1. No category

Mobile E-Commerce: Friend or Foe?

Research
February 2015
Commerce: Friend or Foe?
Foe
Mobile E-Commerce:
A Cyber Security Study
A J.Gold Associates Research Report
“Many
any consumers now interact with the Internet primarily
through mobile devices, avoiding traditional PC devices and
browsers as not fitting into their always connected, on
on-the
themove lifestyles. For organizations with an on
on-line
line presence,
this shift has a profound impact, including an impact on
website security, loss prevention and fraud. Assessing the
impact of this shift on an organization’s cyber security is the
focus of this research study.
study.”
Research Sponsored By
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Contents
Executive Summary ................................
................................................................................................
................................. 3
Mobile Revenues ................................
................................................................................................
...................................... 3
The Friend:................................
........................................................................................................................
........................ 3
The Foe: ................................
...........................................................................................................................
........................... 3
Protecting Against Fraud ................................
........................................................................................
........................ 3
Averaging the Mobile Losses ..................................................................................
.................. 4
Average revenue, mobile revenue, losses, and growth rate indicated by respondents ................ 4
Are You Investing Enough? Probably Not! ............................................................
............................ 4
The Study Results ................................
................................................................................................
.................................... 5
Revenue Channels ................................
................................................................................................
................................... 5
Figure 1: Percentage of revenues from Internet channels .................................................
................................
6
Figure 2: Percentage of revenue from a Mobile App .........................................................
......................... 7
Analysis: ................................................................
................................................................................................
........................................ 7
Figure 3: Expected growth of Mobile App revenue in next 5 years ....................................
................................ 8
Analysis: ................................................................
................................................................................................
........................................ 8
Revenue Loss Due to Fraud ....................................................................................
.................... 8
Figure 4:: What percentage of revenues were lost to Internet and/or Mobile fraud in past
12 months ................................
.........................................................................................................................
......................... 9
Measuring Attitudes and Expectations ................................................................
................................ 10
Figure 5: Internet and Mobile fraud represent a significant risk........................................
................................
10
Analysis: ................................................................
................................................................................................
...................................... 10
Counting Fraud Incidents ................................
......................................................................................
...................... 11
Figure 6: How many Internet Fraud incidents in past 12 months .....................................
................................ 11
Figure 7: What percentage of fraud incidents were Mobile ..............................................
................................
12
Analysis ................................................................
................................................................................................
....................................... 12
How Big are the Risks................................
............................................................................................
............................ 13
Figure 8: How big a risk is – Average of Responses .......................................................
....................... 13
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or
redistribute without the permission of J.Gold Associates, LLC.
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Analysis ................................................................
................................................................................................
....................................... 13
Login Requirements for Mobile Users................................................................
.................................. 14
Figure 9: What type of Mobile login credentials Currently required ..................................
................................ 14
Figure 10: What type of Mobile login credentials required In Future ................................ 15
Verifying user account changes ................................................................
........................................... 16
Figure 11: Security measures used to verify Internet account changes ........................... 16
Figure 12: Security measures used to verify Mobile account changes............................. 17
Use of Advanced Analytical Tools ................................................................
........................................ 17
Figure 13: Using Advanced Analytical tools to detect fraud .............................................
................................
18
Mobile E-Commerce:
Commerce: Friend or Foe ................................................................
...................................... 18
Figure 14: Revenues by Company Size ................................................................
.......................................... 19
Figure 15: Lost Revenues due to Internet Fraud in past 12 months, by Company Size
(Average Percentage) ................................
................................................................................................
..................................... 19
Figure 16: Lost revenues as percentage of total in past 12 months due to Mobile Fraud,
by Company size (Average Percentage) ................................................................
......................................... 19
Analysis ................................................................
................................................................................................
....................................... 19
Conclusions ................................
................................................................................................
............................................ 20
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or
redistribute without the permission of J.Gold Associates, LLC.
