Best Practices in Risk Management for Mobile Payments - MRC 2011

1. Best practices for Risk Management in Mobile Payments Elena Krasnoperova Vice President of Analytics and Risk Management, Zong

2. Agenda What are mobile payments? How do mobile payments work? How do mobile payments differ from other types of CNP payments? How can mobile payments make transactions more secure? What are the special fraud management challenges of mobile payments? What are the key regional differences in fraud management for mobile payments? What are the best practices from leading Digital Goods merchants? 2

4. Authenticate transaction

5. Settle transaction on the mobile phone bill3

7. Competes with cash or swiping a plastic debit or credit card

8. Similar to a card-present transaction

9. Often involves Near Field Communication (NFC)

10. Payment is made remotely (e.g., via a web-enabled retailer)

11. Competes with PayPal, credit, debit and prepaid cards

12. Similar to a card-not-present transaction

13. Often involves Premium SMS or direct carrier billing4 Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.

14. What are the main types of mobile payments? Proximity payments Remote payments Digital goods and services Physical goods and services Cash and credits 5 Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.

16. Online gaming

17. Music, video, publishing

20. Money transfers

21. Remittances (domestic)

22. Remittances (international)6 Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.

24. Online gaming

25. Music, video, publishing

28. Money transfers

29. Remittances (domestic)

30. Remittances (international)Main focus for today 7 Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.

32. Transaction initiation 1. User selects Mobile as the payment option 2. User selects the amount of credits to purchase 9

33. “Log in” 574 - 2341 3. User enters Mobile phone number (pre-populated for previous users of Mobile payments) 10

34. Transaction validation 4. User receives and enters a PIN code 11

35. Transaction confirmation $1.99 20 500 5. User receives confirmation of purchase on the Mobile device and on the Web 12

36. Transaction settlement Account number Account number Phone number User name 13

39. Enter full cc info

40. Billing address

41. Username/password

42. Captcha

43. Enter email/password

44. Captcha

45. Verify email

46. Add/verify cc or bank

47. Download PayPal app, wait for install

48. Enter name, email, phone number, address

49. Add credit card

50. Add PIN

51. Receive and reply to verification SMS

53. Enter full cc info, or

54. Log in with username and password

56. None

57. None

58. NoneMuch easer especially for first-time users -> 5-10x higher transaction completion rate 15

60. Credit or debit card

61. Credit or debit card

62. Credit or debit card, or

63. Bank account, or

64. PayPal balance, or

65. PayPal credit line

66. Credit or debit card, or

67. Bank account, or

69. Instant

70. Instant

72. For credit or debit card billing: 1 month

73. Varies from a few days to 1 month

74. Varies, often instant

75. Varies, often instantCarrier-billing model -> delayed funds availability 16

78. Credit availability (for prepaid phones)

79. Type of phone plan (e.g., business vs personal)

80. Primary vs. secondary account holder

81. Purchase history

82. Refund history

83. Spending limit

84. Velocity checks

85. Geolocation match

86. Device fingerprint18 574 - 2341

88. PIN code expires after a pre-determined amount of time

89. Only 3 attempts to enter PIN are allowed to prevent guessing19

91. Four unique challenges Consumers expect instant transaction confirmation and delivery of goods Consumers do not tolerate payment friction as purchases are discretionary Most of the fraud is “friendly fraud” Mobile operators control refund policies and processes 21

93. Can not reverse transaction back on the mobile phone bill if transaction is fraudulent

94. Once the digital goods are delivered, can not take them back if transaction is fraudulent22

96. “No friction” is the core promise of mobile payments, and the main driver of adoption

97. Consumers have very little tolerance for any additional payment friction (e.g., 2FA)23

99. Tools that work for “professional fraud” (e.g., device fingerprinting or IP geolocation) are less effective for “friendly fraud”

100. “Friendly fraud” is more difficult to contest with mobile operators24

102. Some mobile operators have a “no questions asked” refund policy and thus high refund rates

103. Most operators do not allow payment processors an opportunity to contest refund requests

104. Some operators do not give payment processors visibility into transaction- or user-level refunds25

105. Consequences Effective risk management in mobile payments has to be: Instant / real-time (vs. delayed) “Behind the scenes” (vs. user-initiated) Effective for “friendly fraud” (vs. for professional fraud) Proactive (vs. reactive once refund occurs) Based on millions of mobile payment txns 26

106. Best practices for risk management …to assess risk and rewards… …and to take action Many data elements are combined… Device fingerprint Bar user Consumer transaction history Block transaction Product type Phone area code Review transaction Geo-location match Refund history Transaction risk level Reverse transaction Recent txn velocity Consumer risk level Consumer time on file Warn merchant Merchant industry Consumer lifetime value IP address Monitor consumer Purchase amount Carrier Time stamp Allow transaction Country 27

108. Regional differences European and Asian consumers are much more used to Mobile payments than US consumers Refund rates are lower in Europe and Asia than in the US because of differences in Mobile Operator refund policies and consumer habits Operator-mandated spending limits are often much higher in Europe and Asia than in the US Some European countries have very strict regulations affecting Mobile Payments, particularly as they relate to minors (<18 years old) 29

109. EU regulations: Example By law, Spain prohibits processing of premium SMS (i.e., mobile payment) transactions targeting minors (<18 years old) between 11 pm and 8 am CET Source: Comisión de Supervisión de los Servicios de TarificaciónAdicional: Código de Conducta. 30

110. Consequences Risk management policies and tools must be tuned for country/MNO differences Must abide by operator-mandated spending limits, consumer notifications, and other rules Given differences in refund rates, risk-reward tradeoffs differ by country/operator Consumer usage patterns and fraud patterns differ dramatically by country – what’s normal in FR differs from what’s normal in the US 31

112. Merchant best practices Be clear about your refund policies Provide end-users with ability to contact you and resolve problems Know thy user (what’s normal vs. not) Share risk-related data with your payment provider (e.g., TOF, unique account identifier, device fingerprints, negative lists) Take prompt action on fraudsters (restrict their accounts, reclaim unused goods) 33

113. Questions? Elena Krasnoperova VP, Analytics and Risk Management elena@zong.com 408-219-0208 34

Best Practices in Risk Management for Mobile Payments - MRC 2011

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (13)

Similar to Best Practices in Risk Management for Mobile Payments - MRC 2011

Similar to Best Practices in Risk Management for Mobile Payments - MRC 2011 (20)

Recently uploaded

Recently uploaded (20)

Best Practices in Risk Management for Mobile Payments - MRC 2011