mCommerce Fraud

May 18, 2021 | 10 min read

How to Protect Your Business Against mCommerce Fraud Losses

Mobile commerce, or mCommerce, as it’s often known, is quickly becoming the dominant channel for online shopping and transactions. However, that fact only serves to heighten concerns around the growing threat of mCommerce fraud.

According to data published by Statista, mobile commerce is expected to represent 73% of global eCommerce spend in 2021, or $3.56 trillion. Of course, that projection predates the Covid-19 outbreak. The actual figure for mobile eCommerce spending this year is almost certainly going to be much higher than anyone could have anticipated.

There are plenty of reasons for the rapid adoption of mCommerce. Consumers love the convenience and the cross-channel utility. This is great news for retailers, as it drives sales and revenue growth. However, between 2018 and 2019, we observed an increase of more than 100% in mobile fraud attempts. Plus, the average cost of an mCommerce fraud incident is now greater than that of a conventional eCommerce fraud attempt.

It’s clear that you need to take steps to reckon with this fast-growing form of abuse. However, a “one-size-fits-all” approach won’t cut it.

Fraud Risk Factors & mCommerce

Many of the same consequences you face with conventional eCommerce fraud apply to mobile channels as well. Each successful fraud incident means you get hit with a chargeback, which translates to lost revenue and merchandise, as well as added fees. Plus, if fraudsters manage to defeat your security, it could create trust issues among consumers and result in lasting brand damage.

Not only that, but in the course of trying to stop fraud, there’s also a good chance you might end up falsely identifying some legitimate transactions as fraud. These false declines can have a massive impact on your bottom line and further damage your relationship with customers.

Is mCommerce Fraud Holding Your Business Back?

It’s easy to protect your revenue and prevent losses from chargebacks and fraud. Click here and learn more.


Tactics that fraudsters employ in desktop environments often translate to mobile devices. That said, there are some fraud risks that are specific to the mCommerce space, including:


Mobile devices offer unique opportunities for fraudsters, like text message scams. “smishing” (or SMS phishing) is a practice by which fraudsters impersonate a trusted party and send SMS messages to consumers. The goal here is to trick the recipient into willingly handing over their information. Given that many brands now communicate with consumers via SMS messages, it’s not hard to imagine a criminal impersonating a legitimate merchant and carrying out an attack.

Increased Data Exposure

One of the greatest assets of mCommerce is that it facilitates multi-platform interactions. You could have users going back and forth between desktop sites, mobile sites, and apps. That’s a lot of consumer data flowing around, and data attracts fraudsters like blood draws sharks. Hackers may take advantage of the situation by intercepting data as it flows from one platform or party to another.

Family Fraud

Children may have access to a parent’s mobile device, such as a tablet. In this case, the problem becomes a matter of too much access, rather than barriers to access. The child may be able to conduct transactions without the parent’s knowledge; this is a practice known as family fraud and is one of the leading factors contributing to the broader upward trend in friendly fraud chargebacks.

Is 2FA the Solution?

Even beyond the direct threat of outside fraud, there are additional potential problems with mCommerce. Accessibility, for instance, could be an issue: users may have trouble unlocking their device or using it in some other way, which would prevent them from completing a purchase.

Still, mCommerce presents opportunities that are too lucrative for retailers to pass up. Fraud in the digital market is already a real and growing danger; the threat posed by mCommerce fraud compounds the existing problem. So, what can we do?

One option is to stop fraud and other vulnerabilities by leveraging security technologies that are unique to mCommerce. According to research from Mastercard, consumer confidence in biometrics and QR Code technologies in the payments space is growing fast:

“Biometric-based payments—using a person’s physical characteristics to authenticate and/or execute a payment in either an online or in-store environment—used to suffer from a perception problem that they were not as secure as card payments. As consumers get increasingly comfortable with devices that use fingerprints or facial recognition as security features, this perception is waning, according to the report.”

Mastercard New Payments Index 2021 Mastercard

2FA is More Responsive to the Demands of the mCommerce Space

Recent statistics underscore this. The Mastercard study cited above also found that 53% of consumers now view biometric checkout processes as a secure and safe option for online purchases. 6 in 10 consumers now say they feel “safer about using biometrics to verify a purchase than a PIN.”

Encouraging the use of tools that use two-factor authentication (2FA), like Apple Pay and Samsung Pay, can help consumers acclimate to these more advanced mobile security options. The same applies to other 2FA options, such as requiring new customers to enter a one-time validation code sent via text to validate purchases.

This can have additional utility as well. Take legal compliance, for example. As noted in a recent post by UpGuard, US organizations must adopt zero trust architecture (ZTA) as a mandatory requirement under Joe Biden's Cybersecurity Executive Order. 2FA is often used as part of a zero-trust architecture to stop hackers.