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Executive Summary
Mobile E-Commerce:
Commerce: Friend or Foe? That’s the question many
organizations need to ask themselves as they attempt to take
advantage
e of the dramatic growth in users with mobile devices.
Indeed, many consumers now interact with the Internet primarily
through mobile devices, avoiding traditional PC devices and
browsers as not fitting into their always connected, on
on-the-move
lifestyles. For organizations with an on
on-line presence, this shift
has a profound impact, including an impact on website security,
loss prevention and fraud. Assessing the impact of this shift on
an organization’s cyber security is the focus of this research
study. We conducted a web-based
based survey of 250 organizations
to find out whether Mobile E-commerce
commerce is a friend or a foe.
TREND:
TREND In the next 2-3
years, we expect ecommerce interactions
attributable to mobile
devices and mobile apps
to surpass those from
standard browsers. As a
result, companies not
properly securing their
mobile transactions face
a significant risk of fraud
incidents overwhelming
their businesses
J.Gold Associates LLC.
Mobile Revenues
The Friend:
The average revenue of the organizations responding was $2.54B. Fully one third of
organizations indicated they gen
generated
erated revenues from the Internet in the 26%-50%
26%
range.
Further, 25% indicated that 11%
11%-25%
25% of that revenue came from a mobile app. These
figures indicate the importance of Internet and Mobile revenue generation. Further, more
than 50% of organizations bel
believe that mobile revenues will grow 11%-50%
50% over the next 3
years, and 30% believe it will grow 51%
51%-100%.This
100%.This expected growth in mobile app revenues
reflects both the market reality of more mobile users, as well as the realization that to remain
competitive,
e, companies must offer mobile apps on smartphones and tablets despite a
significant security risk in potential fraud
fraud.
The Foe:
But there is also a dark side to this reliance on mobile revenues. Only 8% of companies
indicated that they had no losses due tto fraudulent activity in the past 12 months. And 34%
indicated they had lost as much as 5% of revenues, 14% indicated they lost as much as
10% of revenues, and 15% indicated they lost as much as 25% of revenues. This is a
staggering level of fraud induced losses. It also indicates that a very serious problem exists,
one which is not being adequately addressed by current systems and processes.
Protecting Against Fraud
About 2/3 of respondents believe that they can quickly detect and remediate Internet and
Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue
losses are occurring. It seems clear that while many companies believe they are adequately
protected, their level of security is lacking. We expect the growth of mobile interactions to
significantly increase the percentage of mobile incidents, with 19% of companies already
indicating that 25%-49%
49% of their fraud incidents are due to mobile. We expect these rates to
at least double over the next 2
2-3 years as mobile revenue contributions increase,
increase unless
significant remedial actions are implemented quickly.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
3
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Averaging the Mobile Losses
The average mobile loss across all the organizations responding was $92.3M per year.
year On
average, organizations indicated that losses of approximately 3% of total revenues occur
each year due to mobile fraud. Further they expect an average 47% growth of mobile
transactions over the next five years (which we believe to be too conservative). Assuming
loss ratios remain the same, the losses a
attributable
ttributable to mobile will also increase by at least
47% over the same time period
period.
Average revenue, mobile revenue, losses, and growth rate indicated by respondents
Average Total
Revenue
Average % of
Total Revenue
Due to Mobile
Average % of
Total Rev Lost
Due to Mobile
Average $ Loss
per year due to
Mobile
Average 5 Year
Mobile Growth
Rate
$2.54B
4.53%
3.04%
$92.3M
47%
Copyright 2014 J.Gold Associates, LLC.
The
he total losses present a large amount of potential revenue if fraud were eliminated. It
indicates that although many companies believe they are spending sufficiently
sufficient on security,
given the losses they are report
reporting,, it’s clear that most aren’t. Companies must increase the
level of expenditure on remediation of these losses. Investing an amou
amount
nt equal to as little as
10%-20%
20% of the yearly losses in enhanced security systems would provide a significant
boost to an organization’s ability to limit or eliminate the losses resulting from fraud.
Are You Investing Enough? Probably Not!
