Upload
hill-ferguson
View
3.412
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Elena Krasnoperova, VP Risk Management at Zong, presents Best Practices for Mobile Payments Risk Managment at the 2011 Annual Merchant Risk Council conference in Las Vegas.
Citation preview
MRC 2011 Annual e-CommercePayments and Risk ConferenceMRC 2011 Annual e-CommercePayments and Risk Conference
Best practices for Risk Management in Mobile Payments
Elena KrasnoperovaVice President of Analytics and Risk Management, Zong
MRC 2011 Annual e-CommercePayments and Risk Conference
Agenda1. What are mobile payments?2. How do mobile payments work?3. How do mobile payments differ from other types of CNP
payments?4. How can mobile payments make transactions more secure?5. What are the special fraud management challenges of
mobile payments?6. What are the key regional differences in fraud management
for mobile payments?7. What are the best practices from leading Digital Goods
merchants?
2
MRC 2011 Annual e-CommercePayments and Risk Conference
What are mobile payments?Mobile payment = payment for goods or services with a mobile device such as a phone or a PDA
Mobile device may be used to do any/all of the steps:• Initiate transaction (e.g., begin checkout)• Authenticate transaction• Settle transaction on the mobile phone bill
3
MRC 2011 Annual e-CommercePayments and Risk Conference
What are the main types of mobile payments?
• Payment is made at the Point of Sale (POS) or in proximity to recipient
• Competes with cash or swiping a plastic debit or credit card
• Similar to a card-present transaction
• Often involves Near Field Communication (NFC)
Proximity payments
• Payment is made remotely (e.g., via a web-enabled retailer)
• Competes with PayPal, credit, debit and prepaid cards
• Similar to a card-not-present transaction
• Often involves Premium SMS or direct carrier billing
Remote payments
4
Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.
MRC 2011 Annual e-CommercePayments and Risk Conference
What are the main types of mobile payments?
Proximity payments Remote payments
Digital goods and servicesPhysical goods and servicesCash and credits
5
Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.
MRC 2011 Annual e-CommercePayments and Risk Conference
Examples of mobile payments
Proximity payments Remote payments
Digital goods and servicesPhysical goods and servicesCash and credits
• Tickets • Online gaming• Music, video, publishing• SW downloads and services
• All types of physical goods (similar to POS purchases)
• All types of physical goods (similar to e-commerce)
• Social payments (e.g., cost sharing for meals or gifts)
• Money transfers• Remittances (domestic)• Remittances (international)
6
Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.
MRC 2011 Annual e-CommercePayments and Risk Conference
Today we’ll focus on remote mobile payments for digital goods
Proximity payments Remote payments
Digital goods and servicesPhysical goods and servicesCash and credits
• Tickets • Online gaming• Music, video, publishing• SW downloads and services
• All types of physical goods (similar to POS purchases)
• All types of physical goods (similar to e-commerce)
• Social payments (e.g., cost sharing for meals or gifts)
• Money transfers• Remittances (domestic)• Remittances (international)
Main focus for today
7
Source: Adapted from Juniper Research report “Mobile payments for digital & physical goods”.
MRC 2011 Annual e-CommercePayments and Risk Conference
Agenda1. What are mobile payments?2. How do mobile payments work?3. How do mobile payments differ from other types of CNP
payments?4. How can mobile payments make transactions more secure?5. What are the special fraud management challenges of
mobile payments?6. What are the key regional differences in fraud management
for mobile payments?7. What are the best practices from leading Digital Goods
merchants?
8
MRC 2011 Annual e-CommercePayments and Risk Conference
Transaction initiation
1. User selects Mobile as the payment option
2. User selects the amount of credits to purchase
9
MRC 2011 Annual e-CommercePayments and Risk Conference
“Log in”
3. User enters Mobile phone number (pre-populated for previous users of Mobile payments)
10
574 - 2341
MRC 2011 Annual e-CommercePayments and Risk Conference
Transaction validation
4. User receives and enters a PIN code
11
MRC 2011 Annual e-CommercePayments and Risk Conference
Transaction confirmation
5. User receives confirmation of purchase on the Mobile device and on the Web
$1.99
20
500
12
MRC 2011 Annual e-CommercePayments and Risk Conference
Transaction settlement
Phone number
User name
Account numberAccount number
13
MRC 2011 Annual e-CommercePayments and Risk Conference
Agenda1. What are mobile payments?2. How do mobile payments work?3. How do mobile payments differ from other types of CNP
payments?4. How can mobile payments make transactions more secure?5. What are the special fraud management challenges of
mobile payments?6. What are the key regional differences in fraud management
for mobile payments?7. What are the best practices from leading Digital Goods
merchants?
