prompts, a user unknowingly gives hackers access to personal information.
The rise of social media has also made this type of fraud more viable. Using bots to scrape social media accounts, fraudsters harvest unthinkable amounts of personal information that they use to create fake profiles or conduct phishing schemes. But with the right security measures in place, businesses can identify these fraudulent attempts.
The best fraud protection models for mobile apps enact several layers of security tools to help prevent a fraudulent transaction from occurring, and immediately flagging it if it does.
In the coming years, card brands are expected to implement Secure Remote Commerce (SRC) by EMV® to streamline online checkout. The standard promises to create a simple, secure and consistent checkout process across the web and card brands, therefore making the online purchase experience easier for consumers.
Once a shopper establishes their SRC credentials, their contact information and payment data would be held in a single, secure system that essentially “follows” them around the internet – they wouldn’t need to reenter payment information on any site from which they’re making a purchase. This is accomplished by SRC acting as a “bundle” of sorts for the above-mentioned fraud and security tools with a deep consideration for the customer’s experience. While there isn’t an immediate action for business owners to take in regards to SRC – yet – it is a standard to keep an eye on.
Between lost merchandise and the costs of investigating and rectifying a data breach, every dollar of fraud creates approximately $3 in total losses for a business3 – not to mention the pricelessness of their reputation. Because no single solution or product can 100% secure a business’ environment, businesses should enact transparent, multilayered anti-fraud measures to help mitigate risk while still reducing payment friction and cart abandonment. With mobile sales projected to encompass 70 percent of the eCommerce market by 2022,4 it’s all the more important that businesses make the payment experience both smooth and secure.
This article was originally published on Mobile Payments Today.