Consumers love paying for goods and services with their smartphones. But as more retailers release their own mobile apps with in-store payment options, the threat of fraud must be carefully considered. Retailers offering in-store purchasing through a mobile app should be aware of major card-not-present fraud schemes.
Let’s imagine a fictitious retailer called Smoothie Shop; its mobile app allows saves customers' credit card information to facilitate in-store purchases. And that opens the door to at least three kinds of potential fraud.
In the first scenario, the fraudster takes over an existing Smoothie Shop account. Since the account already has a credit card saved in the app, the fraudster can simply walk over to a Smoothie Shop, present the mobile app with the saved credit card information, and enjoy a refreshing smoothie that was paid for with someone else's stored credit card.
In a second scenario, the fraudster takes over a Smoothie Shop account again, except this account lacks a saved credit card. That in turn prompts the fraudster to buy a stolen credit card off the Dark Web or some other electronic market, then add the newly obtained card to the Smoothie Shop account and app. They can then proceed to the closest shop to buy smoothies using the stolen credit card.
Why would fraudsters go through the trouble of taking over an existing account instead of just creating a brand new account to commit fraud? It's because savvy fraudsters know that "aged" accounts more than 3–6 months old with a good transaction history are less closely scrutinized than a brand new account with no transaction history.
Finally, in a third a ..
Support the originator by clicking the read the rest link below.
