Yahoo Stores features ‘automatic’ PCI compliance for secure payments, among other options.
Retailers must adjust the rules for m-commerce, one expert advises.
As consumer affinity for buying through their mobile phones grows, so, too, will the threat of criminal activity against retailers selling their wares via smartphones, says Alisdair Faulkner, chief products officer at ThreatMetrix, a fraud-prevention services provider.
Retailers are well versed in employing technologies to reduce their e-commerce risk, but some have yet to deploy similar preventive measures for their m-commerce sites, Faulkner says. One reason is that for many retailers this holiday shopping season is their first selling via mobile. Mobile sales comprised 6.6% of online purchases on Cyber Monday, up from 2.3% in 2010, according to Coremetrics, an IBM company.
Another reason retailers may be behind in addressing mobile fraud is that they are just learning that consumer behavior is different on mobile devices compared with e-commerce sites. “Fraud detection is about detecting what’s out of pattern,” Faulkner says. “But you first need to know what that pattern is.”
Mobile transactions tend to address immediate needs, he says. For example, a traveler may need to make a last-minute airline ticket purchase.
So preventative measures designed for e-commerce sites, such as device identity and Internet protocol (IP) geolocation, which lets online retailers see the shopper’s location, may not work as effectively for mobile commerce transactions, Faulkner says.
The dilemma for retailers relying on IP geolocation as a tool is that the web address used by a smartphone changes continuously, he says. Unlike desktop computers, which typically have designated web addresses, mobile devices use many addresses as the wireless carrier allocates its data bandwidth among its subscribers. “For example, with [online music service] Pandora, I live in San Francisco, but I get mobile ads from companies in Los Angeles,” Faulkner says.
Emulation is another potential threat. Criminals might be able to make a desktop computer emulate a mobile device, and, depending on a retailer’s rules, conduct what looks like a mobile transaction, one that might have been flagged had the retailer’s systems been able to tell the transaction actually was coming from a desktop computer, Faulkner says. Criminals may also hope to take advantage of retailers that have separate fraud prevention systems for their m-commerce and e-commerce platforms, he adds, and may fail to recognize trends that would be apparent if the retailer could see transactions from both sites.
Ideally, a close examination of customer behavior at a retailer’s m-commerce site can help establish patterns that will help the retailer identify appropriate fraud prevention measures, he says. A retailer may find mobile transactions have higher than average tickets or better conversion rates. Identifying these kinds of metrics can help retailers lay the groundwork for m-commerce fraud prevention rules, he explains.
“Look at how your existing fraud rules screen the existing mobile transactions,” he says Make sure those rules are applicable to how consumers use mobile devices to shop on a site, he adds.