The festive season is upon us and most of the county is in full holiday shopping mode—from gift-buying, to restaurants and party-shopping—retailers are banking on a record-breaking season. The National Retail Federation predicts that retail sales over November and December this year—excluding automobiles, gasoline and restaurants—will increase as much as 4%, reaching upward of $682 billion. For many retailers, these last two months of the year can account for as much as 30 percent of annual revenue. And, much of this spending activity will take place on mobile devices.
The fact that mobile fraud is growing three to four times faster than fraud for brick-and-mortar-only merchants, according to LexisNexis, combined with this season’s increase in digital retail activity means a boon to retailers. But it also is “the most wonderful time of the year” for fraudsters waiting to pounce on retailers’ and consumers’ security lapses. Last year, one out of every 97 transactions during the holiday shopping season was a fraudulent attempt, according to ACI Worldwide.
Fortunately, retailers have an array of solutions available to combat increasing mobile fraud this holiday shopping season and beyond. By employing a multilayered approach to mobile security that combines device authentication with the latest user identification measures, retailers can establish maximum trust not only with their users, but also in the device being used to transact with them.
Send Passwords Packing
Passwords have been considered problematic within the information security community for a decade. The latest user identification best practices involve the use of biometrics to positively identify that users are who they say they are. The recent proliferation of fingerprint-enabled mobile devices has provided new opportunities for retailers accepting mobile payments to leverage fingerprint biometrics as a more secure means of identifying good users.
Good Things Come on Secured Devices
While biometrics offer a secure means of identifying users, the environment that the biometrics operates on must also be secured. A mobile phone has thousands of unique identifying attributes that are part of the device itself and can be used to uncover and analyze risk factors that could lead to potentially fraudulent activities. For example, a device can be scanned for malware to ensure there is no spyware or crimeware that can steal account information or credentials even after a biometric is used. Also, application validation ensures a consumer hasn’t downloaded a malicious app that has will collect consumer information. And location validation using multiple sources can ensure a location isn’t unusual for a consumer or isn’t being spoofed.
Identifying the Device Is a Critical Step
A permanent device ID is a way to identify a device using its unique attributes in order to establish the first layer of trust by fulfilling the “something you have” factor in a multifactor solution.
Establishing a device as trusted provides organizations with the confidence they need to allow good customers to transact with the least amount of friction, while at the same time, allowing institutions to consider an unknown device for a particular customer to be higher risk and potentially challenged with another authentication step, or potentially denied if other high risk indicators are present. This helps protect both the true customer and the financial institution.
Security Across the Miles
SMS and other non-secure communications sent over mobile networks are ripe for interception by criminal actors, unless properly encrypted. To prevent mobile communications from being intercepted, there must be a completely secure path to transport sensitive information that is encrypted end-to-end, digitally signed, cannot be read by any other device and is protected against replay attacks (secure communications).
If You’ve Been Good All Year Long…
Device reputation analysis involves attempting to match attributes between mobile devices accessing your systems and known users. If you can match that device with your own customer base, using a permanent identifier, then you have some insight into the correlation to the customer or the good or bad history.
And, behavioral analysis is always at the core of any fraud prevention approach. Behavioral analysis ensures the device is one typically associated with the customer, ensures the transaction activity is typical for this customer, and assumes an increased level of risk for new accounts.
These are a few of the top things retailers can implement to protect customers and themselves from financial and reputational losses associated with digital fraud, ensuring a happy holiday season and a prosperous New Year.