Eliminating mobile fraud with biometric authentication
This is a guest post by DJ Murphy, editor-in-chief of Card Not Present.
Merchants are investing heavily in mobile commerce based on consumer demand to shop whenever, wherever and on any device accessible to them – calling greater attention to the intricacies of mobile transactions and payments. Smartphones were found to have contributed to more than $1 trillion of total U.S. retail sales, according to Forrester researchers. So it’s no surprise that many brands are relying on mobile to drive profitability – one-third of merchants anticipate mobile purchases to make up at least half of their total revenue by 2020.
Merchants need to be aware, however, that they are not the only ones looking to profit from mobile. Scammers are taking advantage of the sharp increase in mobile commerce transactions to take over user accounts and conduct fraud.
Fraudsters target mobile commerce using various attack vectors. Often, their illegal access starts with phishing — sending highly sophisticated emails or using other communication channels to masquerade as reputable companies asking for access to bank accounts or financial information. When on a mobile device, if a victim opens a phishing email and inputs their personal information as prompted, the fraudster is given full access to the user’s account, which they can monetize in any number of ways.
Unlike traditional online transactions via a computer or laptop, mobile devices have more elements associated with them that retailers could use to make authentication more precise – including device ID and transaction location (e.g. via a web browser on a mobile device or a mobile app) – but few currently do. Anti-fraud professionals are only now starting to realize that fraud perpetrated via mobile is significantly different than the fraud they face on their traditional e-commerce sites, and, as a result, requires a different set of protections.
Biometric tools as a solution to prevent mobile fraud
Biometric security technology is an effective way to quickly identify scammers and eliminate mobile fraud. By applying biometrics protections to mobile, organizations can identify when the customer is legitimate through physiological characteristics unique to each individual.
Biometric tools are classified into two categories: physical and behavioral. Physical biometrics include fingerprints, iris recognition and voice prints, while behavioral biometric tech identifies the patterns in how people interact with their devices. One of the most common physical biometric methods used today is Apple Pay’s authentication through TouchID or FaceID. Behavioral biometrics, on the other hand, use advanced analytics to identify patterns in how an individual types and touches the screen.
Both physical and behavioral biometrics can be applied as authentication methods for card-not-present (CNP) transactions and provide the strong layer of defense that is needed to protect against mobile fraud. When both biometric technologies work together, it makes it even more difficult for fraudsters to mimic customers.
As the mobile commerce landscape continues to grow, merchants must first understand its security risks and not make the mistake of thinking that traditional e-commerce protections will suffice. Mobile is a unique channel, and therefore requires unique solutions. And while there are a handful of methods to prevent mobile fraud, fraud fighters would be keen to consider biometric authentication protections to protect their bottom line.
About the author
D.J. Murphy is editor-in-chief for Card Not Present and also oversees programming for CNP Expo, a leading event for the card not present industry.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.