How to Protect Against Mobile Payment Fraud for eCommerce Transactions

Shopping via a mobile device has become incredibly popular given the ease and convenience with which users can buy whatever they desire – directly through their smartphones or tablets.

Yet, criminals tend to follow the crowd. Since mobile technology is one of the ways consumers prefer to shop online – mobile-related payment fraud is on the rise. In a recent study, approximately 51 percent of online fraudulent activity came from a combination of both the iOS and Android platforms.1

Whether your customers prefer to shop via mobile eCommerce sites or through dedicated mobile apps, here are two compelling reasons to engage fraud prevention methods now:

  • Every dollar of fraud could generate up to $3.13 in indirect losses for merchants, once you factor in transaction, chargeback, and restocking fees.2 That number could be higher after including litigation, punitive damages, and lost consumer confidence.
  • An estimated 60 percent of small business owners close their operations within 180 days of being breached.2

Below are some of the most useful strategies you should adopt to help prevent mobile payment fraud from negatively impacting your customers.

1. PCI Compliance

PCI compliance is a requirement for any merchant accepting credit and debit cards, regardless of your payment processing method. Merchants must adhere to the latest data security standards set forth by the Payment Card Industry Security Standards Council (PCI SSC). These standards were created to enforce a robust card data security process to help protect customers, merchants, and banks from fraud.

Compliance is an ongoing effort, and it must be continually monitored and maintained for safety concerns and vulnerabilities. That’s why it is important to only work with merchant account providers that deliver PCI-compliant payment processing. Doing so is one of the best ways to help ensure your business maintains compliance all year round.

2. Tokenization and Encryption

Another way to help reduce fraud risk is by leveraging powerful technologies such as tokenization and encryption:

  • Tokenization works by substituting credit card numbers and other payment details with randomly generated non-specific IDs known as “tokens.” Even if a token falls into the wrong hands, it is unusable by anyone else (except the payment processor).
  • Encryption works by using algorithms to encode payment data before it is transmitted to processors, banks, and any other stakeholders within a typical credit or debit card transaction.

3. Fraud Management Tools

A payment gateway enables customers to shop on your eCommerce site or mobile app and pay for their purchase electronically. It is the virtual equivalent of a POS terminal and is responsible for encrypting payment data before sending the details to the payment processor for authorization.

Depending on the payment gateway, you may have access to fraud management tools. These are additional safeguards, such as:

  • Velocity filters that help prevent criminals from testing multiple stolen credit cards on your site – in quick succession
  • Address Verification Service (AVS) that matches the billing addresses that customers provide with what the card-issuing banks have on file
  • Card Verification Value (CVV) or Card Identification Number (CID) that require customers supply the three- or four-digit code on the back or front of their credit cards

4. Multi-Factor Authentication

Another security feature that continues to gain attention is multifactor authentication – sometimes known as two-factor authentication (2FA).

Before they can log in, 2FA requires users to supply two or more pieces of information. For example, each returning customer might have to fill in a password – plus a one-time security code sent to his or her mobile device or email address.

Because criminals are unlikely to have direct access to your phone (or know your high school mascot), 2FA offers even greater protection than standalone passwords.

5. 3D Secure

3D Secure is a card brand-approved method for authenticating that the cardholder actually wants to engage in the transaction with the merchant.

The first iteration of 3D Secure worked much like two-factor authentication does. When shopping online, a mobile user enters his or her payment details during checkout. Your payment processor then checks these card details against an online directory to see if that customer is enrolled in the 3D Secure program.

  • If yes, the user must also enter a one-time PIN or secondary password to authorize the transaction
  • If not, the transaction gets flagged until the payment processor can take a closer look at the sale

Like 2FA, however, the original version of 3D Secure added friction to the shopping process – leading to lower overall conversions.

3D Secure 2.0 changed all that.

Customers enrolled in the newer version of the program no longer have to supply additional PINs and passwords during checkout. Instead, banks, processors, and card networks use real-time information and machine learning to generate a risk profile for each transaction.

If the customer’s location, payment history, device type, and shopping behavior don’t line up correctly, the sale is automatically flagged for further scrutiny. In many cases, the user will have to provide a special PIN or password to verify that the transaction is legitimate.

6. Infrastructure Updates

A fraud prevention strategy that every merchant should adopt involves keeping your payment environment and IT infrastructure up to date.

Criminals usually exploit known software vulnerabilities when selecting their targets. A simple (yet powerful) way to safeguard your customers’ payment details is to install all relevant patches and plug-ins for every computer, mobile device, POS terminal, and payment gateway used to run your business.

Even with the best fraud filters and encryption in the world, you’ll remain an easy target if you rely on obsolete software. Take the time to patch, plug, and update everything you can.

Whether your customers shop online via mobile devices or via a PC, consider implementing as many of the fraud prevention methods as possible to help deliver a secure and frictionless eCommerce experience that keeps your customers returning.

1 “Mobile Payment Fraud on the Rise,” Security Week, 3 March 2020

2 “6 Best Practices for Securing Your eCommerce Website,” First Data, 19 August 2019


Author bio: Kristen Gramigna is a Senior VP on the Digital Marketing Team for First Data, a global leader in mobile payments and commerce solutions. She brings 25 years of experience in the bankcard industry in direct sales, sales management, and marketing.



Sign up today to stay informed with industry news & trends