ThreatMetrix: Mobile buying less risky than desktop this holiday season

ThreatMetrix desktop v mobile risky transactions

Cybercrime prevention solution provider ThreatMetrix has released their assessment of the risk levels associated with online commerce transactions during the 2011 holiday season, and finds on average mobile transactions were less risky overall than transactions conducted from desktop (or notebook) computers. From businesses’ point of view, this means that mobile transactions might be less chancy than traditional online sales; for consumers, it might mean that businesses increasingly try to shift online purchasing to mobile platforms as a way to reduce their risk.

ThreatMetrix doesn’t go into any detail about what makes a transaction qualify as “risky,” “somewhat risky,” or “very risky,” but the overall pattern for December 2011 is consistent across both mobile and desktop platforms, with a significant uptick in the number of potentially-fraudulent transactions leading up to and immediately following Christmas Day. Nonetheless, the findings are likely to be particularly interesting to businesses considering how to augment their e-commerce strategies—especially since online holiday spending is steadily increasing. (For instance, comScore reported online holiday spending was up 15 percent in 2011 to over $35 billion.)

“Online commerce is becoming a preferred channel, as its convenience and oftentimes competitive pricing are appealing factors to today’s consumers,” said ThreatMetrix’s chief product officer Alisdair Faulkner, in a statement. “As businesses continue to build a cross-channel presence, it’s essential they understand the inner workings of the fraud network to effectively prevent cybercrime.”

The “fraud network” noted by Faulkner refers to professional networks that specialize in online fraud, spanning spam, online gaming, social networking, e-commerce, and online banking. Where online fraud used to be dominated by individuals and small groups, ThreatMetrix maintains a major threat now is networked groups of criminals, each specializing in a different phase or step of committing online fraud, whether it be setting up fake social networking accounts, infecting vulnerable PCs, testing stolen credit card data, and placing bogus online orders for goods that are then resold. And they may be racking up more per theft: CyberSource’s 2011 Fraud Report puts total losses from online fraud totaling $3.4 billion for 2011, which is the first time there’s been an uptick in revenue lost to fraud since 2004. However, overall, CyberSource found online fraud was down from 0.9 percent of orders in 2010 compared to 0.6 percent in 2011.

The comparative safely—or, at least “less risk”—associated with mobile commerce might be a temporary phenomena, however. Where significant online commerce has been conducted via traditional Web browsers for the better part of two decades, the mobile commerce world is comparatively new territory for fraudsters. Where vendor and carrier lock-in may be effective tools for dissuading simplistic types of fraud—or at least being able to associate it with individual mobile users—there’s nothing about a mobile Web browser or app that makes it magically less able to (say) send stolen credit card information to businesses. It’s also possible mobile commerce just hasn’t been a big enough target for fraudsters to seriously target: even with the 2011 holiday season seeming a watershed for placing orders via tablets and smartphones, IBM found mobile devices still only accounted for 14.6 percent of all online commerce sessions.