14
MRC 2011 Annual e-CommercePayments and Risk Conference
Differences from other CNP payments
Account creation
Transaction initiation
Transaction validation
Mobile payments
• None
• Enter phone number
• Enter 1-time PIN code
Credit or debit card
• Enter full cc info• Billing address• Username/password• Captcha
• Enter full cc info, or• Log in with username
and password
• None
PayPal (on the web)
• Enter email/password• Captcha• Verify email• Add/verify cc or bank
• Log in with username and password
• None
PayPal (on Mobile)
• Log in with username and password or with mobile number and PIN
• None
Much easer especially for first-time users -> 5-10x higher transaction completion rate
• Download PayPal app, wait for install
• Enter name, email, phone number, address
• Add credit card• Add PIN• Receive and reply to
verification SMS
15
MRC 2011 Annual e-CommercePayments and Risk Conference
Transaction settlement
Timing of transaction confirmationTiming of funds availability
Mobile payments
• Mobile phone bill, or• Credit or debit card
• Instant
• For carrier-billing: up to 90 days
• For credit or debit card billing: 1 month
Credit or debit card
• Credit or debit card
• Instant
• Varies from a few days to 1 month
PayPal (on the web)
• Credit or debit card, or• Bank account, or• PayPal balance, or• PayPal credit line
• Instant
• Varies, often instant
PayPal (on Mobile)
• Credit or debit card, or• Bank account, or• PayPal balance
• Instant
• Varies, often instant
Carrier-billing model -> delayed funds availability
Differences from other CNP payments
16
MRC 2011 Annual e-CommercePayments and Risk Conference
Agenda1. What are mobile payments?2. How do mobile payments work?3. How do mobile payments differ from other types of CNP
payments?4. How can mobile payments make transactions more secure?5. What are the special fraud management challenges of
mobile payments?6. What are the key regional differences in fraud management
for mobile payments?7. What are the best practices from leading Digital Goods
merchants?
17
MRC 2011 Annual e-CommercePayments and Risk Conference
User/device authenticationFrictionless experience for the user, combined with:
Instant risk checks “behind the scenes”, including:
• Positive / Negative lists• Credit availability
(for prepaid phones)• Type of phone plan (e.g.,
business vs personal)• Primary vs. secondary
account holder• Purchase history• Refund history• Spending limit• Velocity checks• Geolocation match• Device fingerprint
18
574 - 2341
MRC 2011 Annual e-CommercePayments and Risk Conference
Transaction authentication
Every transaction is authenticated and opted-into by the user• PIN code valid for one transaction only• PIN code expires after a pre-determined amount of time• Only 3 attempts to enter PIN are allowed to prevent guessing
19
MRC 2011 Annual e-CommercePayments and Risk Conference
Agenda1. What are mobile payments?2. How do mobile payments work?3. How do mobile payments differ from other types of CNP
payments?4. How can mobile payments make transactions more secure?5. What are the special fraud management challenges of
mobile payments?6. What are the key regional differences in fraud management
for mobile payments?7. What are the best practices from leading Digital Goods
merchants?
