News & Commentary

11:15 AM
Bryan Yurcan
Bryan Yurcan
Commentary
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Mobile Commerce: The Next Fraud Frontier

Mobile commerce continues to grow, but fraud prevention tactics in this channel need to grow at an equal pace as well.

As mobile payments and commerce become more commonplace, fraud associated with them does too, which means yet another potential security headache for banks.

As we've seen in recent weeks, even physical POS terminals are not safe from cyber attacks and fraud attempts. With the attacks targeting Target, Neiman Marcus and other major retailers last month, cyber security and fraud prevention is in the public mind more than ever right now. And this means banks must be more vigilant than in the past. If a third party, such as a retailer or vendor, gets hacked and valuable financial data gets stolen, a bank will still be partially blamed in the court of public opinion even if it was not at fault.

The next frontier in the security war may be in the realm of mobile commerce, according to a new study released this week from LexisNexis in conjunction with Javelin Strategy & Research.

The study found that more retailers than ever before accept some form of mobile payments, but rely on fewer fraud solutions in that channel. LexisNexis reports that the mobile browser and mobile applications represent the dominant acceptance channels for mobile commerce with 55 percent and 38 percent of mobile merchants accepting these channels, respectively. However, the largest growth channel is in mPOS (mobile point-of-sale) hardware; seven percent of merchants used mPOS in 2013 after no merchants reported using it in 2012. Another key segment that is growing according to the study is small merchants, with the study reporting that 39 percent say they are attracted to the mobile channel, but also that their fraud levels are high because they are less aware of fraud detection schemes.

Unfortunately, a bank can't control the fraud prevention systems retailers and other third parties have in place. So what's the answer? While there's no way to completely prevent mobile fraud, cooperation plays a big role in mitigating it. The LexisNexis study suggest that retailers accepting mobile payments should maintain open communications with financial institutions and other mobile merchants to better understand the evolving nature of fraud threats and solutions.

Meanwhile, a SWIFT whitepaper from last year says cooperation between banks, merchants and payments systems is necessary, though it can be sometimes difficult to realize these partnerships. "Not one single bank or mobile network operator covers the whole world, so there is a need for cooperation and partnerships," the paper reads. "Joint ventures between mobile network operators may not be obvious as they are very competitive on their core voice and data business. Joint ventures with banks may not be obvious as parties have different business objectives, different perspectives on revenue sharing, and different mind sets."

Ultimately, preventing fraud in any channel requires cooperation between the different stakeholders, not bickering. Cooperative efforts are needed in the new cyber security world we live in.

[See Also: Can Security Be More Than the Topic du Jour?]

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Byurcan
50%
50%
Byurcan,
User Rank: Author
2/6/2014 | 3:08:33 PM
re: Mobile Commerce: The Next Fraud Frontier
True, consumers want convenience when it comes to mobile devices, but don't also want to jump through too many security hoops.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/5/2014 | 7:33:45 PM
re: Mobile Commerce: The Next Fraud Frontier
If you look at it a certain way, securing the mobile channel shouldn't be all that difficult. I think the threats will be very similar. It's supposed to be easy to move malware form the online to the mobile space. So it's likely that fraudsters will try the same kinds of attacks in mobile that they do online, and security professionals have a lot of experience combating those attacks. The tricky part is the collaboration, like Kathy said. That's where things could get tripped up, and with the mobile space being so competitive right now, I think it's likely that there will be more than enough players who don't want to collaborate.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/5/2014 | 7:29:20 PM
re: Mobile Commerce: The Next Fraud Frontier
I hadn't heard about that. That's really scary. Happy I don't pay with the Starbucks app.
Kelly22
50%
50%
Kelly22,
User Rank: Author
2/5/2014 | 6:48:45 PM
re: Mobile Commerce: The Next Fraud Frontier
Good point, Ivy. Even if a user creates a trickier password, it won't do them much good if they use the same password on every account. Once one is hacked, the rest are vulnerable.
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
2/5/2014 | 5:02:00 PM
re: Mobile Commerce: The Next Fraud Frontier
Some of the risk associated with mobile apps could relate to consumers' passwords. Maybe users are staying with simple passwords on mobile apps because we all tend to want to get fast access/instant gratification. Not to mention, how hard it is to remember all the various mobile password apps we are using for different banks, retailers, etc.
KBurger
50%
50%
KBurger,
User Rank: Author
2/5/2014 | 4:44:27 PM
re: Mobile Commerce: The Next Fraud Frontier
To Nate's and Bryan's points, today it's more about procedures & policies than inherent technical weakness. However, as uptake of mobile commerce accelerates, as it inevitably will, it is likely to be more of a target for fraudsters -- they go where the money/action is. So the smart thing will be for all players in the mobile commerce ecosystem (mainly but not exclusively banks and retailers) to add security and fraud prevention capabilities to the payment services. Unfortunately, as the current antagonism between banks and retailers regarding responsibility for the recent card breaches suggests, that kind of collaboration is not likely to occur soon.
Byurcan
50%
50%
Byurcan,
User Rank: Author
2/5/2014 | 1:49:08 PM
re: Mobile Commerce: The Next Fraud Frontier
I don't think they are any less inherently secure, but the issue is, as you mention, users are less vigilant in this channel. People treat their smartphones in a way they never would desktops or laptops. They just want convenience, tap an app and have something happen, but are annoyed to go through any security protocols.
Kelly22
50%
50%
Kelly22,
User Rank: Author
2/4/2014 | 8:16:20 PM
re: Mobile Commerce: The Next Fraud Frontier
Retailers new and old to mobile commerce should pay more attention to security. Just last month, Starbucks had to update its mobile app with new security measures after someone found out that they were storing passwords, emails, usernames, and credit card and GPS info in plain text, which hackers can easily get to. Kind of scary, considering how many people pay with the Starbucks app.
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
2/4/2014 | 5:40:47 PM
re: Mobile Commerce: The Next Fraud Frontier
I wonder if the issue is that mobile platforms are inherently less secure, or the users are less vigilant in best practices around passwords/updates, etc. I certainly don't think these issues have to do with the wireless nature of the connections.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.