All organizations with a mobile presence are experiencing loss
Conclusion:
Conclusion Companies
due to inadequate security. It is imperative that organizations of
not
making the required
all sizes invest in technology solutions that limit and/or eliminate
investment
now in
Mobile induced fraud if the company is to thrive in an
enhanced mobile
increasingly competitive marketplace. Mobile security has a
security will have
huge potential payback, likely returning 10
10-20 times or more of
sharply reduced revenue,
the investment. Clearly security is a long term challenge that
as well as much higher
needs continuous intervention. But it mus
must be on every
costs of operations, and
organization’s high priority list for the next 1
1-2 years as the need
a dissatisfied customer
to get a handle on this challenge will only grow in the future with
base that may be
increased reliance on mobile commerce. Waiting until the
exposed to fraudulent
activities which will
problem is aggravated by increased numbers of us
users and
drive
them to other more
higher losses are not in the best interest of the organization and
secure sites.
will make remediation even more difficult. Companies not
making the required investment now in enhanced mobile security
will have sharply reduced revenue, as well as much higher cos
costs
ts of operations, and a
dissatisfied customer base that may be exposed to fraudulent activities which will drive them
to other more secure sites.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
4
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
The Study Results
Mobile E-Commerce:
Commerce: Friend or Foe? That’s the question many on
on-line
line organizations need to
ask themselves as they attempt to take advantage of the dramatic growth in users with
mobile devices. Indeed, many consumers now interact with the Internet primarily through
mobile devices, avoiding traditional PC devices and browsers as not fitting into their
thei always
connected, on-the-move
move lifestyles. For organizations with an on
on-line
line presence, this shift has
a profound impact,, including an impact on website security, loss prevention and fraud.
fraud
Assessing the impact of this shift on an organization’s cyber secu
security is the focus of this
research study.
To discover the impact of mobile commerce we created a survey that was completed by 250
organizations in North America. The average organizational revenue of the respondents was
$2.54B. The survey was intended to study attitudes and the economic impact of fraud on
web-based
based Internet and mobile applications for companies engaged in interactions with
consumers and business customers through PC and/or mobile application based EE
commerce. The questions focus
focused on obtaining the companies’ views on threats, recent
breaches,
ches, economic impacts, and solutions to securing web and mobile based customer
interactions. For this study, users were considered mobile if they interacted with web sites
through either a smartphone or tablet device. For each section below, we’ll define what
questions we asked, and then furnish an analysis of the results obtained.
Revenue Channels
We asked the respondents to identify the amount of revenues generated from various
Internet channels (e.g., PC browser, mobile) and also to estimate the amount of revenues
expected to be generated in the future. The intent was to discover the amount of revenues
rev
coming from the Mobile channel, and then be able to identify the risks associated with that
revenue stream.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
5
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 1:: Percentage of revenues from Internet channels
Percent of Revenues from Internet
Don’t know
0.8%
4.8%
76%-100%
24.4%
51%-75%
33.2%
26%-50%
27.2%
11%-25%
9.2%
1%-10%
0%
0.4%
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
6
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 2:: Percentage of revenue from a M
Mobile App
What Percentage of Revenue comes from
Mobile App
4.4%
We don’t have a mobile app
Don’t know
76%-100%
1.6%
4.8%
22.8%
51%-75%
26%-50%
23.6%
11%-25%
24.4%
18.4%
0%-10%
Copyright 2014 J.Gold Associates, LLC.
Analysis: Fully one third of those responding indicated their organization generated
Internet revenues in the 26%--50%
50% range. Further, 25% indicated that 11%-25%
11%
of that
revenue came from a mobile app
app. These figures are higher than we expected, but clearly it
indicates the importance of Internet and Mobile revenue generation which constitutes a
major revenue stream.. At such a high percentage, companies must find ways to protect
those revenues from fraud. And we expect these revenues to continue to grow making it
even more imperative to secure these transactions.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
7
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 3:: Expected growth of Mobile App revenue in next 5 years
How much do you expect Mobile App
Revenue to grow over next 5 years
Don’t know
Greater than 200%
151%-200%
2.4%
1.6%
0.8%
4.0%
101%-150%
11.2%
76%-100%
17.2%
51%-75%
30.4%
26%-50%
21.2%
11%-25%
9.6%
6%-10%
0%-5%
1.6%
Copyright 2014 J.Gold Associates, LLC.
