When It Comes to Fraud Management, mCommerce ≠ eCommerce

When It Comes to Fraud Management, mCommerce ≠ eCommerce

Browsing and buying products on a mobile device is quick, easy, and on-demand — three words consumers often use to describe a positive shopping experience. That’s why mobile commerce, or mCommerce, is one of the most popular shopping channels for consumers. Last year, US shoppers alone spent $208.1billion via mobile, or 39.6% of total retail eCommerce sales, and mCommerce is expected to represent the majority of eCommerce spending by 2021.

In response, merchants have invested heavily in their mobile offerings, from creating their own apps to adapting their websites for mobile browsing. However, there is one part of the mCommerce customer journey that merchants commonly fail to optimize: the mobile-order fraud-review system.

There is a serious cost to this failure, as mobile orders report the highest rate of cart abandonment during the checkout process and above-average false-decline rates when compared to other shopping channels. And yet we continue to see merchants apply the same fraud-management tactics and strategies they use for their overall eCommerce operations to their mCommerce channels and orders. Why does this matter? In short, it ruins their customers’ experience on the most popular shopping channel and biggest source of traffic by adding easily avoidable friction.

Read on to understand why no two online orders are the same and learn tangible steps merchants can take to better manage mCommerce fraud management and capitalize more mobile orders.

What’s unique about mCommerce?

This past holiday season reported the highest growth rates for brick-and-mortar and eCommerce sales since 2011. That surge was fueled by the increase in mobile shopping, with smartphones leading the way. Mobile accounted for 60% of online shopping traffic and 40% of sales, with smartphones making up 51% and 31% respectively, according to Adobe. Compared to last year, retail sales via smartphones jumped 56% while desktop (5%) and tablet (4%) sales both increased by single-digit percentages.
Considering how advanced smartphones are these days, it was only a matter of time for mobile purchases to spike. Devices and mobile infrastructure have caught up to desktops and now provide nearly equal internet browsing speed and experience. Plus, shopping on mobile fits perfectly with the lifestyle and consumption behavior of today’s consumers, especially millennials and Gen-Z. These shoppers have high expectations for greater convenience and speed, coupled with zero tolerance for friction.

Mobile, by design, is available to the consumer at any hour of the day. In our 2018 consumer survey of 5,000 respondents in the US, we found 24% of them have made online purchases while in the bathroom, 19% while walking down the street, and 8% while on a date! That spontaneity and mobile’s smaller screen size drive the difference in the types of orders shoppers place via mobile versus desktop. Mobile shoppers tend to place orders that are smaller in total dollar amount but placed at a higher frequency than bigger purchases. For instance, shoppers are more likely to use a mobile phone during their commute to order a handful of pantry items that they forgot to pick up at the store, than they are to buy a new leather sectional sofa. These characteristics for a card-not-present order are what many legacy and rules-based fraud-management systems may red-flag.

Convenient for consumers = Convenient for fraudsters

The same things that make mCommerce so appealing to shoppers also create challenges for merchants. Shoppers have a super computer in their hands! But that comes with a tiny keyboard. They can buy anything from anywhere! But that means they rarely connect through the same network. It’s a blessing and a curse.

So what can merchants do to keep fraudsters out and legitimate customers in?

Merchants have to shift how they view these orders. They need to prioritize the right data points and move away from less-relevant data points that may have been reliable in traditional eCommerce.

First and most importantly, they can track whether the order was placed on a mobile device or elsewhere. If mobile, note what type of device — was it an Android device or an iPhone? Next, go deeper and note the entry point for mCommerce orders. Did the shopper first discover the item while shopping on a desktop computer then later check out on a mobile device, through the mobile app or website? Or did the shopper ultimately make the purchase on desktop? If checkout was on a mobile device, it’s critical to distinguish whether the customer was accessing the site through a mobile web browser, or the mobile app. By doing so, merchants can efficiently review attempted and successful fraud, identify the origin, and then implement specific security measures to contain and prevent.

