Time to get mobile-friendly behind the scenes

Google has begun attaching a mobile-friendly label to its search results for websites that cater well to mobile device users. This is a wakeup call for those who havent yet fully come to terms with the fact that the mobile channel is no longer an issue for the future; in the US, at least, the number of searches that Google is seeing from mobile devices is exceeding those from desktops and laptops (1).

Taking a leaf out of Googles book, I have got my own mobile-unfriendly warning to give to the worlds fraud managers. We know, from conversations with customers and from independent research, that around a third of online businesses dont even track payment fraud from the mobile channel, and that of those who do, the vast majority dont have distinct fraud management strategies for the mobile channel (2).

Warning: your fraud management is not mobile-friendly

Even if a business has not (yet) created a mobile-friendly website, I would be surprised if they dont understand why mobile-friendliness is an issue.

When it comes to fraud management, however, many of the people I talk to dont really appreciate that there are differences between mcommerce and ecommerce that call for distinct strategies for the two channels. They seem so similar, after all: youre using a computing device and the same payment methods - why should it make a difference whether the device is mobile or not?

But it does make a difference. When a customer uses a mobile device - smartphone, tablet, phablet - rather than a computer to buy from you, there are differences in their behaviour, in the data you can collect, and in the fraud pressure that the transaction may be subject to. These differences matter, because fraud management is only effective insofar as we understand what constitutes normal buying behaviour, and use data and tools that can help us distinguish between this behaviour and irregular behaviour that may indicate fraud.

Source: 2015 CyberSource UK Fraud Report Series: Part 1 – The World of Mobile Fraud

Differences that matter

The most obvious difference is that mobile devices are much more likely to be used while out and about - or while on holiday on the other side of the world - and this makes IP geolocation data more tricky to interpret. But if that were the only difference, it wouldnt be a big deal.

Even when mobile devices are used at home and are connecting to the same Wi-Fi network as the computer, there are differences that matter when it comes to fraud management. Compared with computers, consumers switch between mobile devices more readily, and they use them at different times of the day. Device fingerprint data is often more limited for mobiles. App security is an often-ignored issue, exploitable by fraudsters. Some fraud management tools may be less effective for mcommerce than for ecommerce (3D Secure, for example), or vice-versa (mobile phone number verification, for example).

Consider the risk

I have heard people express the view that theres no need to act, unless and until they see a spike in fraud rates attributable to mcommerce. This makes sense if your only priority is maintaining an acceptable level of fraud - and youre ready to move quickly if you see a spike. But you cant sit back and watch fraud rates if your objective is also to provide a trouble-free experience to genuine customers. Will you know if a growth in mcommerce causes a rise in false positives (rejection of non-fraudulent orders), or an increase in manual review of good orders? In my view, this is the greater risk to watch out for.

In practice, whether or when you need to act may depend on how much of your ecommerce revenue is coming from the mobile channel - which you can only know if you track it. I work with businesses where mcommerce is less than 10% of revenue, and others where its more than 50%. But even if the numbers are currently small for your business, they may grow much faster than you think. As weve seen from the recent Google moves (3), the mobile future is here; you should keep an eye out.

You’ll find some great resources on managing mobile fraud @ www.cybersource.co.uk/mobilefraud

Reference sources:

1) http://www.cnet.com/news/google-mobile-searches-now-outstrip-those-from-pcs/

2) CyberSource 2015 UK Fraud Report Series

3) http://googlewebmastercentral.blogspot.com/2015/04/rolling-out-mobile-friendly-update.html

About Sean Mathé

As Director of Strategic Technology Partners at CyberSource, Sean Mathé’s role is to understand the ever changing eCommerce landscape and champion payment management among the world’s largest and most influential eCommerce platform providers. He educates them on the latest innovations in payment management, impending legislation and the consumer trends that are set to shape the future of the industry.

He works closely with CyberSource’s product team, advising on any platform developments or market trends that could impact the company’s product portfolio and future roadmap. Mathé also manages the company’s relationships with its network of major global card providers.

About CyberSource

CyberSource, a wholly-owned subsidiary of Visa, is a payment management company. Over 400,000 businesses worldwide use CyberSource and Authorize.Net brand solutions to process online payments and streamline fraud management.