Analysis: More than 50% of respondents believe that mobile
revenues will grow 11%-50%
50% over the next 3 years, and 30%
believe it will grow 51%-100%.
100%.This expected significant growth in
mobile app revenues reflects market reality of more mobile users,
as well as the realization that to remain competitive, companies
must continue to invest in their mobile capabilities. However, this
represents a significant security risk in potential fraud, as we shall
see.
More than 50% of
respondents believe
mobile revenues will
grow 11%-50%
11%
over
next 3 years, 30% believe
it will grow 51%-100%.
51%
Revenue Loss Due to Fraud
Most
ost companies expect mobile interactions to increase dramatically and generate significant
revenues. However, there is also a significant potential for increased fraudulent activity from
mobile devices, as they may be harder to protect and sec
secure
ure than traditional PC devices.
devices
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
8
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 4:: What percentage of revenues were lost to Internet and/or
Mobile fraud in past 12 months
Revenue lost due to Internet and Mobile
Fraud in past 12 months
2.8%
Don’t know
66%-100%
0.0%
51%-65%
0.0%
11.6%
36%-50%
14.4%
26%-35%
15.2%
11%-25%
13.6%
6%-10%
34.0%
1%-5%
0%
8.4%
Copyright 2014 J.Gold Associates, LLC.
Analysis: Only 8% of companies indicated that they had no
There is a staggering
fraudulent activity associated
ted losses over the past 12 months. And
level of fraudulent
34% indicated they had lost as much as 5% of revenues, 14%
activity losses.
losses It
indicated they lost as much as 10% of revenues, and 15% indicated
indicates a very serious
they lost as much as 25% of revenues. Many respondents indicated
problem exists that is not
even greater losses, although
ugh the higher amounts may be
being adequately
overestimations. Nevertheless, this is a staggering level of
addressed by today’s
fraudulent activity losses and explains why many organizations have
systems and processes.
processes
been cautious about moving to a greater presence in E
E-commerce.
It also indicates that a very ser
serious
ious problem exists that is not being adequately addressed by
today’s systems and processes. Improvements in loss prevention must be implemented
quickly to stem these losses.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
9
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Measuring Attitudes and Expectations
We asked a series of questions to gauge the attitudes and expectations on threats that are
posed to their organizations. We asked them to answer on a scale of 1 to 5, with 1 being
strongly disagree and 5 being strongly agree, how they feel about the following
follow
statements.
Figure 5 shows the average level of agreement and priorities for each statement.
Figure 5:: Internet and Mobile fraud represent a significant risk
Severity of Fraud - Average of responses
1=Strongly Disagree, 5=Strongly Agree
Fraud on our web site is quickly detected and remediated
4.04
Have sufficient systems/processes for fraud detection on mobile platform
4.01
Fraud on our Mobile App is quickly detected and remediated
4.00
Company security budget is sufficient for minimizing Internet/Mobile fraud
3.85
We are able to eliminate Internet and/or Mobile fraud
3.82
Internet and Mobile fraud represent a significant risk
3.78
The frequency and severity of fraud is on the rise
We have not seen any Mobile App fraud on on E-commerce
E
offering
We have not seen any Fraud on our Internet E-Commerce
E
offerings
3.58
3.47
3.30
Copyright 2014 J.Gold Associates, LLC.
