Forrester: Merchants Should Ask the Hard Mobile Questions

Forrester recently estimated that US mobile commerce (both phones and tablets) will top $252 billion by 2020. On the other hand, the research firm also pointed out that with greater potential for profit comes greater potential for loss: they note that “mobile offers fraudsters more options than any other channel.”

Additionally, Forrester comments that “To combat mobile fraud effectively, vendors will need to adapt the risk-scoring models in their enterprise fraud management (EFM) solutions to account for the unique nature of mobile fraud. It will also require the vendor to collect detailed user behavior, sensor, location, and other device data from the mobile device in order to provide accurate fraud risk scoring. Not all EFM vendors are prepared to address mobile fraud today, so S&R pros must be prepared to ask tough questions when evaluating vendors.” (emphasis mine)

Forter was one of the enterprise fraud management solutions evaluated by Forrester for this mobile fraud management report, and the report reflects Forter’s ability to meet the needs of today’s retailers.

In this blog post, we consider the criteria Forrester lists as important in their report, and examine why they are so critical.

Is mobile fraud management natively built into risk scoring?

Although it is still often treated as the “little brother” of e-commerce, mobile commerce is distinctively different to e-commerce. Normal behavior is different on a mobile (just think about how you use your own smartphone, compared to the way you use your laptop), and different information is available. IP addresses, which are static with computers, are naturally more fluid on mobile devices. Geo-location must be approached differently, because the phone might be getting its internet from a different state, never mind a different street, and it might get moved around during a session. Data you’d expect to get relating to a browser or device type will be totally different depending on whether you’re looking at a computer or mobile device – and some data available in one won’t be available in the other.

These differences are all vital when you’re analyzing transactions to make subsecond decisions about whether fraud is present or not. Yet, as Forrester says, “While EFM solutions usually allow clients to import data, sometimes the schema of the EFM data warehouse is limiting and can’t incorporate mobile attributes.”

If the fraud prevention system you’re using for mobile isn’t natively built to handle mobile, it’s probably not taking advantage of the unique profile of mobile commerce. The schema it uses will require some data that’s not available via mobile, and ignore valuable information that is.

Forter’s mobile fraud prevention is natively built for mobile, designed to work with mobile’s unique profile.

Is there profiling of users across mobile devices?

Today’s consumers consume, communicate and purchase across a range of devices. Moreover, connections between consumers using the same devices are valuable in understanding your customers and preventing fraud. Mobile fraud management must be able to track users across devices.

This is important for two reasons: stopping fraud and approving good customers.

If you can’t track users across devices, you’re vulnerable to fraud techniques such as ATO, (account takeover) and more likely to get caught out by a repeating fraudster. On the other hand if you can’t make the right connections between customers, you’re more likely to reject a family member as suspicious.

Forter’s use of advanced behavioral analytics and sophisticated identity and velocity technology ensures that the system can track users as they move across devices – whether their intentions are good or bad – and make the right connections between buyers – again, whether they’re genuine or not.

Is there support for GPS, accelerometer, and power-setting data in risk scoring?

This question reflects the importance of leveraging the uniquely mobile nature of devices and the information attached to that. The device itself can provide a lot of information about where the consumer is and what they’re doing – and understanding that will help you work out whether the buyer persona they’re presenting matches what you can see from the data.

Of course in order to make full use of these types of features, you’ll need to know how good customers behave, both as groups and on an individual basis. You need both to be able to collect the data, and do research into the trends that characterize it. Moreover that research must be ongoing, because the buying patterns and device usage patterns of both good and fraudulent customers change over time and with the season.

Forter’s team of dedicated research analysts engage in constant research into transaction data, consumer buying patterns, technological possibilities and the fraudster ecosystem, continually improving the system and adapting it to meet the latest fraudster techniques.

Can the solution detect jailbroken devices?

A jailbroken device is a device that has been hacked – had its firmware (the code that tells the device how it works) altered. Essentially it has been modified to circumvent or remove the controls and limits set by the original manufacturer. It’s probably fairly obvious why fraudsters would like to this – it gives them a lot of scope when it comes to running malware on someone else’s phone, and doing it on their own means it’s easier to run programs that will help them commit fraud. There are a lot of apps that do just that, but they’re certainly not sold on the App Store. So knowing if a device is jailbroken is valuable information.

That said, like any other piece of data, it’s important not to overestimate its importance. There are legitimate reasons to jailbreak a phone – there are plenty of genuine customers who love their iPhones but would like to be able to download apps which aren’t sold on the official store. (While the same is true with Android, it’s far less common, due to its open source nature.)

What you need is a system which can deduce this valuable information, but keep it in perspective. Forter’s system provides automatic, instant approve/decline decisions based on the whole story of the transaction – meaning whether the data as a whole tells a story that is consistent with fraud or true buying. A jailbroken phone, while a risky indicator, is only one factor, and could well actually contribute to the story of a genuine shopper.

Is a mobile SDK available for collecting data on the mobile device?

Forrester says, “Mobile browsers do not provide the same level of rich information about the operating system, version information, data, etc., that their desktop counterparts do. By default, this limits the usefulness and accuracy of a device fingerprinting solution. If the EFM (or device fingerprinting) vendor offers an SDK for mobile application developers and this SDK allows for collecting the above environmental attributes from the mobile device, it can improve risk scoring.”

Forter’s SDK supports the system’s extremely sophisticated device fingerprinting abilities. Again, being able to get data about the device and the individual is extremely valuable. Equally essential, though, is putting this data to use in the right way, to build up an accurate understanding of the person who’s actually holding the device and making the purchase. Machine learning and Forter’s team of research analysts work together to ensure that Forter’s system both has the data and can leverage it in the best possible way.


It’s time to stop treating mobile as e-commerce’s little brother. The mobile channel is growing in significance, and many companies are adjusting accordingly. Marketers and product teams are well aware that their content is consumed by people on mobile as often as not. It’s time that fraud prevention join the effort to optimize for mobile.

Forrester recommends that merchants ask the hard questions when it comes to mobile fraud prevention – and they’re right. Assuming that what you have for e-commerce will work for mobile just isn’t enough. The mobile channel, mobile data, mobile shoppers and mobile purchases are distinctively different, and fraud prevention should accommodate and leverage that difference. Anything less is good for fraudsters and their ill-gotten gains, but bad for both customer experience and sales.

Find out more about Forter’s mobile solution in action by downloading this white paper about mobile fraud prevention and customer experience. Read this Forrester report about mobile here, with complimentary access from Forter.



Related Posts