Two-Factor Authentication Can Still be Defeated

Organizations that take advantage of 2FA can see significant savings in terms of criminal fraud and family fraud deterrence. But, even with the benefit of 2FA technology, you can still be vulnerable to abuse.

Different countries and regions have different standards for the deployment of 2FA technologies. This can complicate matters when trying to authenticate cross-border customers, negatively impacting the customer experience.

Synthetic fraud could be a method to easily defeat some 2FA tactics like the one-time text code. Going back to our smishing discussion from earlier, knowledge-based questions (requiring a passcode as a second identification factor) may also be defeated by fraudsters who manage to trick consumers into handing over personal information.

Common Question Can conventional fraud tactics defeat 2FA?

Yes, it's possible. For example, synthetic fraud could defeat some 2FA tactics like single-use text codes. Knowledge-based questions, like requiring a passcode, may also be defeated by fraudsters who trick consumers into handing over personal information.

There are other tactics that these criminals can employ, like swapping SIM cards to defeat fraud detection mechanisms. Even biometrics are not foolproof: numerous vulnerabilities in the technology have been identified, including one case in which millions of users’ fingerprint records were stolen.

This is not to say that the fight against mCommerce fraud is hopeless—far from it. In fact, the solution for mCommerce fraud is already in your hands.

It’s not a matter of finding one tactic or tool that can serve as a singular defense against fraud across the board. Instead, we must combine a variety of tactics in a complimentary manner to identify and eliminate fraud.

Stopping Fraud With a Multilayer Approach

Stopping fraud while keeping mCommerce customers happy is a delicate process. We recommend including all the following practices as part of a broader fraud management strategy:

Require Strong Passwords

Require Strong Passwords

Require shoppers to create strong passwords for their accounts. Each password should include a variety of different letters, numbers, special characters, and cases. You can also encourage buyers to use a password manager to suggest a password.

Provide Real-Time Account Alerts

Provide Real-Time Account Alerts

Send alerts to customers any time a password is changed, or when a purchase is completed. Encourage customers to opt-in so that they receive these alerts any time there’s activity on their accounts.

Use Multilayer Fraud Tools

Use Multilayer Fraud Tools

Geolocation, velocity limits, device fingerprinting, and fraud blacklists are all useful mCommerce fraud prevention tools. You should deploy these in a coordinated manner to offer better transaction insight and more accurately flag fraud attempts.

Use Fraud Scoring

Use Fraud Scoring

These third-party service providers can automatically evaluate transactions for fraud risk, then flag suspicious orders. You can choose to automatically reject these orders, or submit them for additional screening. For some suggestions, check out this list of service providers we’ve compiled.

Review Flagged Orders

Review Flagged Orders

When orders get flagged as potential fraud by your fraud filter, it’s best to conduct manual reviews when possible. This will help you sift out fraud without causing a spike in false declines.

Respond Quickly to Customer Inquiries

Respond Quickly to Customer Inquiries

Attentive customer service can allow you to prevent chargebacks by refunding customers in the event of fraud. You may also be able to intercept other customer inquiries that would otherwise devolve into a friendly fraud chargeback.

Get the Help You Need to Stop mCommerce Fraud Chargebacks

Each step outlined above is an important part of your response to mCommerce fraud. However, we can’t overlook the importance of seeking out help from experts when needed.

Chargebacks911® is the industry’s leading force in chargeback management. We deploy Intelligent Source Detection™ technology to identify disputes by their source—merchant error, criminal fraud, or friendly fraud—then implement the necessary solutions to eliminate chargeback issuances.

Don’t let fears about mCommerce fraud rob you of lucrative sales and other opportunities for growth. Contact Chargebacks911 today and make fraud and disputes a thing of the past.


What is mCommerce fraud?

mCommerce fraud refers to any fraud scheme conducted through the mobile commerce environment. This can include phones, tablets, wearables, or other mobile devices capable of conducting transactions.

Is mCommerce fraud a growing problem?

Yes. Between 2018 and 2019, observers noted an increase of more than 100% in mobile fraud attempts. Plus, the average cost of an mCommerce fraud incident is now greater than that of a conventional eCommerce fraud attempt.

Can two-factor authentication prevent mCommerce fraud?

Yes, in some cases. However, we have to remember that 2FA is not foolproof. While some mobile fraud can be prevented using 2FA, there are still tactics that can defeat it, including smishing, synthetic fraud, and SIM switching.

How can merchants stop mCommerce fraud?

mCommerce fraud can be prevented using a multilayer strategy. For instance, merchants should use require strong passwords for account creation, and provide real-time alerts for account activity. They should also deploy a variety of fraud detection tools, all backed by fraud scoring, as well as chargeback management.

We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form