Analysis: While most respondents say they have experienced
significant losses from
om fraud, the majority also claim they have
About 2/3 of
sufficient systems and processes in place to minimize such
respondents believe that
fraud. This seems to be a clear disconnect between reality and
they can
c quickly detect
and remediate Internet
perception. Further, while most believe the incidents of fraud are
and Mobile fraud on
on the rise, they likewise believe they have significant budgets
their sites. Yet a large
and systems in place to deal with them. About 2/3 of
number of fraud
respondents believe that they can quickly detect and remediate
incidents causing
Internet and Mobile fraud on their sites. Yet a large number of
significant revenue
fraud incidents causing significant revenue losses are
losses are nevertheless
nevertheless occurring. On average, organizations indicated
occurring.
occurring
they lost $92M
M per year in mobile fraud related incidents. It
seems clear that while many of the respondents believe they are
adequately protected, the level of security for both Internet and Mobile app interactions is
lacking. The level of fraud and the average losses per organization indicate that few
organizations have invested enough to keep their losses to an acceptable level. What is
needed is a realistic assessment of the level of fraud losses which must drive the level of
investment made in security systems to rremediate those losses. For most companies it is
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
10
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
imperative that the level of investment in security systems and processes be increased
significantly.
Counting Fraud Incidents
We asked how many fraud incidents they have had in the past year and how many were
we as
a result of using a Mobile app accessing their E
E-commerce sites.
Figure 6:: How many Internet Fraud incidents in past 12 months
How many Internet Fraud incidents in past 12
months
Don't Know
10,000+
5000-9999
1000-4999
500-999
250-499
100-249
50-99
25-49
10-24
1-9
0
Total
0
1-9
11%
30%
10-24 25-49
25
50-99
16%
9%
7%
100249
7%
250499
6%
500999
5%
1000- 5000- 10,000 Don't
+
Know
4999 9999
4%
1%
0%
0%
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
11
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 7:: What percentage of fraud incidents were Mobile
Percentage of Fraud Incidents Due to Mobile
75%-100%
50%-74%
2%
7%
19%
25%-49%
29%
10%-24%
28%
1-9%
0%
14%
Copyright 2014 J.Gold Associates, LLC.
Analysis: 48% of respondents indicated they experienced between
48% indicated they
1-24
24 overall fraud incidents in the past year, while 25% indicated
experienced between 11
they experienced between 25
25-250 incidents. The small number of
24
fraud
incidents
in
the
incidents reported either indicates organizations that have a small
past year, while 25%
scale presence on the web, or more likely ones that are somewhat
indicated between 25oblivious to what is actually happening. Interestingly 28% of
250 incidents. 19% of
respondents indicated that 1%
1%-9% of the total fraud incidents were
companies indicated
mobile based, while 29% indicated that mobile caused 10%
10%-24% of
that 25%-49% of their
fraud incidents. We expect the growth of mobile interactions to
fraud incidents are due
significantly increase the percentage of incidents caused by the
to the mobile channel.
mobile channels, with 19% of companies already iindicating that
Clearly mobile is a
25%-49%
49% of their fraud incidents are due to the mobile channel.
growing risk that’s not
being adequately
Even if the number of incidents is underreported, the amount of
addressed
loss as we shall see is quite high. Much more work needs to take
place in securing mobile interactions and mobile applications before
organizations can feel confident that mobile fraud is being controlled
controlled,, or will not spin out of
control with the expected growth in interactions
interactions. Clearly mobile is a growing risk that’s not
being adequately addressed.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
12
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
How Big are the Risks
We asked about the risk that various technologies and processes pose by having
respondents indicate on a scale of 1
1-5,
5, with 1 being strongly disagree and 5 being strongly
agree, what they thought of a particular risk. Figure 8 indicates the average score for each
risk, and reflects what users thought were the most serious threats. Malware, as is to be
expected, ranked quite high on the overall list. But increasingly, App Store Fraud (i.e.,
unauthorized or illegitimate app stores) and Fake Mobile Apps (i.e., apps masquerading as
something else or embedded with malware), are increasingly being recognized.
