In my previous blog on fraud, I spoke of ID theft in general terms and the notion of an enterprise strategy to combat fraudsters regardless of product and channel. I’d like to further investigate the channel piece of this discussion as it relates to mobile fraud.
Mobile applications are on the rise. According to a Javelin Study, of the top 25 largest retail FIs by deposit, 23 offer mobile banking for a penetration rate of 92.2%. More importantly, consumer adoption has skyrocketed to 60%. With the prolific spread of social networks and P2P interactions, we are seeing a surge in the use of easy to load, easy to read, and easy to use apps in the finance industry. Consumers are interested in making purchases with their mobile devices now (in real time), whether with businesses or other individuals. There is no doubt this trend will continue for the foreseeable future and the mobile channel is one in which all FIs will want to engage in order to meet the needs and desires of their consumers.
However, creating mobile applications that manage existing traditional bank products (ie: checking accounts, credit cards, debit cards) exposes them to the same types of fraud which penetrate online applications today. For example, let’s take remote deposit capture (RDC). If a current customer takes a picture of a check and sends it to the bank to be deposited via a mobile device without physically submitting the check, that picture still has three of the top five identifiers used to commit fraud on it: the consumer’s full name, address and bank account number. Therefore, if the picture is intercepted digitally or the customer throws the check away without destroying it, account takeover or worse yet, relationship takeover, is easily accomplished. The type of product, in this case the physical check, and even the process of RDC may need to change to keep consumers’ information safe.
Physical checks were designed so that money could be transferred between bank accounts without having to have the actual dollars in hand, allowing for greater convenience .In the past, consumers would go into a bank to cash or deposit checks and show ID, which mitigated fraud. Today’s consumers demand the transfer of money without ANY paper exchange between entities and without the need to physically walk into a bank which is even more convenient. However, it is difficult to ID the individual initiating the transaction. So, the traditional products banks offer are becoming obsolete and are subjected to increasing fraud attempts. The top two methods of payments fraud in 2010 were checks and ACH debits according to the 2011 AFP Payments Fraud and Control Survey.
Alternative payment methodologies are taking us to a whole new world of transacting business and eliminating the traditional ways fraudsters penetrate the system. Let’s take a look at the alternative payments company Dwolla. Dwolla enables purchasing transactions between consumers (P2P) or merchants (P2B). By simply creating an account, you can exchange monies with a trusted source and only have to pay a 25 cent fee regardless of the transaction size. Dwolla reduces fraudulent transactions by ensuring that no personal data is shared on their own private servers and they require the setup of a bank account with the registrant’s preferred bank during the initial registration. Therefore, the person or merchant with whom you want to do business does not have to know anything about you other than you have a Dwolla account. It is likely consumers will not care what bank backs the transactions as long as they are able to purchase what they want. No personally identifying information is exchanged with the money transaction. Now that sounds attractive.
Mobile applications should reflect a transition from traditional financial products to new “virtual” products like Dwolla to make fraud attempts more difficult to succeed. Treating mobile applications as just another channel is not enough. FIs that back social networks and new transaction applications will likely be in a better position for the future.