HOSTED BY: Ryan McEndarfer, Editor-in-chief at PaymentsJournal.com
I know you’ve recently come off the Kount’s Fraud 360 Tour. Can you give our audience an overview of what that is?
Don Bush, VP, Marketing at Kount, Inc
Certainly. One of the things that we found out years ago is that fraud and fraud mitigation is not one of those things people learn in school. You don’t come out of school with a degree in fraud mitigation or fraud detection. It’s one of those things you learn on the job really, which makes it difficult. What we started about four years ago is what we call the Payments and Fraud 360 World Tour. We go to cities all around the world from Shanghai to Sydney to London to Chicago. What it really does is trains people or at least educates people on what are the fraudsters and the cybercriminals up to out there. Unless you know what they’re doing, it’s really hard to detect and stop them and so we put this tour in place with several of our partners that talk about fraud and payments and fraud and other areas of business and what are some of the best practices, and then of course, we have a great Q&A session. We see literally hundreds of merchants every year. I think so far this year we’ve seen about 1,200 and before the year is over, we’ll probably see another 400 or 500, see what they’re dealing with and try and help them in their quest to overcome the fraudsters.
Now jumping back to the mobile commerce side of things, I’m interested to get your point of view on what’s the state of mobile commerce today.
Don Bush, VP, Marketing at Kount, Inc
It’s interesting because it’s in flux. It really is. I know everything’s going mobile today and everybody feels like mobile is moving ahead so rapidly. I think the adoption by consumers has far outpaced the adoption by the merchants or the folks online as far as getting ready and providing a good customer experience. And then of course the caboose of all that is to make sure it’s all secure, that we’re not doing things that leave us open to fraud and other things that are risky behavior. But merchants are coming along. We’ve seen, doing this survey for six or seven years, quite a change in their adoption, in their use of mobile. We see an awful lot of people going from the mobile browser to a mobile app. But we still see some areas for dramatic improvement. That would be in payments and fraud mitigation, making things easier for the consumer, to act and interact with customers, in the mobile commerce space.
As we know, the world is flattening and it really has never been easier to do commerce on a global scale. Talk to us about organizations in the support for international payments.
Don Bush, VP, Marketing at Kount, Inc
It’s a great question because by virtue of being online you are international. Anybody in the world can see your site, see your goods or services. It’s very similar with mobile. In fact what might surprise many folks in the North America region is how much greater adoption is in other regions of the world on mobile. When you go to Europe, when you go to Asia, when you go to Australia, and other places, the adoption of mobile as a way of doing business is higher. They expect more when they go to a mobile site or use an app. And if you haven’t looked at those things or pay attention to that, it might look like you’re a little backward. The other thing that comes into play is things like payments. If you think the payment type in Japan is the same as the payment type in China. There is a little body of water between them, but the way they act, the way they interact the customary trends, the way they choose to make payments and make purchases are vastly different. We’ve got to be aware of those things in order to service those markets as we go abroad. The last portion of that, I would say, is the fraud element. We’ve rapidly moved into the mobile space. We’ve rapidly gone from browsing to buying, and now we’ve got to take it from buying to optimized buying, In doing that, moving that quickly, sometimes we don’t pay as much attention to fraud mitigation as we should, and that leaves some opportunities for criminals and cyber games and other hackers to get into our websites or do some bad things with stuff they’ve stolen online and so forth. So we really have to pay attention to those things as we move across international borders.
I’m glad that you brought up the point. From a consumer’s perspective that if you really keep your mobile house, so to speak, in order, you can almost kind of seem a little bit backward to consumers here. But being a web developer myself, I understand the mobile commerce isn’t currently at this stage. We can’t just flip the light switch on and make money. So can you talk about some of the challenges that are present in the mobile channel space?