Figure 8:: How big a risk is – Average of Responses
How Big a Risk is: (Average of Responses)
3.81
PC/Web Browser Malware
3.64
Mobile Device Malware
E-Wallet Fraud
3.36
App Store Fraud
3.29
Fake Mobile Apps
3.28
Account Takeover
3.26
Password Guessing
3.14
Copyright 2014 J.Gold Associates, LLC.
Analysis: There was a fairly even distribution of what the respondents thought were risk
factors, with no one risk vector being dramatically more than the others. However, PC/Web
Browser Malware, followed by Mobile Device Malware are the most visible and likely easiest
to identify. This is likely a legacy
acy of past experiences with PC
PC-based
based systems, extended into
the mobile realm. Yet these are very real risks, and it would make sense to exert reasonable
efforts in protecting against these two security threats through updated practices and
technology solutions (e.g., two factor authentication, malware protection, encrypted storage,
secured “vaults”). There is also a realization that mobile apps, via a “fake” app store or via
malicious code embedded in an app, represent a growing risk tha
thatt must be dealt with.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
13
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Login Requirements for Mobile Users
Login methods for mobile users are migrating ffrom traditional user
We expect a major
name and password to more advanced biometrics and multi
multi-factor
transition in mobile
authentication. This will be enabled by more devices enhanced with
authentication
to take
advanced technology as well as a proliferation of easier to use
place over the next 3-4
systems allowing more secure ID methods. We expect the majority
years, with aggressive
of the transition to be completed in the next 3
3-4 years, with some
organizations doing so
aggressive organizations deploying systems in the next 1
1-2 years.
in 1-2 years.
We also expect the mobile channel to lead in this transition. What’s
shocking is the percentage of ccompanies
ompanies that fail to enforce basic credentials we have all
grown accustomed to (e.g., 23% don’t require user name and password to log in).
Figure 9:: What type of Mobile login credentials Currently required
What type of log in authentication required from
Mobile users Currently?
Yes
No
51.6%
Device ID
48.4%
44.0%
Challenge based questions
56.0%
40.8%
IP Recorgnition
59.2%
28.0%
Phone based authentication (SMS & voice)
19.6%
Soft tokens
Biometrics
23.2%
76.8%
User name and password
17.2%
72.0%
80.4%
82.8%
Not applicable 3.2%
96.8%
None of above 1.6%
98.4%
Don't know 0.4%
99.6%
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
14
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 10:: What type of Mobile login credentials required In Future
What type of log in authentication required from
Mobile users in the Future?
Yes
No
47.2%
Biometrics
52.8%
38.4%
Phone based authentication (SMS and Voice)
61.6%
Soft Tokens
32.0%
68.0%
IP Recognition
30.4%
69.6%
Challenge based questions
26.4%
73.6%
Device ID
25.6%
74.4%
User name and password
9.6%
90.4%
Don't know 5.6%
94.4%
Not applicable 4.0%
96.0%
None of above 2.4%
97.6%
Copyright 2014 J.Gold Associates, LLC.
Analysis:: There will be a significant shift in required Mobile login
credentials taking place over the next 2
2-3 years as the primary focus
shifts from user name and password to more advanced mechanisms
like biometric, phone based authentication and soft tokens for two
factor authentication. This upgrad
upgrading of login techniques will improve
the security of transactions by more positively determining wh
who and
what device is being used, and should significantly reduce the threat
levels and consequent fraud on mobile transactions.
There will be a
significant shift in
required Mobile login
credentials over the next
2-3 years as focus shifts
from name and
password to advanced
mechanisms like
biometric, phone based
authentication and soft
tokens for two factor
authentication.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
15
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Verifying user account changes
We asked which types of verification techniques are employed to confirm that account
changes are being made by the designated account owner, both for IInternet
nternet connections
and Mobile connections.
