While accepting mobile payments offers a wide range of benefits to customers and can help you improve your sales, the reality is that it comes with some risks attached.
Criminals are taking advantage of the new fraud opportunities that mobile commerce has created. As a business owner, you should try your best to remain aware of these new risks and do all you can to mitigate them.
I've done all the required research and tried out several methods myself in order to secure my own small business. Based on my experience, I compiled a list of things you need to look out for as well as tips to help you stay safe.
What Are Mobile Payments?
The term ‘mobile payments’ refers broadly to any type of payment made from a mobile phone, smartwatch, or tablet – whether to purchase goods or services from a business or simply to send money to another person.
A mobile payment can occur anywhere from at a brick-and-mortar store to pay for goods, to remotely buying products from an online store.
These are the five most common forms of mobile payments:
- Mobile wallet apps: Mobile wallet apps like Google Pay, Apple Pay, and Samsung Pay work by having customers link the app to their credit card or bank account. Once linked, customers can pay for purchases using their mobile devices – both online and in-store at retailers that have NFC receivers.
- Carrier payments: Carrier payments refer to a situation when a customer makes a payment through their mobile network provider, by calling or sending an SMS to a specific phone number. This method is less popular since the rise of smartphones, however, it’s still commonly used in certain developing countries where smartphones aren’t as widespread.
- Mobile ecommerce: Mcommerce is an umbrella term that refers to any transaction made on a mobile device. Manually entering card details for a purchase on a mobile browser, paying for a service via SMS, and paying for an online purchase using a mobile wallet app are all examples of mcommerce.
- Mobile device as a payment terminal: When paired with a wireless card reading device, retailers can take in-person card payments from customers using their mobile phones as a payment terminal. This is sometimes referred to as a mobile point-of-sale – or mPOS – arrangement.
- Mobile peer-to-peer: Mobile peer-to-peer platforms like PayPal and Venmo allow their users to easily transfer money among each other using mobile apps or websites. Some of these mobile peer-to-peer platforms, e.g. PayPal, also allow customers to pay for online purchases from merchants who accept it as a payment method.
What Are the Risks of Accepting Mobile Payments?
As a payment method that’s quickly growing in popularity among consumers, mobile payments are increasingly targeted as a fraud opportunity by criminals. These are the three most common risks associated with mobile payments that you should be aware of.
Card-Not-Present (CNP) Fraud
This is the most common type of mobile payment fraud, and it can take on two forms.
The first type of CNP fraud is when criminals obtain stolen or leaked credit card information and link it with a new mobile device. They then use this device to make purchases, either online or in-store with an NFC payment.
CNP fraud can also be committed by getting a lost or stolen mobile device and using its mobile wallet to make unauthorized purchases with it, either online or in-store.
Mobile payments make it a lot more convenient for people to make purchases, but the drawback of this is that it’s a lot easier for criminals to exploit, too.
Mobile wallets are typically linked to credit or debit cards. As such, when a customer makes a mobile wallet payment and then goes on to dispute the charge, resolving the dispute works in a similar way to credit card chargebacks.
Chargeback fraud, sometimes referred to as "friendly fraud," refers to when legitimate orders are disputed by the customer and require the merchant to refund their payment.
This form of fraud can be accidental, but sometimes it’s done intentionally by fraudsters, who place orders and claim they never received them. This nets them the goods and a refund at the end.
Unfortunately, with this type of fraud, the person committing it is virtually indistinguishable from your regular customers – meaning that the chargeback guidelines favor the customer when they dispute the charge with their issuing bank.
Loyalty fraud is when a person gains illegitimate access to a customer’s loyalty account information for a certain retailer.
These days, loyalty accounts for retailers are often managed through mobile apps. Customer credentials for these apps being compromised could result in a risk of loyalty fraud. This can happen in different ways:
- The fraudster gains access to a customer’s account information through a data breach or phishing.
- An internally committed fraud, for example, an employee of a retailer leaking customer account information.
- When a fraudulent account is opened under a false identity, only for the purpose of committing the fraud.
By gaining access to illegitimate loyalty accounts using one of the above methods, fraudsters then either use these points for themselves, or often, they illegally sell these points for money.
Who Is Liable for Mobile Device Fraud?
Most credit card brands offer a high level of fraud protection to their cardholders. Typically, people who make mobile payments do so using their linked credit or debit card. As a result, the protection they’re offered by their credit card companies applies here too.
As a merchant, unfortunately, this means the liability lies with you. When you accept a fraudulent mobile payment, you run the risk of it being reversed. When this happens, you not only lose the money you made and the product itself but you’re also forced to pay a non-refundable processing fee from the card association.
Some mobile wallet services, such as Google Pay and Apple Pay, offer basic chargeback protection for merchants, allowing you to dispute chargebacks. If your dispute is successful, your account won’t be debited for the chargeback.
However, to avoid being put in such a situation, it’s important that you take all the measures you can to protect yourself. Your best bet is to try to mitigate the risk that you’re serving someone who is committing mobile device fraud.
How Can You Protect Your Business from Mobile Payment Fraud?
As a business that accepts mobile payments, it’s crucial that you’re aware of some effective measures you can take to mitigate the risk of mobile payment fraud.
Here are a few ways in which you can do this.
- 3D Secure 2.0 transactions for online payments: Going with a payment provider that supports 3DS2 will give you an additional layer of authentication for certain online transactions, depending on several factors, such as your location and transaction size. Pay.com offers 3DS2 as the standard when accepting online mobile wallet payments.
- Use a provider with PCI DSS Level 1: The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that ensure the best security practices to safeguard sensitive credit card information, and Level 1 is its highest level of protection. Using a certified payment provider which has PCI DSS Level 1, such as Pay.com, will help you manage your risk and regularly scan blacklists to maximize your protection from mobile payment fraud.
- Use biometric feature detection: More recent models of mobile devices come with several biometric features such as fingerprint scanning as well as voice and facial recognition. Implementing a biometric feature detection mechanism in your business mobile app will help protect you from accepting fraudulent mobile payments from newer mobile devices.
- Verify customer identities by email or phone: Requiring your customers to use two-factor authentication when using your online store or mobile app will help add another layer of fraud protection. This sends a verification code to their email address or phone number.
- Require a CVV Code for mobile transactions: An effective way to prevent mobile payment fraud is requiring customers to input their CVV code for all card-not-present transactions, such as mobile wallet payments – both online and when paying in-store using NFC. This ensures that the customer has had recent access to the card.
The Bottom Line: How to Avoid Mobile Payment Fraud
It’s clear that today, being able to pay for purchases using mobile phones is a convenience that customers have grown used to and will not want to give up.
For this reason, as a small or medium business owner, it makes sense that you accept them – you’ll make interacting with your business a far more pleasant and convenient experience for your customers.
Given the risks that are tied to accepting mobile payments, however, it would be wise to implement one or more of the measures I covered in the previous section. These ideas will help you protect yourself and your business.
Remember that using Pay.com is a great way to accept mobile payments while ensuring you’re well protected from mobile payment fraud – all without having to go out of your way to do so. Click here to get started now!