For instance, Riskified uncovered a major botnet fraud ring because our technology methodically tracks and analyzes data generated from shopper interaction with merchants’ eCommerce sites and mobile apps – all in real-time. The beacon, a snippet of code embedded in customer-facing web pages and apps, tracks information about each order, including the type of browser used for checkout. By using elastic linking on the information gathered through the beacon, we identified patterns in seemingly disparate mobile website orders that turned out to be part of a fraud ring’s coordinated attack.

This doesn’t mean that all and every piece of data is important and relevant. When it comes to mCommerce fraud management, merchants need to discern what is relevant for analysis. Indicators that may be valuable in traditional eCommerce fraud review can be less revealing in mCommerce fraud review. Take IP addresses. In mCommerce orders, cellular IP addresses are not unique identifiers. Users are constantly on the go when on their mobile devices, so variances in IP addresses throughout a consumer’s purchase history should not be such a strong red flag, or even a red flag at all. Mobile providers generate dynamic, cellular IP addresses from the nearest cell tower for a given device. Wifi networks, on the other hand, are completely static.

What may be more effective instead is to track the unique identification number. Every smartphone or tablet carries a unique identification number. Device IDs can be spoofed, but the majority of fraudsters are not able to do so. The ID will let merchants trace the device regardless of the wifi or cellular network the device is using.

Similarly, wifi networks can be a more revealing identifier for stationary devices such as desktops and laptops, but less relevant for a mobile device that is designed for use on the go. Purchasing an item while connected to a new wifi network doesn’t necessarily mean that the order is fraudulent – legitimate shoppers connect to other wifi networks all the time – but this information is less useful in mCommerce. The device and the valuable information it yields, such as the default keyboard language, type of device, and wireless carrier, are more useful as a control variable for fraud monitoring.

When it comes to AVS, Riskified’s data shows merchants can safely approve over 94% of mobile orders with a partial AVS match, and over 70% of mobile purchases with a full AVS mismatch. The weak correlation between AVS results and mobile order fraud may be linked to the fact that users have a harder time accurately entering their billing address on mobile devices’ smaller screens. Many of the consumers making mobile purchases are also younger shoppers, who move houses frequently and often neglect to update their credit card issuers regarding the new billing address (e.g. change of address within a college campus). Our Shopping and Fraud Behavior Report showed 30% of them use mobile devices to make online purchases with 44.9% of millennials saying they prefer to use smartphones over desktop.

Lastly, merchants can boost their fraud-detection accuracy by incorporating other behavioral data unique to the mobile channel or focusing more on data that is equally reliable across mobile and desktop channels.” Mobile carrier information, GPS location, and advanced behavioral analytics can all be used to inform your decisions, decrease chargebacks, and ultimately increase revenue.

For instance, mobile shopping decreases during business hours and increases between 6pm and midnight. With PC ownership on the decline, legitimate customers are less likely to be near a desktop computer outside the office. They’re more inclined to purchase via their mobile devices after work hours, while on the go or relaxing on a couch before heading to bed.

We have found that card-not-present fraud attempts are more prevalent with mobile orders placed between midnight and 6 a.m., when safe approval rate drops to 90%. The higher fraud rate during the early hours of the morning can be explained by the fact that fraudsters assume they can catch merchants “off guard.”

Mobile as an online shopping channel has become a force to be reckoned with. Spontaneity, ease-of-use, and on-demand availability are what uniquely draw shoppers to mCommerce, and these characteristics are also what challenge merchants’ efforts to deliver a frictionless shopping experience. What’s important to remember is that the solution to these challenges, and the opportunities to capitalize on mCommerce’s explosive growth, lie in having the correct approach to mobile order fraud management. Knowledge, or the relevant knowledge rather, is power. Knowing which revelatory data points that are unique to mobile orders to track and analyze, can make all the difference.

If you want to go deeper on mCommerce or get insights on broader eCommerce fraud prevention, request a demo today. You can also read more on our blog and at our Resources Lobby.