Don Bush, VP, Marketing at Kount, Inc
Certainly. The biggest challenge you’ve got is that mobile incorporates tablets and smartphones and game players. It’s a wide variety when you say mobile, but I’m going to speak mostly to the thing that is used most often–the smartphone. One of the biggest constraints is that I’ve got a screen that’s 3” by 5” or maybe 4” by 6”. As a merchant online, I’ve got to put all the relevant information to give a consumer what they need for information for pricing, for delivery, availability, all the different SKUs, and I’ve got to make it really easy for them. You’ve been to a site where you go, “Okay, I want it, but how do I buy it now?” That’s not a great consumer experience. So that’s the first part. The second part is once I get to the buying stage. Think about this for a second in 2017, my numbers are directionally correct not exact, but there’s about 22 new payment types introduced to the market. Well if I’m making a purchase on a smartphone, I can’t have 50 logos of different payment types that we accept. It would be ridiculous and confusing and not a great experience. And so merchants online have to decide: “What are going to be the best ways for my customers to pay me, and I expose those. Is it Visa, Mastercard, PayPal, Apple Pay, Google? What are the different wallets out there?” I can have three or four options, and they better be the ones that consumers expect and there’s still a lot of friction because there’s so many new payment types coming into the market and Bitcoin–should I have Bitcoin as one of the options for people to pay? Merchants need to make their decisions and hope they’re right, but there’s a lot of fluctuation as I said. Who’s going to be the winner in those payment methods. And then the last part of that is again the fraud area. If I’m not doing things right, I can leave myself exposed. Many consumers look at this and say, “Hey, there’s a thumb scanner on my phone. So it’s safe.” And sometimes they don’t take as many precautions as they should, don’t change their passwords when they should, don’t do other things. Well fraudsters get that information. They steal it. There’s data breaches all over the world. Data is available and that can be used on mobile or mobile devices, on legacy machines. So sometimes we’re not as up to date on risk assessment in such a fast-moving market, I guess is my point here.
In the recent report that Kount issued on the state of mobile commerce. Can you talk me through what’s being covered in the report as it relates to the subject of fraud and mobile commerce?
Don Bush, VP, Marketing at Kount, Inc
We had about 800 folks respond to our survey and we broke that down by industry by revenue band so that a merchant in almost any industry and any revenue band can look and see how they’re doing in their particular market. Say I sell apparel. I may have a $5–10 million apparel sales organization. I can look at that and see how I stack up against my industry. How are my benchmarks? Am I doing better? Am I doing worse? That’s one thing that we wanted to make sure that merchants could compare and see how they’re doing against their marketplace, their industry. The second thing is to give folks an idea of what tools are being used today to help mitigate fraud and then some areas where we could really use some improvement. I’ll give you a couple of examples of that. On a credit card on the back of your credit card, there’s that three-digit code that’s supposed to be super-secret that nobody else knows and certainly fraudsters don’t know, right? That’s one of the most prevalent tools that merchants use as a fraud mitigation tool. Well, it’s almost useless as a fraud mitigation. Cool, because when I buy stolen credit cards, I also buy the stolen credit card number and the secret code on the back. We look at that and ran several million transactions that turned out to be fraud and found that about 98.7% of them had an accurate what’s called a CVV or a card verification value code and that’s still one of the most prevalent tools out there. Well, if that’s what you’re using for fraud mitigation, you’re wide open to fraud. You’re going to have problems. Another area that is shown here is a lot of online retailers what they did last year, the year before, to mitigate fraud is the same thing they’re doing today. So they may not be able to detect whether it’s a mobile device or a laptop that is interacting with them. If I can’t tell the type of device that’s interacting with me, I can’t use the data properly to mitigate fraud. It’s a huge area of concern because every device has different signals, provides different data, has different behavioral trends, different user behaviors, and so forth. If I don’t have that information, I can’t use it to determine the authenticity of this transaction.
And so as we look at some of these things, what we’re trying to do is show merchants where they are, where things are going, what tools might be better than other tools. And to get them moving along. I always say this, I say it at Fraud 360 tour, I say this to merchants all the time: “What you did last year for fraud mitigation is not good enough for this year–those fraudsters move too quickly. They are too smart, they’re too sophisticated, too well networked, for you to think that what you did a year ago is going to be okay for today.” [If I’m a merchant,] that’s got to be one of those things where I’m very vigilant in making sure that I’m looking at the latest trends, updating things as I need to, and making sure that my policies are mitigating fraud are up to date right now.
To follow up, what are some of those specific suggestions that you are giving to merchants, on what they can do to prevent mobile fraud?
