Best Practices in Risk Management for Mobile Payments - MRC 2011

4,196 views
4,005 views

Published on

Elena Krasnoperova, VP Risk Management at Zong, presents Best Practices for Mobile Payments Risk Managment at the 2011 Annual Merchant Risk Council conference in Las Vegas.

Published in: Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total views
4,196
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
202
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Best Practices in Risk Management for Mobile Payments - MRC 2011

  1. 1. Best practices for Risk Management in Mobile Payments<br />Elena Krasnoperova<br />Vice President of Analytics and Risk Management, Zong<br />
  2. 2. Agenda<br />What are mobile payments?<br />How do mobile payments work?<br />How do mobile payments differ from other types of CNP payments?<br />How can mobile payments make transactions more secure?<br />What are the special fraud management challenges of mobile payments?<br />What are the key regional differences in fraud management for mobile payments?<br />What are the best practices from leading Digital Goods merchants?<br />2<br />
  3. 3. What are mobile payments?<br />Mobile payment = payment for goods or services with a mobile device such as a phone or a PDA<br />Mobile device may be used to do any/all of the steps:<br /><ul><li>Initiate transaction (e.g., begin checkout)
  4. 4. Authenticate transaction
  5. 5. Settle transaction on the mobile phone bill</li></ul>3<br />
  6. 6. What are the main types of mobile payments?<br />Proximity payments<br />Remote payments<br /><ul><li>Payment is made at the Point of Sale (POS) or in proximity to recipient
  7. 7. Competes with cash or swiping a plastic debit or credit card
  8. 8. Similar to a card-present transaction
  9. 9. Often involves Near Field Communication (NFC)
  10. 10. Payment is made remotely (e.g., via a web-enabled retailer)
  11. 11. Competes with PayPal, credit, debit and prepaid cards
  12. 12. Similar to a card-not-present transaction
  13. 13. Often involves Premium SMS or direct carrier billing</li></ul>4<br />Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.<br />
  14. 14. What are the main types of mobile payments?<br />Proximity payments<br />Remote payments<br />Digital goods and services<br />Physical goods and services<br />Cash and credits<br />5<br />Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.<br />
  15. 15. Examples of mobile payments<br />Proximity payments<br />Remote payments<br />Digital goods and services<br /><ul><li>Tickets
  16. 16. Online gaming
  17. 17. Music, video, publishing
  18. 18. SW downloads and services</li></ul>Physical goods and services<br /><ul><li>All types of physical goods (similar to POS purchases)
  19. 19. All types of physical goods (similar to e-commerce)</li></ul>Cash and credits<br /><ul><li>Social payments (e.g., cost sharing for meals or gifts)
  20. 20. Money transfers
  21. 21. Remittances (domestic)
  22. 22. Remittances (international)</li></ul>6<br />Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.<br />
  23. 23. Today we’ll focus on remote mobile payments for digital goods<br />Proximity payments<br />Remote payments<br />Digital goods and services<br /><ul><li>Tickets
  24. 24. Online gaming
  25. 25. Music, video, publishing
  26. 26. SW downloads and services</li></ul>Physical goods and services<br /><ul><li>All types of physical goods (similar to POS purchases)
  27. 27. All types of physical goods (similar to e-commerce)</li></ul>Cash and credits<br /><ul><li>Social payments (e.g., cost sharing for meals or gifts)
  28. 28. Money transfers
  29. 29. Remittances (domestic)
  30. 30. Remittances (international)</li></ul>Main focus for today<br />7<br />Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.<br />
  31. 31. Agenda<br />What are mobile payments?<br />How do mobile payments work?<br />How do mobile payments differ from other types of CNP payments?<br />How can mobile payments make transactions more secure?<br />What are the special fraud management challenges of mobile payments?<br />What are the key regional differences in fraud management for mobile payments?<br />What are the best practices from leading Digital Goods merchants?<br />8<br />
  32. 32. Transaction initiation<br />1. User selects Mobile as the payment option<br />2. User selects the amount of credits to purchase<br />9<br />
  33. 33. “Log in”<br />574 - 2341<br />3. User enters Mobile phone number <br />(pre-populated for previous users of Mobile payments) <br />10<br />
  34. 34. Transaction validation<br />4. User receives and enters a PIN code<br />11<br />
  35. 35. Transaction confirmation<br />$1.99<br />20<br />500<br />5. User receives confirmation of purchase on the Mobile device and on the Web<br />12<br />
  36. 36. Transaction settlement<br />Account number<br />Account number<br />Phone number<br />User name<br />13<br />
