How to protect your ecommerce customers with proper mobile app security

Frank Zinghini

Founder & CEO
How to protect your ecommerce customers with proper mobile app security

Mobile sales are growing, and speedy growth is a good thing—so long as mobile app security remains a priority for ecommerce retailers. To give you an idea about how quickly mobile sales have already increased, the 6th Annual Mobile Payments and Fraud report found that 17 percent of retailers get more than half of their revenue from mobile sales in 2018— a 7 percent increase from the 2017 survey.

But mobile fraud is rising just as fast, with more than 35 percent of retailers reporting an increase in fraud attacks and claims over the previous year. Overall, 2017 saw a 30 percent increase in mobile fraud attacks, making it another record year for these occurrences. Ignoring or downplaying mobile app security puts your customers at risk and opens your business to security threats and a tarnished reputation.

How mobile app security improves ecommerce sales

Ecommerce retailers are embracing the omnichannel approach, selling products and services on websites, social media, pop-up shops, and, of course, mobile. The mobile channel is becoming more important, as a mobile presence is expected in today’s technology-driven society. Failure to have a mobile app translates into lost sales, as customers are simply not willing to switch over to their desktop or laptop to shop.

Your mobile presence cannot simply be functional. It has to be world-class—because customer expectations for online shopping are driven by the large, sophisticated ecommerce giants like Amazon. Product layout and checkout must be optimized for mobile. The user experience must be intuitive and simple.

Successful mobile app development begins with user journey analysis to make sure the entire customer experience is ideal from start to finish.

But success also demands that you look beyond design and functionality and focus just as much attention on mobile app security. Shipping and billing fraud and stolen customer data are just some of the issues ecommerce retailers need to worry about.

The annual mobile fraud report found that almost 60 percent of retailers do not have a mobile fraud strategy that is separate from their general ecommerce web strategy. That isn’t good, because there are unique issues with mobile that require attention:

  • Mobile involves changes in geographic location as devices (and their owners) are constantly on the move.
  • Identity fraud is also a higher risk on mobile devices, as they can be stolen more easily and used to make purchases.
  • New options for mobile payments are emerging, and while consumers demand these alternatives, they also create new doors for attackers.
  • Customers are becoming more security-savvy, knowing what to look for when it comes to things like secure payments.

Retailers (and any business selling products or services of any kind online) who do not provide enhanced mobile app security features will be left behind. There are plenty of other options when it comes to mobile shopping apps, and if your app is breached or deemed insecure, shoppers will find an alternative. The damage to your reputation can be devastating.

How ecommerce retailers can improve mobile cyber security

Implement Payment Card Industry Data Security Standard (PCI DSS) Level 1 security standards

PCI DSS is a set of policies and procedures to increase the security of online payment transactions. Levels of security are based on the volume of transactions.

Mobile retailers who choose the Level I certification regardless of transaction volume receive the highest level of security. This decreases your chances of fraudulent transactions.

There are also tools that will check your codebase against PCI DSS regulations, so you can be confident your code is violation-free.

Use Secure Sockets Layer (SSL) Encryption

This technology encrypts all of the data (particularly sensitive credit card details) that is transmitted from your app, keeping it more secure. Everyone should consider SSL encryption a requirement today, as Google now flags websites negatively that do not have an SSL certificate.

Use multi-factor authentication

Requiring customers to enter additional authentication measures—such as a personal pin or security questions—makes it harder for an unauthorized user to gain access to the device. Customers will be more than happy to take an extra second to enter additional details in order to keep their personal and financial information secure.

Use mobile fraud detection tools

Use more than one tool when it comes to fraud detection. Most companies use at least two, according to the fraud report. The most popular mobile fraud detection tools are:

  • Card Verification Value (CVV)—This asks for the additional three or four-digit security code on a credit card.
  • Fraud Scoring—A tool that helps determine the level of risk when accepting a mobile order. Delivery address verification, geolocation, and other checks are used to create the score.
  • Address Verification Service (AVS)—Matches the billing information on record to  what is entered by the customer at the point of sale.

Protect customer and business data

A mobile app is a doorway into your other IT systems. An attacker may use it to gain access to non-mobile customer and business data. Backend systems should be kept separate so access points are secure.

Use cryptography for protection on weak networks

Mobile devices are often used on weak Wi-Fi networks, both at home and in public. Cryptography can be used to encrypt personal information such as email addresses and passwords, keeping activity over weaker networks more secure.

Integrate security throughout the mobile app development process

Mobile app security has to be part of the development process from day one if it is to be comprehensive and effective. Security measures should be integrated from the beginning of the design process. Similarly, security testing should be done throughout development and continue through the life of the mobile app. Mobile app testing must be thorough, especially when it comes to security. Sensitive data is at risk.

Relying on one testing tool will not cut it. There are different types of application security testing tools, such as Static Application Security Testing (SAST) tools and Dynamic Application Security Testing (DAST) tools.

Some are suited for testing during development, while others are more appropriate for testing your application once it has been built. Using a mixture of tools and managing results from them efficiently makes sure your mobile app is as secure as possible.

Put alerts in place

If and when a fraudulent act does occur, you need to know about it immediately.

Suspicious activities, such as multiple purchases being made from the same account but using different credit cards, should trigger an immediate alert. Multiple failed sign-in attempts is another example of potentially suspicious activity. Action can and should be taken right away to protect both the customers’ data and your business.

As mobile becomes a more dominant force in the ecommerce marketplace, businesses need to deliver not only on the user experience, but on security as well. News travels fast, and it only takes one mistake to leave your customers exposed. Recovering from a security breach is extremely difficult. The smarter approach is to spend the necessary time up front to make sure your mobile app provides the protection your customers have come to demand and expect.