By year-end 2013, location information or profile information from mobile phones will be used to validate 90% of mobile transactions, according to Gartner.
Gartner said that the rapid adoption of smartphones is forcing banks, social networks and other e-commerce providers to implement the kinds of fraud detection capabilities that have become mainstream with fixed-line computing.
“Because of the improving browser experiences on smartphones, mobile commerce and transaction execution are set to increase rapidly,” said William Clark, research vice president at Gartner. “We estimate that by the end of 2013, 12.5% of all e-commerce transactions will be mobile.”
“Enterprise applications must detect fraud in these mobile environments, but fraud detection tools available today that work in fixed-line computing environments don’t work well or at all in the mobile world,” Mr. Clark said. “There are a number of methods that can be implemented to help enterprises detect fraud in the mobile space, but they are still in their early stages of development, and it will take until at least 2012 for them to transform from embryonic applications to technically mature systems that work easily and transparently across disparate mobile networks.”
“The evolution of these fraud detection tools will play a part in turning mobile commerce into location- and context-aware commerce by increasing the confidence of businesses, financial institutions and end users,” said Avivah Litan, vice president and analyst at Gartner. “This increase in confidence will help open up new possibilities for context awareness that will be richer than they are in fixed-line commerce.”
Fraud prevention methods available today to mobile applications include:
Mobile device identification — This is enabled through a JavaScript on the server that the user logs in to, which captures whatever information it can get from the user’s browser and phone, depending on whether the user is using a browser or native application. If the application is browser-based, then the JavaScript application captures whatever information it can get from the user’s browser to uniquely identify that particular user’s browser and mobile device. If the mobile application is native and residing on the mobile handset, native applications can additionally gather the phone’s serial number and network card number. This will require opt-in by the user.
Location of device — This is based on the phone’s location information independent of the browser (IP address), so the user does not have to have his or her mobile browser application open for this to work; the phone only needs to be turned on. Enterprises may want to check and correlate the location of the device relative to anything else they know about the user’s location through other systems they may interact with at the enterprise. For mobile phones, there are two architectures that are used to obtain location information: One relies on device information (e.g., using the GPS-API applications that the user must opt into); the other employs APIs provided through mobile network operators that don’t require the users to opt in to releasing this information.
Some online fraud detection vendors are starting to tune their risk scoring and/or rule-based models specifically for mobile applications — For example, some vendors are looking at the mobile device itself, the location of the phone, and the behaviour of the user inside the host application while transacting from the phone. This area is very new to the fraud detection vendors, as there is little mobile transaction experience to draw on in order to build effective risk models and scores that significantly improve on risk models that have already been built for fixed-line computing. It tries to combine some of the methods listed above, including mobile device identification and examining the location of the mobile phone in relation to other information known about the user and his/her location.
[ad name=”Google Text half banner advert “]“Given the explosive growth of smartphones and other mobile devices, the increase in mobile commerce, and the migration of fraud attacks to these devices, using mobile fraud detection in mobile commerce environments is an imperative,” Ms. Litan said. “While smartphones are a catalyst for mobile commerce, enterprises need to also consider the potential of using context information for fraud detection for nonmobile transactions by combining and correlating the location information that can now be derived from any kind of mobile phone worldwide with the other process information associated with the consumer who owns the phone.”
Gartner estimates that 70% of the largest 20 global card issuers (who authorize more than 50% of all payment card transactions) will gradually adopt mobile context information to help detect fraud on fixed-line transactions, and that by year-end 2015, more than 15% of all payment card transactions will be validated using context-aware profile information.
“Enterprises that want to remain competitive in electronic commerce over the next five years should begin exploring context-aware applications by year-end 2011, for both fraud detection and later on for customer acquisition and retention activities afforded by personalized and customized marketing and advertising information,” Mr. Clark said. “Both users and service providers should have a better and more secure experience enabled through the use of rich contextual information coming from mobile phones.”
Additional information is available in the report “Get Smart With Context-Aware Mobile Fraud Detection” which is available on Gartner’s website at http://www.gartner.com/resId=1412535.
[ad name=”Google Text half banner advert “]