  37. 37. Agenda<br />What are mobile payments?<br />How do mobile payments work?<br />How do mobile payments differ from other types of CNP payments?<br />How can mobile payments make transactions more secure?<br />What are the special fraud management challenges of mobile payments?<br />What are the key regional differences in fraud management for mobile payments?<br />What are the best practices from leading Digital Goods merchants?<br />14<br />
  38. 38. Differences from other CNP payments<br />Mobile payments<br />Credit or <br />debit card<br />PayPal <br />(on the web)<br />PayPal <br />(on Mobile)<br />Account creation<br /><ul><li>None
  39. 39. Enter full cc info
  40. 40. Billing address
  41. 41. Username/password
  42. 42. Captcha
  43. 43. Enter email/password
  44. 44. Captcha
  45. 45. Verify email
  46. 46. Add/verify cc or bank
  47. 47. Download PayPal app, wait for install
  48. 48. Enter name, email, phone number, address
  49. 49. Add credit card
  50. 50. Add PIN
  51. 51. Receive and reply to verification SMS
  52. 52. Log in with username and password or with mobile number and PIN</li></ul>Transaction initiation<br /><ul><li>Enter phone number
  53. 53. Enter full cc info, or
  54. 54. Log in with username and password
  55. 55. Log in with username and password</li></ul>Transaction validation<br /><ul><li>Enter 1-time PIN code
  56. 56. None
  57. 57. None
  58. 58. None</li></ul>Much easer especially for first-time users -> <br />5-10x higher transaction completion rate<br />15<br />
  59. 59. Differences from other CNP payments<br />Mobile payments<br />Credit or <br />debit card<br />PayPal <br />(on the web)<br />PayPal <br />(on Mobile)<br />Transaction settlement<br /><ul><li>Mobile phone bill, or
  60. 60. Credit or debit card
  61. 61. Credit or debit card
  62. 62. Credit or debit card, or
  63. 63. Bank account, or
  64. 64. PayPal balance, or
  65. 65. PayPal credit line
  66. 66. Credit or debit card, or
  67. 67. Bank account, or
  68. 68. PayPal balance</li></ul>Timing of transaction confirmation<br /><ul><li>Instant
  69. 69. Instant
  70. 70. Instant
  71. 71. Instant</li></ul>Timing of funds availability<br /><ul><li>For carrier-billing: up to 90 days
  72. 72. For credit or debit card billing: 1 month
  73. 73. Varies from a few days to 1 month
  74. 74. Varies, often instant
  75. 75. Varies, often instant</li></ul>Carrier-billing model -> delayed funds availability<br />16<br />
  76. 76. Agenda<br />What are mobile payments?<br />How do mobile payments work?<br />How do mobile payments differ from other types of CNP payments?<br />How can mobile payments make transactions more secure?<br />What are the special fraud management challenges of mobile payments?<br />What are the key regional differences in fraud management for mobile payments?<br />What are the best practices from leading Digital Goods merchants?<br />17<br />
  77. 77. User/device authentication<br />Frictionlessexperience for the user, combined with:<br />Instant risk checks “behind the scenes”, including:<br /><ul><li>Positive / Negative lists
  78. 78. Credit availability (for prepaid phones)
  79. 79. Type of phone plan (e.g., business vs personal)
  80. 80. Primary vs. secondary account holder
  81. 81. Purchase history
  82. 82. Refund history
  83. 83. Spending limit
  84. 84. Velocity checks
  85. 85. Geolocation match
  86. 86. Device fingerprint</li></ul>18<br />574 - 2341<br />
  87. 87. Transaction authentication<br />Every transaction is authenticated and opted-into by the user<br /><ul><li>PIN code valid for one transaction only
  88. 88. PIN code expires after a pre-determined amount of time
  89. 89. Only 3 attempts to enter PIN are allowed to prevent guessing</li></ul>19<br />
  90. 90. Agenda<br />What are mobile payments?<br />How do mobile payments work?<br />How do mobile payments differ from other types of CNP payments?<br />How can mobile payments make transactions more secure?<br />What are the special fraud management challenges of mobile payments?<br />What are the key regional differences in fraud management for mobile payments?<br />What are the best practices from leading Digital Goods merchants?<br />20<br />
  91. 91. Four unique challenges<br />Consumers expect instant transaction confirmation and delivery of goods<br />Consumers do not tolerate payment friction as purchases are discretionary<br />Most of the fraud is “friendly fraud”<br />Mobile operators control refund policies and processes<br />21<br />
  92. 92. 1. Instant delivery<br />Consumers expect instant transaction confirmation and delivery of goods<br /><ul><li>Can not put transaction on hold for hours to do manual agent reviews
  93. 93. Can not reverse transaction back on the mobile phone bill if transaction is fraudulent
  94. 94. Once the digital goods are delivered, can not take them back if transaction is fraudulent</li></ul>22<br />
  95. 95. 2. Low tolerance for friction<br />Consumers do not tolerate payment friction as purchases are discretionary<br /><ul><li>Micropayments digital goods are highly discretionary, impulse-driven purchases
