Mobile wallets check off several boxes on consumers’ payments wish list: ease, convenience and options.
Yet, mobile wallets also signify new opportunities for fraudsters. As card-free commerce becomes more enticing for consumers and businesses alike, banks and mobile wallet issuers must evaluate the vulnerabilities of this channel. While there is active discussion around keeping mobile wallet transactions secure, added focus should be placed on securing the mobile wallet experience and stopping fraud at the door – at the point of card provisioning.
Criminals are nimble; while EMV has hindered their credit card fraud efforts at the point-of-sale, they see mobile wallets as a new, open door. And, they aren’t just setting their sights on mobile payments; fraudsters are already exploiting the provisioning and verification processes. This initial step truly sets the stage for the entire mobile wallet experience – not only does it determine whether a consumer will have an easy or cumbersome registration, it determines whether the mobile wallet will truly support secure transactions.
As more banks and technology companies work toward launching mobile wallets, they must look beyond traditional authentication techniques to prevent theft or falsification of payment credentials at the onset.
As a consumer enters his or her personal and card information into the mobile wallet app, banks must be prepared to verify and match this data against the mobile account data held only by the mobile network operators (MNOs). Tapping into the MNOs enables banks and mobile wallet issuers to verify ownership, account authority and recent events on the account that could be indicators of fraud. This allows issuers to take a risk-driven, layered approach of both active and passive authentication events to validate the consumer before allowing entrance into the payments ecosystem from the mobile wallet channel.
Risk mitigation is often a question balancing the user experience with the relative risk. The outcome of the card provisioning and onboarding processes creates a trickledown effect: a less-than-seamless onboarding experience will negatively impact a consumer’s excitement and confidence in the mobile wallet. Conversely, without a strong mobile wallet authentication strategy in place, the registration process will leave the wallet susceptible to fraud, also damaging the customer experience.
Mobile wallet usage might be off to a slower than expected start; however, as more consumers adopt compatible smartphones and more businesses implement the technology to accept mobile payments, that is likely to change. Between validating the identity of the mobile wallet user, obtaining insight on the device itself and confirming the payment account, there is a lot that must take place behind the scenes for mobile wallets to be just as secure as they are innovative.
Rich Rezek is vice president of market development for authentication solutions at Early Warning.