How to combat mobile commerce fraud

Ensure your transactions are safe and secure

It s important to consider the security of payments

By the end of 2013 there will be over 30 million smartphone users in the UK according to eMarketer, while Apple says it has sold 170 million iPads to date.

All of these mobile devices fuel the rapidly expanding m-commerce channel that successful businesses need to take advantage of.

And yet, the Global Online Shopper report from WorldPay revealed that nearly 40% of mobile shoppers are concerned about the security of their payments.

Fraud affects one in four businesses every year at an estimated cost of £19 billion with cyber crime costing the small business sector alone £785 million according to the Federation of Small businesses (FSB). For small business owners that may have several retail channels to reach their customers, smartphones and tablets are the next battleground for fraud prevention.

James Brokenshire, MP Parliamentary Under Secretary for Crime and Security, Home Office, said: "Cyber security is a crucial part of the Government's National Cyber Security Strategy and we need to make sure that all businesses, large and small are engaged in implementing appropriate prevention measures in their business."

Peer 1 Hosting's Head of Retail, Roland Breadner told TechRadar: "It is vital that small businesses pay attention to online fraud, particularly if they expect to grow and develop into a trusted e-commerce provider. One instance of fraud can permanently damage the company reputation and ruin customer credibility. Credit card security is under constant attack. If you're selling online then you have a responsibility to protect your customers from fraud."

For small businesses looking at the meteoric growth of m-commerce, it can be tempting to quickly develop a mobile store ignoring the due diligence that is needed to ensure transactions are safe and secure. Says Osca St Marthe, UK&I Senior Director for Information Security at McAfee:

"Just as business owners offer a range of 'software as-a-service', this trend has now reached the illegal cyber trade, with criminals offering cybercrime-as-a-service. As with any business, cyber criminals require a place to promote their services and many are choosing the forums and comment sections of small business websites to do this."

McAfee offer this advice to small businesses to protect their transactions from fraud:

  • Get tech smart - Keep up to speed with industry advancements in technology, trends and regulation updates
  • Don't fall into the anti-virus trap - Anti-virus software is not the be all and end all security suitable solution for a growing business handling customer data on a daily basis. A holistic security strategy that aligns to your business needs with customer protection is crucial.
  • Be secure. Look secure - Once your business' security is guaranteed, prove it to your customers. Appearance is everything in the online world.
  • With trust comes custom - Gaining customer confidence is key. A clear sign that their personal data will be safe in your hands – such as a secure logo on your homepage – can help achieve this.

Says Martina King, CEO, Featurespace "Although mobile does have inherent risk, overall its impact on fraud prevention is very positive—given small businesses have the right tools in place. What mobile offers over any other payment method is a far wider range of data points related to a transaction: information like location data, multi-step authentication, and most recently—with Apple, for example—device biometrics."

There's an app for that

Businesses that already have an online presence should support Payment Card Industry Data Security Standard (PCI DSS) for online payments. The additional security layer that 3-D Secure also offers to protect electronic payments is now coming to mobile.

The Mobile 3-D Secure specification extends payment authentication initiatives into mobile commerce, enabling Visa card issuers to validate the identity of their cardholders in real time. It ensures that payment data sent over open networks is not compromised and allows consumers to actively protect their Visa accounts from unauthorised use when shopping on-line over mobile devices.

"While the vast majority of Internet transactions still take place via PCs, it is essential that a secure standard be in place for transactions that originate from mobile phones or other mobile devices," said Philip Yen, Executive Vice President, e-Visa International.

"Consumers need to feel the same sense of security when they shop online using a mobile phone as when they shop in the physical world." Also from WorldPay is their Mobile Payment Pages service that offers small businesses a secure payment gateway when using a website optimized for mobile.

Contactless payments
Contactless payments are getting more prevalent

Every business knows how powerful the app economy has become, but few businesses appreciate the security aspects of using apps for purchases. Indeed, according to McAfee, one in six app downloads contains some form of malware.

We spoke to Mark Carter, VP Product Mobile at Skrill: "In general, the new risks that mobile commerce introduces are rogue mobile apps, mobile malware and the simple fact that mobile devices are easily lost or stolen. These risks need to be considered for the mobile payment channel of any online business and its fraud prevention measures need to be improved accordingly."

For small businesses in particular m-commerce offers an opportunity to eclipse the potential income from their e-commerce sites. Consumers are increasingly shopping with their mobile devices, but concern about security is still a clear and present danger. Using systems like mobile 3-D Secure or the secure mobile gateways from other payment service providers will ensure your business and its customers stay secure.