How to combat mobile commerce fraud

News
By published

Ensure your transactions are safe and secure

Your fraud checklist

"When businesses discover that their mobile fraud rate is higher than they'd like, their first instinct may be to react quickly, with 'blunt' rules that cause them to review or reject more mobile orders," says CyberSource. "This approach may enable more fraudulent orders to be identified, but there's a significant risk of catching genuine orders in the same net."

Follow these steps to protect your mobile business:

1. Distinguish your channels

As retail now uses multiple channels, it's important to track and differentiate orders from mobile channels and your business' wider e-commerce activity. These insights will enable you to see whether mobile fraud is actually increasing.

The percentage of retailers that use e-commerce tools to detect and manage mobile fraud

The percentage of retailers that use e-commerce tools to detect and manage mobile fraud (Image: CyberSource)

2. Choose the right tools

To detect and prevent mobile fraud, using the right detection tools is vital. However, many retailers simply use the same fraud prevention tools they have for their e-commerce sites for their mobile channel.

3. Analyse your chargeback channels

Fraud can be one of the main causes of chargebacks. According to a Chase Payments survey, chargebacks are highest from a PC website (36%), from mobile-enabled websites (21%) or from mobile apps (15%).

4. Use a layered approach

Fraudsters use many channels to attack their victims, so it makes sense to also have a number of security layers to protect your customers. Look at every piece of personal information and where this is stored and exposed. Ensure all Card Not Present transactions are protected at every customer facing point.

5. Pay attention to EMV

This new system is now live, which means your business must be more vigilant about potential fraud. Always use several fraud protection mechanisms to detect potential card misuse such as 3-D Secure.

6. Check your PCI compliance

The Payment Card Industry Data Security Standard (PCI DSS) has a minimum level of security that all merchants should adhere to. Check the PCI website for updates to this guidance.

7. Analyse in-app purchases

If your business uses apps, paying close attention to the analytics of your apps will reveal patterns of usage that could mean fraud. Fraud scanning services such as Maxmind can also help you identify potential fraud accounts and orders.

Conclusion

Stuart Reed, senior director of Global Product Marketing at NTT Com Security, concludes: "Have a well-defined and well-communicated incident response plan should a security breach occur in order to minimise the impact and cost of incidents – our own Global Threat Intelligence Report indicates that 74% of companies do not have an incident response plan in place."

Fraud is a fact of life for all online businesses. With m-commerce set to become even more popular than e-commerce, having strong fraud protection and prevention systems in place is a must for all businesses.

David Howell
Latest in Pro
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it
A person using a smartphone with a cybersecurity lock symbol appearing over it.
The growing threat of device code phishing and how to defend against It
Cybersecurity
Why OT security needs exposure management to break the cycle of endless patching
Latest in News
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
More about pro
An image of network security icons for a network encircling a digital blue earth.

Why multi-CDNs are going to shake up 2025
URL phishing

HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Quick move in Civ 7.

Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one
See more latest
Most Popular
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one
A green claw wraps around the carcass of a monster
Is Lagiacrus coming to Monster Hunter Wilds? Some fans are convinced, and here's why
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
Android Auto
Android Auto 14.0 is rolling out now – and it'll soon swap Google Assistant for the smarter Gemini
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it