By the end of 2013, location information or profile information from mobile phones will be used to validate 90% of mobile transactions, according to Gartner.
It explains that the rapid adoption of smartphones is forcing banks, social networks and other e-commerce providers to implement the kinds of fraud detection capabilities that have entered the mainstream with fixed-line computing.
"Because of the improving browser experiences on smartphones, mobile commerce and transaction execution are set to increase rapidly," says William Clark, research vice-president at Gartner. "We estimate that by the end of 2013, 12.5% of all e-commerce transactions will be mobile."
Context awareness
Because of this, says Gartner, the use of mobile fraud detection in mobile commerce environments is imperative.
"Enterprise applications must detect fraud in these mobile environments, but fraud detection tools available today that work in fixed-line computing environments don't work well or at all in the mobile world," says Clark.
He adds there are a number of methods that can be implemented to help organisations detect fraud in the mobile space, but they are still in their early stages of development. It will take until at least 2012 for them to transform from embryonic applications to technically mature systems that work easily and transparently across disparate mobile networks, says Clark.
"The evolution of these fraud detection tools will play a part in turning mobile commerce into location- and context-aware commerce by increasing the confidence of businesses, financial institutions and end-users," says Avivah Litan, Gartner vice-president.
She explains that this increase in confidence will help open up new possibilities for context awareness that will be richer than they are in fixed-line commerce.
Fraud prevention
According to Gartner, some available fraud prevention methods that are relevant for mobile applications are mobile device identification and location of device.
The firm explains that mobile device identificationis enabled through a JavaScript on the server that the user logs in to, which captures whatever information it can get from the user's browser and phone, depending on whether they're using a browser or native application.
“If the application is browser-based,then the JavaScript application captures whatever information it can get from the user's browser to uniquely identify that particular user's browser and mobile device.
“If the mobile application is native and residing on the mobile handset, native applications can additionally gather the phone's serial number and network card number. This will require opt-in by the user.”
Location of deviceis based on the phone's location information independent of the browser (IP address), so the user does not have to have his or her mobile browser application open for this to work; the phone only needs to be turned on, according to Gartner.
“Organisations may want to check and correlate the location of the device relative to anything else they know about the user's location through other systems they may interact with at the enterprise.
“For mobile phones, there are two architectures that are used to obtain location information: One relies on device information; the other employs APIs [application programming interface] provided through mobile network operators that don't require the users to opt in to releasing this information.”
Combining detection
Gartner adds that some online fraud detection vendors are starting to tune their risk scoring and rule-based models specifically for mobile applications.
“For example, some vendors are looking at the mobile device itself, the location of the phone, and the behaviour of the user inside the host application, while transacting from the phone.
“This area is very new to the fraud detection vendors, as there is little mobile transaction experience to draw on in order to build effective risk models and scores that significantly improve on risk models that have already been built for fixed-line computing.”
It tries to combine the methods listed above - mobile device identification and examining the location of the mobile phone - in relation to other information known about the user and their location, explains Gartner.
"While smartphones are a catalyst for mobile commerce, enterprises need to also consider the potential of using context information for fraud detection for non-mobile transactions by combining and correlating the location information that can now be derived from any kind of mobile phone worldwide with the other process information associated with the consumer who owns the phone," says Litan.
Gartner estimates that 70% of the largest 20 global card issuers - who authorise more than 50% of all payment card transactions - will gradually adopt mobile context information to help detect fraud on fixed-line transactions, and that by the end of 2015, more than 15% of all payment card transactions will be validated using context-aware profile information.
Share