It’s a good time to be a mobile developer no matter how you look at the opportunities. But if you want to go for the low-hanging fruit, look at developing robust fraud detection tools focused on mobile e-commerce.
According to a recent paper by Gartner’s William Clark, development for fraud detection tools to enforce mobile e-commerce transactions are behind the delivery curve.
“Enterprise applications must detect fraud in these mobile environments, but fraud detection tools available today that work in [wired] computing environments don’t work well or at all in the mobile world,” Clark said. Tools to detect fraud in the mobile space are in the early stages of development, and he estimated it will take until at least 2012 for them to mature.
Clark said that due to the improving browser experiences on smartphones, mobile commerce and transaction executions are set to rapidly increase. Gartner estimates that by 2014, about 12% of all e-commerce transactions will be made using smartphones and other mobile devices.
Gartner encourages CIOs to start taking a hard look at the fraud tools under development as they consider launching mobile payment systems. He warns that enterprises must have mobile fraud prevention systems in place to remain competitive.
Three types of fraud prevention methods are currently available for mobile apps:
The first, mobile device identification, is server-based JavaScript. The script captures information about a user’s browser and phone when he or she logs in. If the app is browser-based, the script captures unique browser identification information and data to identify the phone. If the app is native on the device, it can also gather the phone’s serial number and network card number to forward to the e-commerce entity, but only after the user opts in.
The second method uses the phone’s location information, and only requires that the device be turned on. Using location information can help specifically authenticate the user through correlation with other systems such as a user’s address in a directory. Mobile phones can forward location information based on GPS data, but it also requires the user to opt-in. Gartner says locations can also be received by mobile network operators employing software tools that don’t require user opt-in.
The third strategy is to customize the company’s risk scoring and rule-based models for mobile applications. This approach, which Gartner said some online fraud detection vendors are beginning to implement, looks at the device itself, its location and the usage patterns of an app on the phone. Right now, there’s a dearth of experience to draw upon, which makes it difficult to build resilient risk models.
According to Avivah Litan, vice president at Gartner, “Given the explosive growth of smartphones and other mobile devices, the increase in mobile commerce, and the migration of fraud attacks to these devices, using mobile fraud detection in mobile commerce environments is an imperative.” So, it appears the door is wide open for developers to break ground in this field.