Does the idea of falling victim to fraud make you reluctant to accept mobile payments in your business? If so, it’s time to reconsider, or you could lose customers to competitors who do accept mobile payments.
Mobile payment processor Square estimates that mobile payment volume will hit $75 billion by the end of 2017, and projects mobile payments to hit $503 billion by 2020. Customers like the convenience of using their smartphones to make purchases, and mobile payments have become more widely accepted among businesses.
If your small business accepts mobile payments in-store — or online through an app or website — there are a few things you need to know. Learn what mobile payments are, why you should accept them, and six specific ways to reduce the chances of becoming a victim of mobile payment fraud.
What Are Mobile Payments?
Mobile payments is a broad term that generally refers to letting individuals pay for purchases with their smartphones. This could occur either at your business or, if you sell products from your website or an app, from anywhere. Types of mobile payments include:
- Point of sale payment that occurs in-store at a POS payment terminal
— the customer taps the phone on the terminal or makes the payment with the press of a
button on the smartphone
- Carrier payments through a phone service provider, where the customer makes a purchase from their mobile and then sees the charge as an item on their phone bill
- Using mobile payment apps, like Apple Pay, Samsung Pay, Android Pay, or PayPal
- Using a mobile wallet, like Google Wallet
- Businesses like Starbucks and Walmart have their own apps that accept payments, and, increasingly, small businesses are selling products through their own apps
Accepting mobile payments gives your customers flexibility — as there’s no need to rummage through a purse or wallet for a debit or credit card, or even visit your business, if your goods and services are available through your online store or app. But accepting mobile payments can expose your business to mobile payment fraud.
Mobile Payment Fraud — and How to Fight It
A solid 70% of mobile merchants increased online and mobile sales year-over-year in 2016, yet 60% reported experiencing fraud, according to a 2016 American Express survey.
However, the survey also found that buyers enjoy the flexibility of mobile shopping so much that they’re ready to take additional steps to help prevent fraud as part of their transaction. This is good news for small business owners, as it can help reduce fraud for their businesses as well.
1. Install a Secure Wi-Fi Network
An easy and effective way to cut the risk of mobile payment fraud is to use a secure Wi-Fi network at your business. Securing your network can help you reduce the chances of hackers intercepting data. If you encrypt the network as well, any data the hackers steal will be useless. Here’s how to secure and encrypt your network:
Create a unique password. Most routers come with a preset password and most hackers know the preset password for routers. It’s a good idea to create a new password. Open your router’s settings by typing 18.104.22.168 in your web browser. Input the factory set username and password to log in. From here, you can change your router’s password. It’s best to use a password that is 12 characters long and includes upper and lower case characters, numbers, and symbols. Contact the router manufacturer if you do not remember the username and password.
Choose a new SSID name. Your SSID is the name of your wireless network. You will see it when you try to connect your device to Wi-Fi. One of the easiest ways for a hacker to know who has an unsecured network is to look for “Linksys” or another preset SSID. Once you log into your router, you can change your SSID. Doing this will also reduce the chances of you or your employees accidentally logging on to another network that may not be secure.
Encrypt your network. Once you log in to your router, you can turn on encryption. It’s recommended that you set the encryption to WPA2 (Wi-Fi Protected Access version 2). This is the most recent and secure encryption setting. However, WPA2 is not compatible with devices made before 2006. If you or your employees are using devices that are older than that, use the WEP or WPA encryption setting.
2. Use Biometric Feature Detection
If your customers use out-of-date smartphones, your business could be exposed to mobile fraud, when that phone gets stolen and is then used for in-store purchases or to buy goods or services from your website or app.
Today’s newer devices come with several biometric features to confirm a user’s identity: fingerprint scanning, voice and facial recognition, and geofencing (using the GPS feature to create geographical boundaries). These features help deter the bad guys from making purchases through an unsuspecting shopper’s account either from a different location or using a different device. Yet some of your customers may use older devices that don’t have these features.
To protect your business from accepting a fraudulent mobile payment through your business app, direct your app developer to ensure your business app includes biometric feature detection. Then, if biometric features are not detected, your developer should include a second method of identity verification for each mobile payment transaction.
3. Verify Identity by Email or Phone
While you can’t control what type of device your customers use, you can add a layer of mobile payment fraud protection. For mobile purchases from your online store or through your app, use a two-factor authentication method (2FA) that sends a verification code to the email address (or to the phone, via call or text) associated with the customer’s account.
Select a 2FA program like RingCaptcha or Duo to start verifying your mobile payment customers immediately. Simply sign up for the service and follow their instructions to get your 2FA program up and running.
Or, get a customized 2FA by asking your developer to program your app to send a verification code to your customer via email or phone. The customer must then enter the verification code on the payment screen to complete the purchase transaction.
4. Use Browser Detection to Prevent Unprotected Mobile Browsers
Some customers make mobile purchases by going to your business website through a browser instead of using an app. However, not all browsers are created equal when it comes to online security. If your customers make browser-based purchases through the standard Android browser instead of Safari or Chrome, there’s a higher chance of mobile fraud occurring, according to a study by mobile fraud protection company Riskified.
If your business accepts mobile payments for items in your online shop, include browser detection in your mobile payment process. This prevents users from completing transactions through unsafe browsers. Instead, your customers will see a message encouraging them to make purchases through the company app, or showing the browsers your site does support.
5. Require a CVV Code for Mobile Transactions
Most businesses that accept mobile payments are accepting credit card payments. While credit card companies themselves are working hard to reduce mobile fraud, add an extra layer of protection by requiring the CVV code (also known as a CVD or CVC code) for all “card-not-present” transactions, such as mobile payments.
This is a popular mobile payment fraud prevention tactic of businesses, because it’s effective. According to anti-fraud technology company Kount’s Mobile Payments & Fraud: 2017 Report, 58% of merchants check card security or CVV codes as a method of mobile fraud prevention.
A CVV code is the three-digit code found on the back of a credit card next to the signature line (or, for American Express, the four-digit code found on the front). Requiring a CVV code for mobile transactions means the user must have access to the physical card to complete the transaction.
6. Use AI, Analytics, and Machine Learning to Identify Fraudulent Patterns in Data
If you haven’t heard about the impact of artificial intelligence (AI) and machine learning on all-things-digital, you’re about to. It’s true: Companies such as Fraugster, Signifyd, and Riskified use artificial intelligence and machine learning to analyze payment data in order to reduce mobile payment fraud for online merchants.
By identifying purchase patterns, payment preferences, and the geographical locations of mobile users, programs developed by these companies create digital identities of consumers. If a mobile payment occurs that doesn’t match the pattern for the user, the transaction gets denied. To take advantage of the latest AI technology to identify fraudulent data patterns, install a program like Fraugster, Signifyd, or Riskified that integrates with many of the most popular e-commerce platforms like Shopify, Magento, or Big Commerce.
With the changes in consumers’ purchasing preferences, it’s clear that the convenience and benefits of accepting mobile payments can make good sense for your small business. If you already accept mobile payments — or if you decide you need to start accepting them — choose one or more of these six methods to reduce the possibility of payment fraud. Doing so will help protect both your business and the customers you serve.