Convenience is the new frontier in fraud. Credit card schemes want consumers using their products as much as possible, and sometimes fraud prevention conflicts with ease of use. We see this clearly with the EMV card rollout here in the United States. Card companies believe that chip & PIN may dissuade consumers from using EMV cards. So here in U.S., it’s chip & signature–PIN is not required so as not to disrupt the fragile user experience. But when you think of how many times a cashier has actually checked your signature, the potential exploit in this system is clear.
Ease-of-use is also driving fintech innovation with mobile wallets like Apple Pay, Android Pay, Samsung etc. Using your phone to make purchases is not an entirely new innovation, but it is now going mainstream with both consumers and merchants. Apple Pay is reporting a million new users every week. Mobile wallets have a lot of momentum right now because they are highly convenient. And, once again, ease of use comes at the expense of security.
Fraud: It's Complicated
Just as the payments industry was expecting the EMV transition to build a bulwark against fraud, mobile wallets are coming along and disrupting that paradigm . First of all, most mobile wallets use near field communications (NFCs) that work like Bluetooth to send transactions. However with high-tech spyware, fraudsters can intercept these communications. A recent study out of Newcastle University recently proved it possible for a malicious application to pose as a payment terminal and fool a mobile device’s NFC into authorizing purchases of up to $1.3million dollars. All the fraudster needs to do is stand in close proximity to a mobile wallet device.
Mobile wallet exploits also affect merchants. Setting up a mobile wallet is by its very nature a card-not-present transaction; consumers set them up remotely. A fraudster can therefore set one up with a stolen data, side-step the EMV protections entirely, then use the fraudulent mobile wallet to transact card-present and CNP payments alike. So whether its the consumer or the merchant, online or in-store, mobile wallets have opened up a new frontier for fraud.
The moral of the story here is that as merchants, we should always look to where fraud is going, and not where it’s at currently. Defensive measures like EMV and fintech innovations like mobile wallets always come with bold promises of reducing fraud and boosting spending. But the reality is, fraud will find a way around them. Furthermore, fraud safeguards become compromised by less nefarious actors than the fraudsters: card schemes and fintech innovators themselves can enable vulnerabilities in their push for ease of use solutions and flashy selling points.