Detecting Fraud in the Mobile Wallets Era

by Ryan Wilk 0

Attitudes about mobile wallets are changing quickly. A recent Harris Poll revealed that approximately six in 10 Americans anticipate that tap-to-pay smartphones will eventually replace payment cards and cash transactions at some point. Specifically, three in 10 respondents believe these transactions will replace credit/debit cards in the next five years, and roughly one-quarter of Americans believe they will replace cash within that timeframe.

Two kinds of mobile payments are currently in use. One works through contactless technologies such as Near Field Communication (NFC) built into mobile phones. In the case of contactless technologies, the payment traverses the merchant’s POS system and the relevant payment-processing environment, not relying on the mobile carrier’s network.

The other kind is a mobile application (mobile wallet) that allows payment to be processed through the mobile carrier’s network, as is the case with banks. A mobile wallet has several key components including the ability to provision account information, payment origination and payment processing.

As the world has gone mobile, financial institutions realize that they need to come out with their own mobile banking apps, but security fears abound.

Security a Primary Concern
A more mobile world has created a less secure world. Because mobile apps currently hold many and varied credit card details, concerns about security prevail. These valid concerns include loss of privacy, loss of security around financial transactions, data loss and the perception of insecurity. Legitimate applications passing user data to other applications or third parties in an unauthorized manner is gaining more attention in the public arena – as it should. In addition, a possible drawback to the mobile wallet and secure element solution is that a single pin unlocks all of the accounts stored in the wallet, resulting in much greater exposure.

Banks that are able to pull off mobile payment systems that can offer money-saving incentives while easing security fears and promoting widespread acceptance of mobile wallets may see more customers embrace them.

Examining User Behavior to Fight Fraud
How can institutions secure payments via mobile wallets – especially when the company’s bottom line, brand reputation and customer loyalty are on the line? They need to really trust the user behind the device by verifying the user based on behavior. Deploying advanced user behavioral analytics will allow the organization to detect genuine “good” users more accurately and improve the customer experience. Tracking behavioral patterns lets you learn who the real user is behind the wallet, from the kind of device they use to even detecting behavioral anomalies over time. When it comes to fraud attempts, banks can leverage that same information to quickly spot bad actors attempting to cycle stolen card details.

Behavioral analytics zeroes in on observed user characteristics rather than relying on who the user tells you they are. It continuously profiles users and accounts through their entire lifecycle across multiple channels, including desktop and mobile Web and native apps. Continuously profiling users’ behavior empowers two key capabilities. First, it enables risk managers to detect and respond to risk sooner, reducing the chance of financial loss. Second, when the user does reach a transaction point, fraud managers have full context of all their previous actions and behavior to make a better decision on the transaction.

Non-PII networks analyze billions of transactions, including user behaviors, to create a store of anonymous identities that are categorized as good users and riskier users. These identities remain completely anonymous and adhere to stringent privacy laws. With this collection of identities, a bank is provided an early warning system that is able to alert them when a user is behaving “badly” approaches, even if it is the first time the user is approaching one of their sites.

Understanding the difference between good and risky users can help keep fraud at bay by
answering bigger questions, such as: