A press release by Gartner announced their belief that by year-end 2013, location information or profile information from mobile phones will be used to validate 90% of mobile transactions, and that the rapid adoption of smartphones is forcing banks, social networks and other e-commerce providers to implement the kinds of fraud detection capabilities that have become mainstream with fixed-line computing.
“Because of the improving browser experiences on smartphones, mobile commerce and transaction execution are set to increase rapidly,” said William Clark, research vice president at Gartner. “We estimate that by the end of 2013, 12.5% of all e-commerce transactions will be mobile.”
Fraud prevention methods available today to mobile applications include: mobile device identification, location of a mobile device, and some new risk scoring models that evaluate the device, the device’s location, the behavior of the user, and related it to other information known about the user and his/her location.
“Given the explosive growth of smartphones and other mobile devices, the increase in mobile commerce, and the migration of fraud attacks to these devices, using mobile fraud detection in mobile commerce environments is an imperative,” says Avivah Litan, vice president and distinguished analyst at Gartner. “The evolution of these fraud detection tools will play a part in turning mobile commerce into location- and context-aware commerce by increasing the confidence of businesses, financial institutions and end users. This increase in confidence will help open up new possibilities for context awareness that will be richer than they are in fixed-line commerce.”
Gartner estimates that 70% of the largest 20 global card issuers will gradually adopt mobile context information to help detect fraud on fixed-line transactions, and that by year-end 2015, more than 15% of all payment card transactions will be validated using context-aware profile information.
Why this matters
Companies collecting profile information about you has obvious benefits – for example, you want to be confident that the purchases you make really are yours, not some financial thief’s. However, the collection of information about you, your whereabouts and your patterns is highly sensitive private information over which you should have the ultimate control.
This means that you need to have three core protections:
- Transparency – you need to be able to see what information is being collected about you and have a clear understanding of how it’s being used – particularly if that information is shared or sold to other parties
- Choice – you need to be able to easily find and modify information in your profiles
- Control – you need the ability to effect a one-click opt-out of data collection
These protections will have tradeoffs. For example, if you don’t share information that mobile commerce companies need to validate you, your purchasing process may be delayed as other means of authentication may be required.
The devil’s in the details: There will be an ongoing tension over how to strike the right balance between corporate and government’s data collection and consumer privacy because there isn’t one ‘right balance’ point. Privacy and authentication/transactional security needs will exist on a sliding scale that varies between the situational needs and consumer comfort levels.
There are currently two proposals in front of congress that relate to this balance information sharing; the Privacy bill draft by Rep. Boucher (D-VA) and Rep. Sterns (R-FL), designed to “assure a higher level of [online] privacy protection” for online surfers, by establishing an opt-in model for collecting Web surfing information for marketing purposes, and Representative Rush’s (D-IL) Best Practices Act of 2010 proposal with the following key provisions:
- Ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information.
- Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers’ options regarding those practices.
- Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and direct the Federal Trade Commission to establish flexible and reasonable standards and requirements for such notices.
- Require companies to obtain “opt-in” consent to disclose information to a third party. In the bill, the term, “third party” would be defined based on consumers’ reasonable expectations rather than corporate structure.
- Establish a “safe harbor” that would exempt companies from the “opt-in” consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by FTC.
- Require companies to have reasonable procedures to assure the accuracy of the personal information they collect. The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend, certain information.
- Require companies to have reasonable procedures to secure information and to retain personal information only as long as is necessary to fulfill a legitimate business or law enforcement need.
The efforts by all three Representatives can provide strong new consumer protections, and are worth watching while they wend their way through congress as you have a high stake in the outcome.
Additional information on Gartner’s projections is available in the report “Get Smart With Context-Aware Mobile Fraud Detection” http://www.gartner.com/resId=1412535.