Mobile wallet 移动钱包 are digital forms of wallet that people carry (or used to carry) in their pockets.
As we do not tend to carry large amounts of money in wallets, mobile wallets are convenient for small payments (as opposed to payments in larger businesses).
They hold digital information about payments including credit and/or debit card, bank account, pre-paid card, virtual currency information, coupons and loyalty membership, and wallet holder identifications.
A mobile wallet is a software application (app) that does the following:
- Secure enrollment of the holder (application download, identification)
- Securely s tore user information such as phone number, email address, and mailing address
The flow chart below summarizes the history of technology and events that evolve over the last eighty years.
Faster mobile payments through messaging, social media apps, payment apps, QR code, and even face scan give users a lot of convinience but also opens more room for fraud risk, which has been on the rise.
There is a Chinese saying “道高一尺,魔高一丈”. The English translation is “While the priest climbs a post, the devil climbs ten.”
Each authentication 身份验证 method has its shortfalls. Frausters can steal and fake finger prints or other types of unique IDs just like how they steal and fake passwords or checks. A quick search will yield many sites that offer them for sale.
Mobil payment risk control rely on multiple dimensions of user information to identify user instead of password only.
This way, even if passwords are stolen by fraudsters using phishing or other tricks, information from other dimensions such as id (security questions), location, device, behavior and so on can help authenticating the user.
But we need to be aware that fraudsters can fake the same IP address, browser, device since those information are often hacked along with the account number and passwords.
Besides, any information that is captured about the customer to identify the customer, if leaked or hacked, can be used against the account.
It is like a sword with two edges.
While it is not possible to eliminate payment fraud, the risk can be minimized and contained by balancing multiple factors and better technology 更好的技术.
Risk tolerance
Risk tolerance needs to be set.
Einstein once said “Everything should be made as simple as possible, but not simpler”.
Fraud prevention features need to balance user convenience and security 平衡便捷和安全.
More layers of authentication can affect user experience and cause frustrations from lock-outs. So, have strong authentication, but not stronger.
More private information collected about users will increase risk for data leak. So, collect as much as needed, but not more.
More false alerts increases costs of doing business. So, set rules, thresholds and KPIs that raise enough alerts, but not more.
It is important to establish the level of risk tolerance through understanding how much loss is tolerable for how much profit at particular amount of business.
Partner with internal and external teams
We know that the success of a business needs to balance 平衡 risk management with customer experience and operational overhead.
Internal teams, such as product and marketing teams often are too excited in new product launches to appreciate the fraud risks.
It is important to have a good working partnership with Engineering, Product, Operations and Compliance teams to conceive, design, and monitor fraud strategies and recommend product features in order to mitigate fraud risk in the most precise manner (simple but not simpler), collaborate on technology that will fit with the organization’s overall IT architecture and strategy, and to secure the funding and IT resources to implement fraud controls. Externally, fraud risk team need to work with business partners and regulators.
Technology
Mobile payment risk management heavily involves technology.
The fraud risk team invest in learning the latest technologies that can take anti-fraud to the next level. For example, the combination of voice, iris, face scan 刷脸 and finger print scan 指纹识别is a step up in security and convenience than passwords.
It should have data engineer/scientists, and people who are knowledgeable in investigations and have the sensitivity for identify and explore emerging risks.
In most sports, such as basketball, it takes both good offense and good defense to win. Same is in business. We can analogize the fraud protection as defense.
Higher business growth and better customer service, lower fraud rates than competitors, and optimal operational overhead. Balancing the three is the goal of fraud risk management.
This can only be achieved by having good partnership with internal and external teams, and by having excellent 360 fraud risk functions.
This takes great effort and hard work.
Fraud risk team
Like the best sports players, to win, the fraud risk team must be very skillful in technology and strategy.
Processes and procedures
One of the myths of great defense in sports is that players must be fast and quick to be effective defenders. In fact, the best defense is played with anticipation and awareness of what’s going on around you, good body balance and basic fundamentals.
Same is true in fraud prevention.
The fraud prevention process include the following for knowing what’s going on:
- Real-time protections: customer authentication,identification and verification;
- Transaction monitoring for all contact channels – internet, telephone, mobile, digital and in-person – to gain a holistic customer view.
- One consistent and unified view across checks, debit cards, credit cards, ACH, wire transfers, deposits, merchant transactions and digital/online payments, which can also add value for anti-money laundering (AML), credit risk management, marketing and sales efforts, because ctivities that look normal by themselves can appear suspicious when seen in broader context.
- One-time passwords or biometrics for strong customer authentication. Geolocation capability and device ID analysis for mobile and digital banking.
- Feedback, investigations and recovery: machine learning analysis, fraud case review, root cause analysis,
- Investigations and recovery, Network and link analytics for detecting collusion and for AML analysis and investigations.
- Wallet provisioning
- Data visualization dashboards for identifying potentially suspicious events and connections. Reporting and management information
Implementing the analytic fraud risk function
Implementation should have openness and flexibility in the technology architecture and an API approach so that functions can be extended rather than having to replace.
The fraud technology should span account opening, transaction monitoring and network analysis, with broad data sharing and supported by analytics-driven rules and models.