Merchants have invested heavily in their mobile offerings, from creating their own apps to optimizing their websites for better browsing experiences. However, there is one part of this type of customer journey that merchants commonly fail to optimize: the mobile-order fraud-review system. Why does this matter? In short, it ruins a major source of traffic by adding easily avoidable friction. Read on to learn how to avoid these pitfalls and better manage mobile commerce fraud.

What’s unique about mCommerce?

Mobile commerce, by design, is available to the consumer at any hour of the day. In our 2018 consumer survey of 5,000 respondents in the US, we found 24% of them have made online purchases while in the bathroom, 19% while walking down the street, and 8% while on a date! That spontaneity and mobile’s smaller screen size drive the difference in the types of orders shoppers place via mobile versus desktop. Mobile shoppers tend to place orders that are smaller in total dollar amount but placed at a higher frequency than bigger purchases. For instance, shoppers are more likely to use a mobile phone during their commute to order a handful of pantry items that they forgot to pick up at the store, than they are to buy a new leather sectional sofa. These characteristics for a card-not-present order are what many legacy and rules-based fraud-management systems may red-flag.

Convenient for consumers = Convenient for fraudsters

The same things that make mCommerce so appealing to shoppers also create challenges for merchants. Customers can buy anything from anywhere! But that means they rarely connect through the same network. It’s a blessing and a curse. So what can merchants do to keep fraudsters out and legitimate customers in?

Merchants have to shift how they view these orders. They need to prioritize the right data points and move away from less-relevant data points that may have been reliable in traditional eCommerce.

Devices

First and most importantly, they can track whether the order was placed on a mobile device or elsewhere. If mobile, note what type of device — was it an Android device or an iPhone? Next, go deeper and note the entry point for mCommerce orders. Did the shopper first discover the item while shopping on a desktop computer and then later check out on a mobile device, through the mobile app or website? Or did the shopper ultimately make the purchase on a desktop? If checkout was on a mobile device, it’s critical to distinguish whether the customer was accessing the site through a mobile web browser, or the mobile app. By doing so, merchants can efficiently review attempted and successful fraud, identify the origin, and then implement specific security measures to contain and prevent it.

For instance, Riskified uncovered a major botnet fraud ring because our technology methodically tracks and analyzes data generated from shopper interaction with merchants’ eCommerce sites and mobile apps – all in real-time. The web beacon, a snippet of code embedded in customer-facing web pages and apps, tracks information about each order, including the type of browser used for checkout. By using elastic linking on the information gathered through the beacon, we identified patterns in seemingly disparate mobile website orders that turned out to be part of a fraud ring’s coordinated attack.

IP Addresses

This doesn’t mean that all and every piece of data is important and relevant. When it comes to mCommerce fraud management, merchants need to discern what is relevant for analysis. Indicators that may be valuable in traditional eCommerce fraud review can be less revealing in mCommerce fraud review.

Take IP addresses. In mCommerce orders, cellular IP addresses are not unique identifiers. Users are constantly on the go when on their mobile devices, so variances in IP addresses throughout a consumer’s purchase history should not be such a strong red flag, or even a red flag at all. Mobile providers generate dynamic, cellular IP addresses from the nearest cell tower for a given device. Wifi networks, on the other hand, are completely static.

What may be more effective instead is to track the unique identification number. Every smartphone or tablet carries a unique identification number. Device IDs can be spoofed, but the majority of fraudsters are not able to do so. The ID will let merchants trace the device regardless of the wifi or cellular network the device is using.

Similarly, wifi networks can be a more revealing identifier for stationary devices such as desktops and laptops, but less relevant for a mobile device that is designed for use on the go. Purchasing an item while connected to a new wifi network doesn’t necessarily mean that the order is fraudulent – legitimate shoppers connect to other wifi networks all the time – but this information is less useful in mCommerce. The device and the valuable information it yields, such as the default keyboard language, type of device, and wireless carrier, are more useful as a control variable for fraud monitoring.

AVS Mismatches

When it comes to AVS, Riskified’s data shows merchants can safely approve over 94% of mobile orders with a partial AVS match, and over 70% of mobile purchases even if the AVS check failed. The weak correlation between AVS results and mobile order fraud may be linked to the fact that users have a harder time accurately entering their billing address on mobile devices’ smaller screens.

Many of the consumers making mobile purchases are also younger shoppers, who move houses frequently and often neglect to update their credit card issuers regarding the new billing address (e.g. change of address within a college campus). Our Shopping and Fraud Behavior Report showed 30% of them use mobile devices to make online purchases, with 44.9% of millennials saying they prefer to use smartphones over desktops.

Behavioral Analytics

Lastly, merchants can boost their fraud-detection accuracy by incorporating other behavioral data unique to the mobile channel or focusing more on data that is equally reliable across mobile and desktop channels.” Mobile carrier information, GPS location, and advanced behavioral analytics can all be used to inform your decisions, decrease chargebacks, and ultimately increase revenue.

For instance, mobile shopping decreases during business hours and increases between 6 p.m. and midnight. With PC ownership on the decline, legitimate customers are less likely to be near a desktop computer outside the office. They’re more inclined to purchase via their mobile devices after work hours, while on the go, or relaxing on a couch before heading to bed.

We have found that card-not-present fraud attempts are more prevalent with mobile orders placed between midnight and 6 a.m. when the safe approval rate drops to 90%. The higher fraud rate during the early hours of the morning can be explained by the fact that fraudsters assume they can catch merchants “off guard.”

Next Steps

Mobile as an online shopping channel has become a force to be reckoned with. Spontaneity, ease of use, and on-demand availability are what uniquely draw shoppers to mCommerce, and these characteristics are also what challenge merchants’ efforts to deliver a frictionless shopping experience. What’s important to remember is that the solution to these challenges, and the opportunities to capitalize on mCommerce’s explosive growth, lie in having the correct approach to mobile order fraud management. Knowledge, or the relevant knowledge rather, is power. Knowing which revelatory data points are unique to mobile orders to track and analyze can make all the difference.

If you want to go deeper into mCommerce or get insights on broader eCommerce fraud prevention, request a demo today.