the when, why and how of mobile fraud prevention
TRANSCRIPT
3
GLOBAL IOVATION TRAFF ICS H I F T I N G D I G I T A L C H A N N E L
18% 22% 25%2%
2%2%8%
11%14%
73%66%
59%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2013 2014 2015
Mobile Web Desktop App Mobile App Desktop Web
5
MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E
Shopping
Social
Health & Fitness
Financial
174%
6
MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E
Shopping
Social
Health & Fitness
Financial
103%
7
MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E
Shopping
Social
Health & Fitness
Financial
89%
8
MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E
Shopping
Social
Health & Fitness
Financial
26%
9
GLOBAL IOVATION TRAFF ICM O B I L E A P P T R A F F I C G R O W T H ( Y O Y )
0%
10%
20%
30%
40%
50%
60%
Q3 14 Q4 14 Q1 15 Q2 15
Travel and Leisure
Retail
Logistics
Interactive Gaming
Financial Services
11
US MOBILE PAYMENTSF O R R E S T E R R E S E A R C H
$42.6B
$90.7B$3.7B
$34.2B
$5.3B
$16.8B
$0B
$20B
$40B
$60B
$80B
$100B
$120B
$140B
$160B
2014 2019
Remote Payment Proximity Payment Peer-to-Peer Transfer
Source: Forrester Research Mobile Payments Forecast 2014 to 2019 (US)
12
AUTHENTICAT ION ADOPTIONT H R E E T Y P E S O F A U T H E N T I C A T I O N
Password Managers
2nd Factor (OTP, Device)
3rd Factor (Biometrics)
REMEMBER THIS DEVICE
16
EBAY145,000,000
TARGET70,000,000
ADOBE36,000,000 PREMERA
11,000,000
ANTHEMJPMC76,000,000
ANTHEM – February, 2015Home Depot – Sept 2014
56,000,000
Sony – Dec 2014JPMC – July 2014
HOME DEPOT
78,800,000
SONY10,000
STOLEN CREDENTIALS
18
MOBILE GAMBLINGJ U N I P E R R E S E A R C H
CONVENIENCE
• Users have their mobile device nearly all the time
SPEED
• With 3G and now 4G, the real time data access becomes ideal for gambling
EXPERIENCE
• Bigger screen display and beyond basic text payment
DRIVERS BEHIND THE GROWTH
20
MOBILE PAYMENT FRAUDT A K I N G A D V A N T A G E O F C A R D N O T P R E S E N T
Mobile capabilities are outpacing
risk mitigation measures
EMV widely expected to push
more fraud to CNP
21
MOBILE PAYMENTS FRAUD
CARD
PROVISIONING
Digital Cash from
Stolen Credit Cards
Friendly Fraud
Collusion
PEER-TO-PEER
Duplicate Deposits
• Multiple Channels
• Multiple Banks
REMOTE DEPOSIT
CAPTURE
Verification Difficult
for Mobile Wallets
22
IOVATION CONSORTIUM
0.54% Fraud Rate
Mobile VM:
caught 4X fraud
Global Carriers w/
highest fraud: tiGo (Ghana)
MTN (Nigeria, Ghana)
Kcell (Kazakhstan)
MegaFon (Russia)
Top Fraud: Credit Card
Phishing/Spam
Payment
Account Takeover
Over 1 Billion Mobile Transactions
23
Lack of major mobile fraud
levels today does not reduce
the risk potential
MOBILE FRAUD
MYTHS VS. REALITY
25
GARTNER’S 5 LAYERS OF FRAUD PREVENTION
1 3 52 4
Endpoint-centric Navigation-centric Account-centric Cross-channels Entity Link Analysis
Analysis of
users and their
endpoints
Analysis of
navigation
behavior and
suspect patterns
Analysis of
anomaly behavior
on a per-channel
Analysis of
anomaly behavior
correlated on a
cross-channel
basis
Analysis of
relationships to
detect organized or
collusive criminal
activities
26
MOBILE FRAUD PREVENTIONO N L I N E F R A U D S O L U T I O N S M U S T B E T U N E D T O M O B I L E
Same Approach
Applied
Differently
Across
Multiple Devices
Fraud is fraud
High level business rules
Different type of operating system
Different type of network
Different type of user engagement
Assume a cross-device user
28
BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N
Mobile is not one channel
Leverage the power of the SDK
29
BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N
Mobile is not one channel
Leverage the power of the SDK
Even hardware-based identifiers can be changed
30
BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N
Mobile is not one channel
Leverage the power of the SDK
Even hardware-based identifiers can be changed
Be aware of the abuse potential of some tools
31
BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N
Mobile is not one channel
Leverage the power of the SDK
Even hardware-based identifiers can be changed
Be aware of the abuse potential of some tools
Geolocation… Trust but verify