Battling Mobile Wallet Fraud – More Data, Fewer Silos
November 2nd, 2015
The often-used saying, “too much information” simply does not apply when it comes to battling mobile wallet fraud.
- Mobile wallet threats will grow significantly in the next 2-3 years.
- Mobile Wallet fraud solutions will only flourish when provided with access to as much information and data as possible.
- The more data to analyse, the better: In fraud detection, there can never be too many data points to analyse and score. That couldn’t be more true when it applies to mobile wallet fraud detection, where it’s important to analyse data related to enrolment and account provisioning, tokenisation, device ID, location, customer banking history and payment patterns.
- No more siloes: Access to data is the first step, but connecting the dots between this data is even more crucial in mobile wallet fraud detection. As an example, financial institutions should be able to compare data for the device linked to an Apple Pay account to data for the device generally used for the same account in the FI’s mobile banking app. They should also be able to compare Apple Pay transactions with traditional card transactions and with other retail payments.
- Plastic & Non-Plastic Unite: As we connect the dots, the wall between ‘plastic’ and ‘non-plastic’ fraud will fall. It will become crucial to implement a “hub” that allows you to score DDA payment transactions with the context of plastic payments. The days of separating these fraud operations are numbered.
- Account takeover and card-not-present fraud detection solutions are key: Account takeover threats loom large for FIs – and that remains the case for Apple Pay and other card-based mobile wallets. Running analytics that indicate account takeover or CNP is crucial. Once a fraudster takes over an account and enrols that account on a device, they can easily begin spending in the ultimate card-not-present (CNP) scam.
- Fraud threats will differ in card-based wallets and PSD2-enabled payment apps: It’s easy to lump together wallet fraud threats. However, fraud in card-based wallets like Apple Pay and Samsung Pay will differ from threats linked to wallet apps provided by Third Party Payments (TPP) providers. Under the European Commission Payments Services Directive 2 (PSD2), FIs will be required to open APIs and allow TPPs to provide payment apps that link directly to DDA accounts. This is an important time to investigate potential fraud threats linked to those applications, as well as where the liability will lie. In considering fraud detection solutions, FIs will need the ability to separately score activity initiated in these apps.
- Device threats loom large: Regardless of the wallet type, it’s more important than ever to have a fraud strategy that includes device analytics. It’s difficult to tell how much of this device information will be available in the varying types of mobile wallets. Nevertheless, many FIs are concerned about threats, such as SIM swapping and mobile device phishing.