The When, Why and How of Mobile Fraud Prevention

THE WHEN, WHY & HOWOF MOBILE FRAUD

PREVENTION

JUNE, 2015

JON SPEER / SR. PRODUCT MARKETING MANAGER

MOBILE ADOPTION

3

GLOBAL IOVATION TRAFF ICS H I F T I N G D I G I T A L C H A N N E L

18% 22% 25%2%

2%2%8%

11%14%

73%66%

59%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2013 2014 2015

Mobile Web Desktop App Mobile App Desktop Web

4

MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E

76%

5

MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E

Shopping

Social

Health & Fitness

Financial

174%

6

MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E

Shopping

Social

Health & Fitness

Financial

103%

7

MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E

Shopping

Social

Health & Fitness

Financial

89%

8

MOBILE APP ADOPTIONT R A N S I T I O N F R O M D E S K T O P T O M O B I L E

Shopping

Social

Health & Fitness

Financial

26%

9

GLOBAL IOVATION TRAFF ICM O B I L E A P P T R A F F I C G R O W T H ( Y O Y )

0%

10%

20%

30%

40%

50%

60%

Q3 14 Q4 14 Q1 15 Q2 15

Travel and Leisure

Retail

Logistics

Interactive Gaming

Financial Services

10

MOBILE PAYMENT ADOPTION

PROXIMITY

REMOTE

PEER-TO-PEER

11

US MOBILE PAYMENTSF O R R E S T E R R E S E A R C H

$42.6B

$90.7B$3.7B

$34.2B

$5.3B

$16.8B

$0B

$20B

$40B

$60B

$80B

$100B

$120B

$140B

$160B

2014 2019

Remote Payment Proximity Payment Peer-to-Peer Transfer

Source: Forrester Research Mobile Payments Forecast 2014 to 2019 (US)

12

AUTHENTICAT ION ADOPTIONT H R E E T Y P E S O F A U T H E N T I C A T I O N

Password Managers

2nd Factor (OTP, Device)

3rd Factor (Biometrics)

REMEMBER THIS DEVICE

MOBILE THREATS

14

PLATFORM VULNERABIL IT IES

International banks

issue SIM swap

fraud alerts

Memory &

Stored Data

15

THREATS

SOCIAL ENGINEERING

16

EBAY145,000,000

TARGET70,000,000

ADOBE36,000,000 PREMERA

11,000,000

ANTHEMJPMC76,000,000

ANTHEM – February, 2015Home Depot – Sept 2014

56,000,000

Sony – Dec 2014JPMC – July 2014

HOME DEPOT

78,800,000

SONY10,000

STOLEN CREDENTIALS

17

THREATS

ROGUE APPS

Legitimate app stores by the number:

US – 50+Global – 300+

18

MOBILE GAMBLINGJ U N I P E R R E S E A R C H

CONVENIENCE

• Users have their mobile device nearly all the time

SPEED

• With 3G and now 4G, the real time data access becomes ideal for gambling

EXPERIENCE

• Bigger screen display and beyond basic text payment

DRIVERS BEHIND THE GROWTH

MOBILE FRAUD

20

MOBILE PAYMENT FRAUDT A K I N G A D V A N T A G E O F C A R D N O T P R E S E N T

Mobile capabilities are outpacing

risk mitigation measures

EMV widely expected to push

more fraud to CNP

21

MOBILE PAYMENTS FRAUD

CARD

PROVISIONING

Digital Cash from

Stolen Credit Cards

Friendly Fraud

Collusion

PEER-TO-PEER

Duplicate Deposits

• Multiple Channels

• Multiple Banks

REMOTE DEPOSIT

CAPTURE

Verification Difficult

for Mobile Wallets

22

IOVATION CONSORTIUM

0.54% Fraud Rate

Mobile VM:

caught 4X fraud

Global Carriers w/

highest fraud: tiGo (Ghana)

MTN (Nigeria, Ghana)

Kcell (Kazakhstan)

MegaFon (Russia)

Top Fraud: Credit Card

Phishing/Spam

Payment

Account Takeover

Over 1 Billion Mobile Transactions

23

Lack of major mobile fraud

levels today does not reduce

the risk potential

MOBILE FRAUD

MYTHS VS. REALITY

PREVENTION

25

GARTNER’S 5 LAYERS OF FRAUD PREVENTION

1 3 52 4

Endpoint-centric Navigation-centric Account-centric Cross-channels Entity Link Analysis

Analysis of

users and their

endpoints

Analysis of

navigation

behavior and

suspect patterns

Analysis of

anomaly behavior

on a per-channel

Analysis of

anomaly behavior

correlated on a

cross-channel

basis

Analysis of

relationships to

detect organized or

collusive criminal

activities

26

MOBILE FRAUD PREVENTIONO N L I N E F R A U D S O L U T I O N S M U S T B E T U N E D T O M O B I L E

Same Approach

Applied

Differently

Across

Multiple Devices

Fraud is fraud

High level business rules

Different type of operating system

Different type of network

Different type of user engagement

Assume a cross-device user

27

BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N

Mobile is not one channel

28

BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N

Mobile is not one channel

Leverage the power of the SDK

29

BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N

Mobile is not one channel

Leverage the power of the SDK

Even hardware-based identifiers can be changed

30

BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N

Mobile is not one channel

Leverage the power of the SDK

Even hardware-based identifiers can be changed

Be aware of the abuse potential of some tools

31

BEST PRACTICESM O B I L E F R A U D P R E V E N T I O N

Mobile is not one channel

Leverage the power of the SDK

Even hardware-based identifiers can be changed

Be aware of the abuse potential of some tools

Geolocation… Trust but verify

Q&A

UPCOMING EVENTS

CUSTOMER WEBINAR SERIES

JUNE 24

DIXONS CARPHONE

FRAUD FORCE SUMMIT

OCT 11-13, PORTLAND, OR

LEND 360

OCT 13-16, ATLANTA, GA

MONEY 2020

OCT 25-28, LAS VEGAS, NV