Figure 11: Security measures used to verify Internet account
changes
Security measures used to verify account
changes for Internet users
Yes
No
74.4%
Challenge based questions
63.2%
Email verification
Phone based authentication
Nothing beyond user name and password 5.2%
Don't know 2.0%
25.6%
36.8%
36.8%
63.2%
94.8%
98.0%
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
16
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 12: Security measures used to verify Mobile account changes
Security measures used to verify account changes for
Mobile users
Yes
No
54.4%
Email verification
45.6%
Phone based authentication
46.4%
53.6%
Challenge based questions
44.8%
55.2%
Nothing beyond user name and password
11.6%
Don't know 3.6%
88.4%
96.4%
Copyright 2014 J.Gold Associates, LLC.
Analysis:: The disparity between primary methods for Internet users
(challenge based questions) versus Mobile used (Email verification)
is primarily one of perception, assuming that mobile devices are
harderr to use for data entry and will therefore being more difficult to
require challenge-based
based question inputs. This is generally no longer
the case with larger and higher definition screens, and better, faster
connections. We expect to see higher levels of au
authentication
required in the near future for mobile users, a least on a par with
those of Internet users who are accustomed to multi
multi-factor
authentications and multi-step
step logins/confirmations.
It’s no longer the case
that mobile logins
present more of a
challenge than on
Internet browsers. The
result is higher levels of
authentication for
mobile users.
Use of Advanced Analytical Tools
We asked if they used any advanced analytics tools such as behavior tracking and analysis,
to implement a more secure interaction by detecting likely fraudulent activity.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
17
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Figure 13:: Using Advanced Analytical tools to detect fraud
Use of Advanced Analytical Tools to detect
Web and Mobile Fraud
Yes
Don't know
73.6%
Future
Currently
No
19.2%
39.6%
56.8%
7.2%
3.6%
Copyright 2014 J.Gold Associates, LLC.
Analysis: The use of advanced analytical tools will increase by
We expect an increase of
approximately 50% in the next few years as companies search for
at least 50% in use of
compelling ways to fight the increasing level of fraud. Our
analytical prediction
respondents indicated that the use of advanced analytics tools to
tools over the next 2-3
2
track behavior
or and mitigate fraud will grow by nearly 50%. This is
years for Internet and
a direct result of the maturity of these tools and the ability to make
Mobile fraud detection.
detection
use of them with less required resources, including through cloud
based service offerings,, as well as the reduced cost of employin
employing
the technology.. We expect that this trend will continue to gain momentum over the next 2-3
2
years.
Mobile E-Commerce:
Commerce: Friend or Foe
Mobile interactions have both a positive and negative effect. On the positive side they allow
users to access websites mor
more
e often when they are truly mobile. Indeed, most of the
respondents indicated a significant expected increase in revenues by allowing mobile
interactions with their sales or service on
on-line
line presence. But mobile also has a negative
effect. Most respondents expect mobile to represent a significant portion of fraudulent
interactions and provide significant loss of revenue.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
18
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
Below is an evaluation of the potential losses from Internet and Mobile Fraud. Figure 14
shows the average revenues generated by organiz
organizations
ations of various sizes,
sizes based on the
survey data provided by the respondents
respondents,, indicating Internet revenues were 26%-50%
26%
of
total revenue. The company sizes were Very Small (($100M),
$100M), Small ($100M-$500M),
($100M
Medium ($500M-$1B)
$1B) and Large ($1B+).
Figure 14: Revenues
nues by Company Size
Total
Revenues
Internet
Revenues
Very Small
Small
Medium
Large
<$100M
$100M-$499M
$500M-$999M
$1B-$20B+
$1B
$26M-$50M
$26M-$250M
$125M-$500M
$250M-$10B
$250M
Copyright 2014 J.Gold Associates, LLC.
Figure 14 is a compilation of the average amount of loss in the past 12 months due to
Internet fraud based on the responses obtained from various size companies.
Figure 15: Lost Revenues due to Internet Fraud in past 12 months,
months
by Company Size (Average Percentage)
%
$
Very Small
6%-10%
$1.5M-$5M
Small
6%
6%-10%
$1.5
$1.5M-$25M
Medium
11%-20%
$13M-$100M
Large
6%-10%
10%
$150M-$1B
$150M
Copyright 2014 J.Gold Associates, LLC.
