The often-used saying, “too much information” simply does not apply when it comes to battling mobile wallet fraud.
Recently, fraud executives from a number of leading financial institutions gathered in London at our workshop, “Take the Bite out of Mobile Wallet Fraud”. The goal was to share lessons learned from the massive Apple Pay
fraud losses experienced here in the U.S., as well as to strategize fraud plans for emerging wallets, such as Samsung Pay
, Android Pay, and applications that will be enabled by the European Commission’s Payments Services Directive 2 (PSD2).
While there were a range of mobile wallet fraud concerns expressed by the group, there were two primary trends cited by nearly all of our attendees:
- Mobile wallet threats will grow significantly in the next 2-3 years.
- Mobile Wallet fraud solutions will only flourish when provided with access to as much information and data as possible.
Keying off these examples, here are six mobile wallet fraud takeaways from our conversation:
- The more data to analyse, the better: In fraud detection, there can never be too many data points to analyse and score. That couldn’t be more true when it applies to mobile wallet fraud detection, where it’s important to analyse data related to enrolment and account provisioning, tokenisation, device ID, location, customer banking history and payment patterns.
- No more siloes: Access to data is the first step, but connecting the dots between this data is even more crucial in mobile wallet fraud detection. As an example, financial institutions should be able to compare data for the device linked to an Apple Pay account to data for the device generally used for the same account in the FI’s mobile banking app. They should also be able to compare Apple Pay transactions with traditional card transactions and with other retail payments.
- Plastic & Non-Plastic Unite: As we connect the dots, the wall between ‘plastic’ and ‘non-plastic’ fraud will fall. It will become crucial to implement a “hub” that allows you to score DDA payment transactions with the context of plastic payments. The days of separating these fraud operations are numbered.
- Account takeover and card-not-present fraud detection solutions are key: Account takeover threats loom large for FIs – and that remains the case for Apple Pay and other card-based mobile wallets. Running analytics that indicate account takeover or CNP is crucial. Once a fraudster takes over an account and enrols that account on a device, they can easily begin spending in the ultimate card-not-present (CNP) scam.
- Fraud threats will differ in card-based wallets and PSD2-enabled payment apps: It’s easy to lump together wallet fraud threats. However, fraud in card-based wallets like Apple Pay and Samsung Pay will differ from threats linked to wallet apps provided by Third Party Payments (TPP) providers. Under the European Commission Payments Services Directive 2 (PSD2), FIs will be required to open APIs and allow TPPs to provide payment apps that link directly to DDA accounts. This is an important time to investigate potential fraud threats linked to those applications, as well as where the liability will lie. In considering fraud detection solutions, FIs will need the ability to separately score activity initiated in these apps.
- Device threats loom large: Regardless of the wallet type, it’s more important than ever to have a fraud strategy that includes device analytics. It’s difficult to tell how much of this device information will be available in the varying types of mobile wallets. Nevertheless, many FIs are concerned about threats, such as SIM swapping and mobile device phishing.
There is one other important aspect to success in fighting mobile fraud -- collaborative sharing among financial institutions should be a “must”. In tackling threats, it is essential that FIs begin to share information much more efficiently. However, some of the providers are preventing that critical “next step.”
Until now, Apple has successfully kept participating banks from comparing notes under strict non-disclosure agreements – and it’s likely that Samsung Pay will place FIs in the same position. In the U.S., it was precisely this void of communication and collaboration that lead to massive fraud losses at many financial institutions.
I’d like to see some of these barriers eased. We all have the same common enemy -- the fraudster, and we should be working more closely together on behalf of customers to stem fraud in the mobile space.