European mobile payment users triple from last year as consumers pay via smartphone, tablet or wearable
Robert Capps, VP of business development atNuData Security
Payments made via mobile devices are ever increasing, says Robert Capps, VP of business development at NuData Security.
In the United States, for example, mobile payments are expected to total US$90 billion by 2017, according to Forrester Research. With the near-ubiquity of mobile devices, banks are under pressure to come out with their own mobile banking apps, but security fears abound.
While most mobile applications really are just the front end of web applications, mobile apps hold a plethora of personally identifiable information (PII), hold many credit card details, addresses and more, raising concerns about security. Concerns around legitimate applications passing data to other applications in an unauthorised manner are gaining more attention. A single PIN number or a spoofable fingerprint unlocking all of the stored accounts, allowing much greater exposure is another possible drawback.
With a company’s brand reputation and customer loyalty on the line, it is in every institution’s best interest to secure payments through their mobile wallets? The key is trusting the used based on behaviour and not on single point solutions. We’ve relied too long on device identification, data element matching and static usernames and passwords to define legitimate access.
Having all these elements match up in an account application, login or transaction does not mean that interaction is safe and inversely, having anything fail to match up should not remove all faith that an interaction is valid. Attempts to add dynamic elements, like one-time passwords and SMS text messages, to the authentication equation have traditionally met consumer confusion, backlash, and rejection. It simply adds too much friction.
Deploying advanced user behavioural analytics allows organisations to detect good users more accurately while improving customer experience. Tracking behavioural patterns shows who the real users are, and when it comes to fraud attempts banks and payment providers can leverage that same information to identify bad actors.Â
How does behavioural analytics work?
By focusing on observed characteristics of who the user is it profiles users and accounts through their lifecycle across multiple channels. This empowers two key capabilities; firstly, it enables risk managers to detect and respond to risk sooner, reducing the chance of financial loss. Secondly, when the user does reach a transaction point, fraud managers have the full context of their previous behaviours to make a better decision on the transaction.
To collect all these observed characteristics, non-PII networks analyse billions of transactions, creating a store of anonymous identities that are categorised as either good or risky users. These identities remain completely anonymous, adhering to privacy laws. Utilising this, a bank is provided an early warning system, alerting them when a user is behaving badly, even if it is the first time the user is approaching their site.
User behaviour analytics can help answer bigger questions, such as:
- How did the user behave previously when they logged in? Are they behaving the same now?
- Is this ‘user’ creating a fraudulent mobile wallet with stolen account information?
- Is their behaviour repeated? If the behaviour is the same every time, perhaps it is a good user. But if it’s the same behaviour that 1,000 users are all repeating, it could indicate the creation of bogus accounts with stolen credit card data.
Observing user behaviour in detail enables the best chance of beating fraud. There are at least 20 mobile wallet systems currently in use, according to a study from the Carlisle & Gallagher Group, expanding the threat landscape significantly. Relying on a single layer of defence is always going to end badly.
Profiling across multiple channels, and using analysis from billions of transactions, provides the insight needed to more accurately detect mobile wallet fraud. Behavioural analytics offers the insight organisations needed to protect themselves and their customers from fraudulent activity.
 The author of this blog is Robert Capps, VP of business development at NuData Security.
Comment on this article below or via Twitter @IoTGN