Everyone loves m-Commerce. Customers can shop when it is convenient for them. Merchants earn more sales because customers have their store in their pocket or bag. And scammers are seeing a bonanza because mobile fraud prevention methods have yet to catch up with the many ways criminals can use the channel. This is one reason that 72% of fraudulent transactions occurred via mobile during the first three months of 2019.

Fraud in the mobile channel is a serious danger for sellers and consumers. Stopping it requires a multi-pronged approach that is slightly different from traditional e-Commerce fraud prevention.

Here’s what you need to know to protect your mobile channel from three common types of scams.

Brand impersonation is a growing challenge across all kinds of platforms, including email, SMS, social media and mobile apps. Since 2014, the number of malicious social media accounts has increased 11-fold as scammers seek to frame consumers for sharing payment data and credentials. Digital security firm RSA said social brand impersonation accounted for 9% of all Q1 2019 online scams. 

There are two ways brand simulators directly use the mobile channel to target victims and steal data. First, through technologies that are unique to mobile devices: SMS and apps. 

In a typical SMS brand attack, scammers send a message asking recipients to click on a link to verify account information, claim a prize, or change their password. The link may look legitimate, but it leads victims to a site that collects their data for resale on the dark web or for use by scammers who have sent text messages. 

In the app impersonation Scam, attackers publish apps that appear to be from trusted retailers or service providers. Customers who don’t realize the apps are fake can install them, putting themselves at risk of identity theft, card fraud, and malware injection on their mobile devices. RSA found that so-called fraudulent mobile apps accounted for half of all fraudulent attacks in the first quarter of 2019, up 300% from the previous quarter.

Scammers also indirectly take advantage of mobile users. Email phishing campaigns are sometimes timed to commuter hours, making it more likely that victims will read the message on their phone. This matters to criminals because most mobile email clients do not display the sender’s email address, only their name – which scammers can create to be anyone or any brand. Without an address visible to verify the identity of the sender, mobile recipients are three times more likely to get a surprise than if they were on their desktop.

Preventing impersonation of a brand requires constant vigilance. To push back against social media scammers posing as your brand, you need 

Regularly check the major app platforms for apps that may impersonate your brand and report them to the platform when you find them. 

To prevent scammers from impersonating your brand via email and SMS, let your customers know how to verify that messages are from your company and let them know that you will never ask for payment or login data via email or text. Consider employing the services of a digital security service for monitoring web pages, domains posing as your brand. Hosting services typically shut down these domains if there is evidence that they violate trademarks or engage in fraudulent behavior.

Card-not-present (CNP) fraud has grown steadily over the years as point-of-sale card fraud has become more difficult due to the adoption of EMV. According to the Verizon 2019 Data Breach Investigations Report, CNP fraud currently accounts for nearly 75% of all card-related fraud cases. 

Aite Group predicts that by 2021, CNP fraud will increase by 16.4%, costing merchants $6.4 billion. Meanwhile, as merchants deploy fully automated CNP fraud prevention solutions, their false rate of decline may also go up. Aite found that 62% of the merchants they surveyed had higher rates of false declines since 2017 – a problem that causes merchants to lose sales and customers. 

Although CNP fraud is a problem in both mobile and online channels, each channel requires different fraud prevention strategies. For example, behavioral biometrics that can be evaluated on a mobile device are different from biometrics on the desktop. How many apps are installed on your phone? What is the current geolocation data? How does the current user hold their phone? How do these markers relate to the customer’s past biometric data? Adding mobile authentication levels to your in-store fraud prevention program can better protect you from CNP fraud.

Tracking CNP fraud metrics across channels is also important. Ideally, each merchant will track completed and prevent fraud in each channel, but many do not. Channel tracking shows you which channel is more heavily attacked, which is better at stopping fraud and identifying where you need to focus your fraud prevention resources.

Mobile account takeover is another fraud-related problem that is becoming increasingly common. According to Javelin Research, mobile phone bill takeovers increased by 56% from 2017 to 2018. This is because SIM swap fraud has become a relatively cheap and easy way to remotely chase victims ‘ phones. And with phone control, criminals have access to the authentication channels they need to take over most, if not all, of the victim’s online accounts. 

This type of account takeover made news recently when Twitter founder Jack Dorsey’s account was hacked via a SIM swap that targeted his phone. Criminals don’t need physical access to the phone to run this scheme. They only need the phone number and the ability to persuade or bribe the cell carrier’s customer service personnel to virtually change the SIM number associated with the account to one the criminals control. Then, two-factor authentication codes sent via SMS or voice call go straight to the hackers, which means they can reset their passwords for email, banking, and social media accounts, as well as retail apps and customer accounts.

SIM swaps are not the only way scammers gain control of consumers ‘ accounts. Millions of credentials were stolen in a data leak and put up for sale on the dark web. Even without passwords for these accounts, scammers can use botnets to crack passwords if they have a login ID. And because so few people use a unique password for each account, when one password is hacked, it’s usually easy to access the victim’s other accounts. 

How can your store reduce the risk of fraud in the ATO while keeping good customers happy? 

Despite the risks of fraud, mobile has huge potential for online merchants. It is already the leading e-Commerce channel in many countries, and accounted for nearly a third of U.S. retail sales at the end of 2018.

The challenge for merchants is to create mobile sales channels that are as safe from fraud as possible and easy for good customers to use.

To achieve these goals, online retailers must now focus on protecting against impersonation of mobile brands, CNP fraud and account takeover fraud.