20
MRC 2011 Annual e-CommercePayments and Risk Conference
Four unique challenges
1. Consumers expect instant transaction confirmation and delivery of goods
2. Consumers do not tolerate payment friction as purchases are discretionary
3. Most of the fraud is “friendly fraud”4. Mobile operators control refund
policies and processes
21
MRC 2011 Annual e-CommercePayments and Risk Conference
1. Instant delivery Consumers expect instant transaction
confirmation and delivery of goods Can not put transaction on hold for hours to do
manual agent reviews Can not reverse transaction back on the mobile
phone bill if transaction is fraudulent Once the digital goods are delivered, can not take
them back if transaction is fraudulent
22
MRC 2011 Annual e-CommercePayments and Risk Conference
2. Low tolerance for friction Consumers do not tolerate payment
friction as purchases are discretionary Micropayments digital goods are highly
discretionary, impulse-driven purchases “No friction” is the core promise of mobile
payments, and the main driver of adoption Consumers have very little tolerance for any
additional payment friction (e.g., 2FA)
23
MRC 2011 Annual e-CommercePayments and Risk Conference
3. Friendly fraud
Most of the fraud is “friendly fraud” “Friendly fraud” is more difficult to predict than
“professional fraud”, as transaction patterns are similar to those of non-fraudulent purchases
Tools that work for “professional fraud” (e.g., device fingerprinting or IP geolocation) are less effective for “friendly fraud”
“Friendly fraud” is more difficult to contest with mobile operators
24
MRC 2011 Annual e-CommercePayments and Risk Conference
4. Refund policies and processes Mobile operators control refund policies
and processes Mobile operators can’t resolve “goods not
received” complaints and grant refunds instead Some mobile operators have a “no questions
asked” refund policy and thus high refund rates Most operators do not allow payment processors
an opportunity to contest refund requests Some operators do not give payment processors
visibility into transaction- or user-level refunds25
MRC 2011 Annual e-CommercePayments and Risk Conference
Consequences Effective risk management in mobile
payments has to be:– Instant / real-time (vs. delayed)– “Behind the scenes” (vs. user-initiated)– Effective for “friendly fraud” (vs. for
professional fraud)– Proactive (vs. reactive once refund occurs)– Based on millions of mobile payment txns
26
MRC 2011 Annual e-CommercePayments and Risk Conference
Best practices for risk management
Consumer transaction history
Phone area code
Geo-location matchRefund history
Recent txn velocity Consumer time on file
IP addressMerchant industry
Purchase amount
Time stamp
Carrier
Product type
Country
Block transaction
Bar user
Review transaction
Warn merchant
Monitor consumer
Reverse transaction
Allow transaction
Transaction risk level
Consumer risk level
Consumer lifetime value
Many data elements are combined…
…to assess risk and rewards…
…and to take action
Device fingerprint
27
MRC 2011 Annual e-CommercePayments and Risk Conference
Agenda1. What are mobile payments?2. How do mobile payments work?3. How do mobile payments differ from other types of CNP
payments?4. How can mobile payments make transactions more secure?5. What are the special fraud management challenges of
mobile payments?6. What are the key regional differences in fraud management
for mobile payments?7. What are the best practices from leading Digital Goods
merchants?
28
MRC 2011 Annual e-CommercePayments and Risk Conference
Regional differences1. European and Asian consumers are much more
used to Mobile payments than US consumers2. Refund rates are lower in Europe and Asia than in
the US because of differences in Mobile Operator refund policies and consumer habits
3. Operator-mandated spending limits are often much higher in Europe and Asia than in the US
4. Some European countries have very strict regulations affecting Mobile Payments, particularly as they relate to minors (<18 years old)
29
MRC 2011 Annual e-CommercePayments and Risk Conference
EU regulations: Example
By law, Spain prohibits processing of premium SMS (i.e., mobile payment) transactions targeting minors (<18 years old) between 11 pm and 8 am CET
Source: Comisión de Supervisión de los Servicios de Tarificación Adicional: Código de Conducta.
30
MRC 2011 Annual e-CommercePayments and Risk Conference
Consequences Risk management policies and tools must
be tuned for country/MNO differences– Must abide by operator-mandated spending
limits, consumer notifications, and other rules– Given differences in refund rates, risk-reward
tradeoffs differ by country/operator– Consumer usage patterns and fraud patterns differ
dramatically by country – what’s normal in FR differs from what’s normal in the US
31
MRC 2011 Annual e-CommercePayments and Risk Conference
Agenda1. What are mobile payments?2. How do mobile payments work?3. How do mobile payments differ from other types of CNP
payments?4. How can mobile payments make transactions more secure?5. What are the special fraud management challenges of
mobile payments?6. What are the key regional differences in fraud management
for mobile payments?7. What are the best practices from leading Digital Goods
merchants?
32
MRC 2011 Annual e-CommercePayments and Risk Conference
Merchant best practices1. Be clear about your refund policies2. Provide end-users with ability to contact
you and resolve problems3. Know thy user (what’s normal vs. not)4. Share risk-related data with your payment
provider (e.g., TOF, unique account identifier, device fingerprints, negative lists)
5. Take prompt action on fraudsters (restrict their accounts, reclaim unused goods)
33
MRC 2011 Annual e-CommercePayments and Risk Conference
Questions?Elena Krasnoperova
VP, Analytics and Risk [email protected]
408-219-0208
34