Don Bush, VP, Marketing at Kount, Inc
A couple of things that are the best things: We run into merchants all the time. I have them raise their hands at our 360 events, and I say, “When was the last time that you went on your own website or through your own app and made a purchase?” And oftentimes the folks over in Payments or over in Fraud Management or the Finance area or IT where this stuff falls don’t do that on a regular basis. What we want them to do is we want them to see what their consumer sees. We want them to see what the fraudster sees because oftentimes that will reveal weaknesses in their system. The second part of that is if you haven’t gone through and optimized for mobile–I’ll give you another good example. You’ve probably run into this yourself. You go to make a payment and it says enter your credit card number and it gives you a qwerty keyboard and what that means is you’ve got to shift over to the number keyboard with the numbers are across the top. It’s kind of kludgy. If I’m asking for a credit card number, why not just display the number pad and make it very easy for consumers to put in that data? Those types of things trip up consumers, but they also tell fraudsters [the merchant] may not be using the latest technology if they’re still doing things this way. The other area that we say is “Audit yourself. Look at what’s changing. How many transactions do you get through your mobile channel versus I call it the legacy channel? What does a normal transaction look like? What did they buy on Tuesday? Did they buy $50 worth of stuff? Do they buy socks when they buy shoes? Do they use a credit card or a PayPal account? What’s the normal type of activity that you see on your particular site or your particular business?” Because if you don’t know what normal activity looks like, you really don’t know what abnormal activity looks like. And that’s a very easy thing for a merchant to go do a little bit of their own research on their own site so they can look at “Hey, what do we think is normal? What do we think is abnormal?” And those are some things we can help mitigate as we go through here. There’s little tips like that. Talk to your payment service provider. They often have fraud mitigation tools that either you’re not using or you’re not optimizing. They can be a great help. If they’re not helpful to you, I would go ahead and talk to a fraud service provider that can help and give you an ROI and show you where there’s some holes in your system and make sure that you’re plugging those things.
So I can understand here: It almost sounds like you’re saying, look there really is a two-step process here. Step one is you need to review your data and then you need to actually test what that experience is. As you were pointing out, sometimes that’ll literally show you here’s where there’s the potential for fraud. Okay, here are the holes that you need to plug. But then after you do that, don’t stop there. You’ve got to go back and review the data again, and then retest again and have this be a continuing cycle throughout the entire life of the merchant so to speak.
Don Bush, VP, Marketing at Kount, Inc
Absolutely. When you look at how fast these frauds are moving. Think of these fraudsters as another corporation. They may be doing things bad and illegal and disruptive, but they’re smart. Some of the software we see that is designed to break through and steal from merchants online and mobile apps and things like that, they’re in their second, third, fourth, fifth, seventh version of it. They don’t sit back on their heels and say, “Gosh, what we did last year is good enough for this year.” They continually develop, continually innovate what they do to try and break through those fraud defenses. So really what you said about that continuous cycle is absolutely correct. Look at that like you look at a financial audit of your business. The reason you do a financial audit is to make sure that your business is healthy that you are making money where you should be making and where you can mitigate losses. If you’re losing money in different places, do same thing with fraud. Look at that as though you look at finances. Where do I have problems? Where do I have losses? Where do I have places I can optimize. If you do that on a regular basis, you’ll be leaped ahead of what the fraudsters are doing and protect your own business.
Right now before we wrap up here. What are some of the main takeaways that you would like our audience to think about and know when they’re thinking about mobile commerce?
Don Bush, VP, Marketing at Kount, Inc
Depending on the industry, mobile commerce can be an enormous area of revenue growth because of the acceptance of the platform not only in the U.S. or North America but worldwide. You’ve got a great opportunity to maybe do some leapfrogging of your competition. Figure out how you’re going to do things in Europe. Figure out how you want to do things in Asia. The mobile platforms are already accepted there. If you follow the best practices in the trends, you could be ahead in your marketplace. The second thing is like we said, do that continual checking of the borders, continual looking at “Am I doing the best things to mitigate fraud?” Look at mitigating fraud as an opportunity to drive a higher revenue. What typically happens is merchants that don’t have good systems turn down orders that may look suspicious but they’re are absolutely valid. By having a good fraud mitigation system in place, you accept more of those orders and your revenue continues to increase instead of being stymied by that suspicion that “I can’t say whether it’s good or bad.” So continually looking at things. The last thing is, just because I have a mobile app doesn’t mean that app is secure. There’s still things that you’ve got to look at on an app if you want to, say, download the Dunkin Donuts app and prepay and pick up in store. Got to make sure that that app is made securely. So it’s still gives the customer a great experience. The payment gets through uninterrupted and the fraudsters are thwarted at the door, and that’s some of the main takeaways that we throw out there.
