How to Protect Your SMB from Payment App Fraud

Sixty-four percent of smartphone owners have made a payment using a mobile device within the past year. But there’s still plenty of room for mobile payments to grow, as the same research reveals that only five percent of smartphone users make a payment with a mobile device once a week or more.   

Main Content

How to Protect Your SMB from Payment App Fraud

Jul 29, 2019

How to Protect Your SMB from Payment App Fraud

Sixty-four percent of smartphone owners have made a payment using a mobile device within the past year. But there’s still plenty of room for mobile payments to grow, as the same research reveals that only five percent of smartphone users make a payment with a mobile device once a week or more. 

So while digital wallets haven’t taken off as fast as many expected, new apps with digital payment functionality are being introduced all the time—apps that aim to innovate and address consumer demand or a perceived gap in the marketplace. At the same time, rewards are becoming a more significant factor in motivating consumers to pay with their smartphones, with some shopping rewards apps going so far as to introduce their own rewards-driven in-app payment solutions.  

All this is to say that if you’re a small business owner, you not only want to accept payment via apps, you probably want to incentivize their use.

Unfortunately, though, there is a dark side to the growth of mobile digital payments, as fraudsters look to take advantage of security flaws in payment apps—vulnerabilities that enable them to defraud consumers and business owners alike. In one recent example, 7-Eleven Japan had to suspend the newly-launched mobile payments feature on its app after a security hole allowed fraudsters to reset user passwords and take over accounts.

Of course, having accounts taken over isn’t the only worry. Fraudsters have been able to exploit payment apps in a variety of ways, thereby exposing business owners to financial losses, including losses incurred via card-not-present (CNP) fraud and chargebacks.

Payment Fraud and the QSR industry

One industry that has been hit particularly hard by payment app fraud is the quick service restaurant (QSR) industry. QSRs are an attractive target because their apps are decidedly popular, with 63 percent of consumers having at least one quick-service app on their smartphone and 35 percent using mobile almost every time they visit a QSR.
 
So in addition to account takeover, QSRs—not to mention fast casual restaurants and other small businesses—have to worry about issues like stolen e-gift cards, stolen loyalty rewards points, promotion fraud and even friendly fraud

Naturally, fraudsters often use tried-and-true attack methods—like phishing, where the perpetrator sends legitimate-looking emails in an effort to get potential victims to cough up their login credentials. Brute force attacks are also popular, which requires guessing the required password or activation code.

Fraudsters have also been known to “use social media to ask someone to put $30 into their money transfer account, offering to provide $50 worth of food from a popular restaurant. [Then] they take the cash and don’t deliver the credit, resulting in negative social media posts and restaurant brand damage.”4

Attack methods aside, e-gift card fraud is particularly popular among fraudsters, as electronic gift cards are easily converted into cash and virtually untraceable when re-sold on e-gift card marketplaces. (As you may know, if a stolen payment card is used to purchase e-gift cards in a CNP environment, the business owner is responsible for any resulting chargebacks.)

Chargebacks can also result from cases of friendly fraud, as when a child uses a parent’s payment app to place an order, only to have the adult later dispute the charge.

Meanwhile, promotion fraud is another potential source of aggravation for business owners, as fraudsters look to repeatedly take advantage of attractive promotional offers by exploiting weak systems and/or policies.

Finally, fraudsters commonly look to steal—and subsequently sell—loyalty reward points, which may not directly harm business owners, but certainly frustrates the customer/victim who has lost his or her hard-earned loyalty points.

Tools And Techniques For Fighting Payment App Fraud

So what can you do to protect yourself from malicious activity like criminal fraud, friendly fraud and promotions abuse?

For one, you should regularly review and update your fraud fighting tools and techniques, as fraudsters are always looking to employ new tactics.

It’s also advisable to layer technologies designed to prevent payment fraud, as having a number of different protections in place will likely motivate fraudsters to move on to easier targets.

Of course, one of the greatest challenges is protecting your business against CNP fraud and other financially malicious activity without driving legitimate customers away. After all, your business may be disrupted not only by fraudulent orders and chargebacks, it can also be harmed if your fraud protection tools turn away real customers and force you to spend time manually reviewing suspicious orders.

Fortunately, there are now cutting-edge tools available—like the fraud protection solution offered by Kount®, which utilizes a combination of supervised and unsupervised machine learning to evaluate the legitimacy of transactions, logins, account creations and the like. That is, Kount is able to sift through vast amounts of global data to uncover indirect links to fraudsters while also allowing you—and fraud prevention experts at the company—to continuously review your own results and rapidly respond to evolving conditions, thereby providing maximum protection to you and your customers.

Intrigued? If you have questions or want to learn more about our suite of security solutions, give us a call at 1.888.845.9457. We understand the unique operating environment surrounding merchant payments and can help you differentiate yourself from competitors while also capitalizing on hidden growth opportunities.

 

Contact Us
About Our
Merchant Services

Get your Free Quote, Now!

After you have submitted your information, a TSYS representative will contact you.

All fields are required to submit form. Your information is private and secure. We do not accept adult businesses

Customer Support Form