volume 9 • spring 2016
authentication, among other innovations—have the power
to dramatically improve payments security and convenience, and accelerate a global shift away from cash, predicts Cherian Abraham,
a mobile payments and banking adviser at Experian. “The mobile channel already is proving to be a much better security framework for payments than anything that came before, and it’s clear we need it. After all these years, if there are ways of making plastic cards any more secure, we’ve already tried them,” he says.
Navigating to a new, more secure m-payments future won’t be easy, if the U.S.’s rocky transition in 2015 from magnetic stripe cards to more secure, chip-enabled EMV cards is any indication (see page 58). Even in markets where EMV has been fully adopted after several years’ work, methods for storing and transmitting payment card data predate the mobile era and won’t be easy to change, observers say.
“We have a very long way to go before smartphone penetration reaches the point where it can support mobile payments broadly on a global basis, and the amount of development and investment needed is massive,” Abraham con- cedes, noting that an additional challenge for the payments in- dustry will be ensuring that new m-payments security processes that e ectively block fraud also are seamless and convenient
for consumers to use. And there always will be fraudsters—it’s
MoST CoMMoN M-PAyMeNTS FRAuD TyPeS
Automatic Number Identi cation Spoo ng
to be his phone number.
Account Takeover via Mobile Phone Number Porting
Device Cloning
 ngerprinting solutions.
Fraudster dials call center, impersonating the victim from what appears
23%
Fraudster  nds victim’s details on social media and persuades the mobile network to “port” ownership from the victim’s device to himself to
obtain one-time passwords to manipulate the device, including generating outgoing communications.
20%
Fraudster makes a software image of a device, which enables him to impersonate the device from a software perspective and fool device-
Recycling Mobile Phone Number
Call Forwarding
transaction con rmations, for example.
19%
Fraudster attempts to activate phones with new numbers, aiming to receive a recycled number attached to a victim’s current account.
11%
Fraudster enables call forwarding on the victim’s phone, hijacking it to receive incoming calls from the bank containing one-time passwords and
9%
SMS Interception
9%
Fraudster intercepts inbound texts with sensitive information.
SIM Cloning
8%
The victim’s phone SIM details are copied to the fraudster’s SIM to impersonate the subscriber on a mobile network and intercept calls.
Voice Mail Hacks
5%
Fraudster breaks into victim’s voice mail to intercept one-time passwords
for fraudulent use.
SIM Swaps
Fraudster uses details gleaned from social media to trick mobile network call center into deactivating victim’s SIM, activate a different SIM and intercept
incoming sensitive information.
3%
source: IDology 2015 Fraud Report
paybefore.com 45