Fraud hasn’t hit the mobile channel hard yet, but industry experts expect that it will as mobile adoption and mobile payments capabilities increase. The industry seems to be heeding the experts’ warning as many solutions and strategies are being discussed here at BAI payments connect to address the coming wave of mobile fraud.
“Banks and vendors are being proactive [about mobile fraud]. At least for the online [fraud] experience they know to strategize before mobile fraud hits,” Michael Braatz, senior vice president and product line manager at ACI Worldwide, said in an interview yesterday.
Fraudsters have already developed means to attack mobile devices. “These [mobile devices] are being targeted. We’re seeing Zeus, Citadel and other malware making their way to mobile. We need to get the word out and develop anti-malware software [for mobile],” Al Pascual, senior analyst for security, risk and fraud at Javelin Research and Strategy, said during a panel session Monday morning about the top issues in mobile fraud. Pascual urged that more anti-malware software needs to be developed for mobile devices, particularly for iOS, which doesn’t have anti-malware available for its devices. Pascual also said that geo-location tracking gives banks a technology they can use - and that customers are comfortable with - to prevent fraud. “When customers know that [geo-location tracking] will make them safer, they like it. There is value there for mobile commerce and mobile wallets,” Pascual noted.
Voice biometrics have also been talked about a great deal during the conference as a means to counter criminals. “Voice in our opinion is the best biometric [defense],” John Petersen, global head of business development for Validsoft, an authentication solutions provider, said yesterday in an interview. “It’s the only biometric that works across all channels, including the call center.” Validsoft showed off its own biometric authentication method for mobile at the conference. Petersen explained that its very difficult for fraudsters to break a voice biometric. If they try to replay a recording of the customers voice, the frequency of the recording drops, which Validsoft’s system can detect. And the company has built a voice blacklist of known fraudsters that they can check a customer’s voice against to verify the customer is not a known fraudster.
Validsoft has partnered with Spindle, a mobile wallet provider, to use this technology to ensure secure enrollment in mobile wallets. Many mobile wallet solutions don’t have secure enrollment processes, Petersen said, meaning there is no way they can know if it is really the customer who is attaching their card to the digital wallet, and not a fraudster.
As data and analytics have emerged as a major tool in the fight against online fraud, they can be used in the mobile channel as well. Banks should look to use the same transaction monitoring strategies they use now online to protect their mobile customers, said Tiffany Riley, VP of marketing for Guardian Analytics, which uses big data and analytics in its solutions for monitoring online transactions. “You can’t totally rely on [securing] the device. You can’t totally lock down the device,” she explained. “A lot of best practices from online banking apply to mobile. Banks need to build a strategy accordingly to monitor behavior.”
Many options and capabilities are being discussed to secure mobile against fraud in the future. Banks can’t afford to wait on the sideline for fraudsters to migrate to fraud, Rilely said: “Mobile fraud will come hard and fast. You have to be proactive in developing the ability to react to that.”