  96. 96. “No friction” is the core promise of mobile payments, and the main driver of adoption
  97. 97. Consumers have very little tolerance for any additional payment friction (e.g., 2FA)</li></ul>23<br />
  98. 98. 3. Friendly fraud<br />Most of the fraud is “friendly fraud”<br /><ul><li>“Friendly fraud” is more difficult to predict than “professional fraud”, as transaction patterns are similar to those of non-fraudulent purchases
  99. 99. Tools that work for “professional fraud” (e.g., device fingerprinting or IP geolocation) are less effective for “friendly fraud”
  100. 100. “Friendly fraud” is more difficult to contest with mobile operators</li></ul>24<br />
  101. 101. 4. Refund policies and processes<br />Mobile operators control refund policies and processes<br /><ul><li>Mobile operators can’t resolve “goods not received” complaints and grant refunds instead
  102. 102. Some mobile operators have a “no questions asked” refund policy and thus high refund rates
  103. 103. Most operators do not allow payment processors an opportunity to contest refund requests
  104. 104. Some operators do not give payment processors visibility into transaction- or user-level refunds</li></ul>25<br />
  105. 105. Consequences<br />Effective risk management in mobile payments has to be:<br />Instant / real-time (vs. delayed)<br />“Behind the scenes” (vs. user-initiated)<br />Effective for “friendly fraud” (vs. for professional fraud)<br />Proactive (vs. reactive once refund occurs)<br />Based on millions of mobile payment txns<br />26<br />
  106. 106. Best practices for risk management<br />…to assess risk and rewards…<br />…and to take action<br />Many data elements are combined…<br />Device fingerprint<br />Bar user<br />Consumer transaction history<br />Block transaction<br />Product type<br />Phone area code<br />Review transaction<br />Geo-location match<br />Refund history<br />Transaction risk level<br />Reverse transaction<br />Recent txn velocity<br />Consumer risk level<br />Consumer time on file<br />Warn merchant<br />Merchant industry<br />Consumer lifetime value<br />IP address<br />Monitor consumer<br />Purchase amount<br />Carrier<br />Time stamp<br />Allow transaction<br />Country<br />27<br />
  107. 107. Agenda<br />What are mobile payments?<br />How do mobile payments work?<br />How do mobile payments differ from other types of CNP payments?<br />How can mobile payments make transactions more secure?<br />What are the special fraud management challenges of mobile payments?<br />What are the key regional differences in fraud management for mobile payments?<br />What are the best practices from leading Digital Goods merchants?<br />28<br />
  108. 108. Regional differences<br />European and Asian consumers are much more used to Mobile payments than US consumers<br />Refund rates are lower in Europe and Asia than in the US because of differences in Mobile Operator refund policies and consumer habits<br />Operator-mandated spending limits are often much higher in Europe and Asia than in the US<br />Some European countries have very strict regulations affecting Mobile Payments, particularly as they relate to minors (<18 years old)<br />29<br />
  109. 109. EU regulations: Example<br />By law, Spain prohibits processing of premium SMS (i.e., mobile payment) transactions targeting minors (<18 years old) between 11 pm and 8 am CET<br />Source: Comisión de Supervisión de los Servicios de TarificaciónAdicional: Código de Conducta.<br />30<br />
  110. 110. Consequences<br />Risk management policies and tools must be tuned for country/MNO differences<br />Must abide by operator-mandated spending limits, consumer notifications, and other rules<br />Given differences in refund rates, risk-reward tradeoffs differ by country/operator<br />Consumer usage patterns and fraud patterns differ dramatically by country – what’s normal in FR differs from what’s normal in the US<br />31<br />
  111. 111. Agenda<br />What are mobile payments?<br />How do mobile payments work?<br />How do mobile payments differ from other types of CNP payments?<br />How can mobile payments make transactions more secure?<br />What are the special fraud management challenges of mobile payments?<br />What are the key regional differences in fraud management for mobile payments?<br />What are the best practices from leading Digital Goods merchants?<br />32<br />
  112. 112. Merchant best practices<br />Be clear about your refund policies<br />Provide end-users with ability to contact you and resolve problems<br />Know thy user (what’s normal vs. not)<br />Share risk-related data with your payment provider (e.g., TOF, unique account identifier, device fingerprints, negative lists)<br />Take prompt action on fraudsters (restrict their accounts, reclaim unused goods)<br />33<br />
  113. 113. Questions?<br />Elena Krasnoperova<br />VP, Analytics and Risk Management<br />elena@zong.com<br />408-219-0208<br />34<br />

×