Figure 15 represents losses incurred within the past 12 months that organizations indicated
were due to Mobile fraud (as part of overall Internet related fraudulent losses).
Figure 16:: Lost revenues as percentage of total in past 12 months
due to Mobile Fraud, by Company size (Average Percentage)
%
$
Very Small
Small
Medium
Large
1%-9%
$150K-$450K
10%
10%-24%
$150K
$150K-$6M
10%-24%
$1.3M-$24M
10%-24%
24%
$15M-$240M
$240M
Copyright 2014 J.Gold Associates, LLC.
Analysis:: The above figures show the average amount of revenue organizations indicated
they lost due to Internet and Mobile channel fraud over the past 12 months. It’s apparent that
taking additional steps to reduce the amount of fraud in the on
on-line
line channel has a potentially
huge payback, particularly for larger organizations that obtain significant revenues
revenue from e-
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
19
Mobile E-Commerce:
Commerce: Friend or Foe?
Cyber Security Study
commerce and mobile app solutions. Losses of $15M - $240M
Taking additional steps
step
in fraudulent interactions are compelling reasons to invest in
to
reduce
the
amount
of
better fraud reduction systems. Further, it’s important to
fraud
on-line
on
has
a
understand that the losses above are within a 12 month period
potentially huge
and therefore
herefore available to recover annually. This makes it even
payback, particularly for
more imperative that companies invest in better security for
larger organizations
their mobile applications and transactions. We also expect the
that obtain significant
amount of Internet revenues generated, and hence the amount
revenues from ee
of Fraudulent losses,
es, to increase over the next 2-3 years. It is
commerce and mobile
therefore imperative that organizations of all size
sizes invest in
app solutions.
reducing and as much as possible in eliminating all Internet and
Mobile
obile induced fraud if the company is to thrive in an increasingly competitive
competit
marketplace.
Conclusions
As can be seen from the results of this study, many companies
Those companies that do
are
e relying on the Internet as a major contributor to their
not make the required
revenues. Further, the role of Mobile interactions is increasing,
investment in enhanced
both through mobile web and mobile apps. Yet there seem
seems to
mobile
security will have
be a major disconnect between the contributions from mobile esharply reduced revenue,
commerce, and the steps being taken to protect those
as well as much higher
interactions. Despite many companies indicating they believe
costs of operations, and
they are protected,, it is clear that the current level of investment
a dissatisfied customer
in mobile security is not up to the task. It is imperative that
base.
organizations reassess
ess their mobile strategies in light of the
growth in fraudulent transactions and the resulting loss of revenues. Mobile security has a
huge potential payback,, likely returning 10
10-20 times or more of the investment. It must be on
every organization’s high priority list for the coming 1
1-2 years to get things started now,
now and
then continuously updated and enhanced for the foreseeable future
future.. Those companies that
do not make the required investment in enhanced mobile security will have sharply reduced
revenue, as well as much higher costs of operations, and a dissatisfied customer base.
The research contained in this study has been licensed to RSA and
TeleSign. No other parties are authorized to copy, post and/or redistribute
this research without the express written permission of the copyright holder,
J.Gold Associates, LLC.
Copyright © 201
2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
This research is licensed to RSA and TeleSign
TeleSign. No other parties are authorized to copy, post or
redistribute this research without the permission of J.Gold Associates, LLC.
20
About J.Gold Associates
J.Gold Associates provides insightful, meaningful and actionable analysis of trends and
opportunities in the computer and technology industries. We offer a broad based knowledge of the
technology landscape, and bring that expertise to bear in our work. J.Gold Associates provides
strategic consulting, syndicated research and advisory services, and in-context
context analysis to help its
clients make important technology choices and to enable improved product deployment decisions
and go to market strategies.
J.Gold Associates, LLC
6 Valentine Road
Northborough, MA 01532 USA
+1 508 393 5294
www.jgoldassociates.com

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz