mobile e commerce friend or foe
DESCRIPTION
E-commerceTRANSCRIPT
February 2015
Mobile E-Commerce: Friend or Foe
A Cyber Security StudyA J.Gold Associates
“M any consumers now interact with the Internet primar ily through mobile devices, avoiding traditional PC dev ices and browsers as not fitting into their always connected , onmove lifestyles. For organizations with an on
this shift has a profound impact, including an impa ct on website security,
impact of this shift on an organization’s cyber sec urity is the focus of this research study.
Commerce: Friend or FoeCyber Security Study
J.Gold Associates Research Report
any consumers now interact with the Internet primar ily through mobile devices, avoiding traditional PC dev ices and browsers as not fitting into their always connected , on-themove lifestyles. For organizations with an on -line presence,
this shift has a profound impact, including an impa ct on website security, loss prevention and fraud. Assessing the
impact of this shift on an organization’s cyber sec urity is the focus of this research study. ”
Research Sponsored By
Research
Commerce: Friend or Foe?
any consumers now interact with the Internet primar ily through mobile devices, avoiding traditional PC dev ices and
the-line presence,
this shift has a profound impact, including an impa ct on loss prevention and fraud. Assessing the
impact of this shift on an organization’s cyber sec urity is the
Copyright © 2015
This research is licensed toredistribute without
Executive Summary ................................
Mobile Revenues ................................
The Friend: ................................
The Foe: ................................
Protecting Against Fraud ................................
Averaging the Mobile Losses
Average revenue, mobile revenue, losses, and growth rate indicated by respondents
Are You Investing Enough? Probably Not!
The Study Results ................................
Revenue Channels ................................
Figure 1: Percentage of revenues from Internet channels
Figure 2: Percentage of revenue from a Mobile App
Analysis: ................................................................
Figure 3: Expected growth of Mobile App revenue in next 5 years
Analysis: ................................................................
Revenue Loss Due to Fraud
Figure 4: What percentage of revenues were lost to Internet and/or Mobile fraud in past
12 months ................................
Measuring Attitudes and Expectations
Figure 5: Internet and Mobile fraud represent a significant risk
Analysis: ................................................................
Counting Fraud Incidents ................................
Figure 6: How many Internet Fraud incidents in past 12 months
Figure 7: What percentage of fraud incidents were Mobile
Analysis ................................................................
How Big are the Risks ................................
Figure 8: How big a risk is – Average of Responses
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute without the permission of J.Gold Associates, LLC.
Contents
................................................................................................
................................................................................................
........................................................................................................................
...........................................................................................................................
........................................................................................
Averaging the Mobile Losses ..................................................................................
Average revenue, mobile revenue, losses, and growth rate indicated by respondents
Are You Investing Enough? Probably Not! ............................................................
................................................................................................
................................................................................................
Figure 1: Percentage of revenues from Internet channels ................................
Figure 2: Percentage of revenue from a Mobile App .........................................................
................................................................................................
Figure 3: Expected growth of Mobile App revenue in next 5 years ................................
................................................................................................
Revenue Loss Due to Fraud ....................................................................................
: What percentage of revenues were lost to Internet and/or Mobile fraud in past
.........................................................................................................................
Measuring Attitudes and Expectations ................................................................
Figure 5: Internet and Mobile fraud represent a significant risk ................................
................................................................................................
......................................................................................
Figure 6: How many Internet Fraud incidents in past 12 months ................................
Figure 7: What percentage of fraud incidents were Mobile ................................
................................................................................................
............................................................................................
Average of Responses .......................................................
Commerce: Friend or Foe?Cyber Security Study
No other parties are authorized to copy, post or
................................. 3
...................................... 3
........................ 3
........................... 3
........................ 3
.................. 4
Average revenue, mobile revenue, losses, and growth rate indicated by respondents ................ 4
............................ 4
.................................... 5
................................... 5
................................................. 6
......................... 7
........................................ 7
.................................... 8
........................................ 8
.................... 8
: What percentage of revenues were lost to Internet and/or Mobile fraud in past
......................... 9
................................ 10
........................................ 10
...................................... 10
...................... 11
..................................... 11
.............................................. 12
....................................... 12
............................ 13
....................... 13
Copyright © 2015
This research is licensed toredistribute without
Analysis ................................................................
Login Requirements for Mobile Users
Figure 9: What type of Mobile login credentials Currently required
Figure 10: What type of Mobile login credentials required
Verifying user account changes
Figure 11: Security measures used to verify Internet account changes
Figure 12: Security measures used to verify Mobile account changes
Use of Advanced Analytical
Figure 13: Using Advanced Analytical tools to detect fraud
Mobile E-Commerce: Friend or Foe
Figure 14: Revenues by Company Size
Figure 15: Lost Revenues due to Internet Fraud in past 12 months, by Company Size
(Average Percentage) ................................
Figure 16: Lost revenues as percentage of total in past 12 months due to Mobile Fraud,
by Company size (Average Percentage)
Analysis ................................................................
Conclusions ................................
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute without the permission of J.Gold Associates, LLC.
................................................................................................
Login Requirements for Mobile Users ................................................................
Figure 9: What type of Mobile login credentials Currently required ................................
Figure 10: What type of Mobile login credentials required In Future ................................
Verifying user account changes ................................................................
Figure 11: Security measures used to verify Internet account changes ...........................
Figure 12: Security measures used to verify Mobile account changes .............................
Use of Advanced Analytical Tools ................................................................
Figure 13: Using Advanced Analytical tools to detect fraud ................................
Commerce: Friend or Foe ................................................................
Figure 14: Revenues by Company Size ................................................................
Figure 15: Lost Revenues due to Internet Fraud in past 12 months, by Company Size
................................................................................................
Figure 16: Lost revenues as percentage of total in past 12 months due to Mobile Fraud,
Percentage) ................................................................
................................................................................................
................................................................................................
Commerce: Friend or Foe?Cyber Security Study
No other parties are authorized to copy, post or
....................................... 13
.................................. 14
.................................. 14
................................ 15
........................................... 16
........................... 16
............................. 17
........................................ 17
............................................. 18
...................................... 18
.......................................... 19
Figure 15: Lost Revenues due to Internet Fraud in past 12 months, by Company Size
..................................... 19
Figure 16: Lost revenues as percentage of total in past 12 months due to Mobile Fraud,
......................................... 19
....................................... 19
............................................ 20
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Executive Summary Mobile E-Commerce: Friend or Foe? That’s the question many organizations need to ask themselves as they attempt to take advantage of the dramatic growth in users with mobile devices. Indeed, many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices and browsers as not fitting into their always connected, onlifestyles. For organizations with an onhas a profound impact, including an impact on website security, loss prevention and fraud. Assessing the impact of this shift on an organization’s cyber security is the focus of this research study. We conducted a web-based survey of 250 organizations to find out whether Mobile E-commerce is a friend or a foe.
Mobile Revenues The Friend: The average revenue of the organizations responding was $2.54B. Fully one third of organizations indicated they genFurther, 25% indicated that 11%figures indicate the importance of Internet and Mobile revenue generation. Further, more than 50% of organizations belyears, and 30% believe it will grow 51%reflects both the market reality of more mobile users, as well as the realization that to remain competitive, companies must offer mobile apps on smartphones significant security risk in potential fraud The Foe: But there is also a dark side to this reliance on mobile revenues. indicated that they had no losses due tindicated they had lost as much as 5% of revenues, 14% indicated they lost as much as 10% of revenues, and 15% indicated they lost as much as 25% of revenues. This is a staggering level of fraud induced one which is not being adequately addressed by
Protecting Against FraudAbout 2/3 of respondents believe that they can quickly detect and remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are occurring. It seems clear that while many companies believe they are adequately protected, their level of security is lacking. We expect the growth ofsignificantly increase the percentage of mobile incidents, with 19% of companies already indicating that 25%-49% of their fraud incidents are due to mobile. We expect these rates to at least double over the next 2significant remedial actions are implemented quickly.
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Commerce: Friend or Foe? That’s the question many
organizations need to ask themselves as they attempt to take e of the dramatic growth in users with mobile devices.
Indeed, many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices and browsers as not fitting into their always connected, on-the-move
For organizations with an on-line presence, this shift has a profound impact, including an impact on website security, loss prevention and fraud. Assessing the impact of this shift on an organization’s cyber security is the focus of this research
based survey of 250 organizations commerce is a friend or a foe.
The average revenue of the organizations responding was $2.54B. Fully one third of organizations indicated they generated revenues from the Internet in the 26%Further, 25% indicated that 11%-25% of that revenue came from a mobile app. These figures indicate the importance of Internet and Mobile revenue generation. Further, more than 50% of organizations believe that mobile revenues will grow 11%-50% over the next 3 years, and 30% believe it will grow 51%-100%.This expected growth in mobile app revenues
market reality of more mobile users, as well as the realization that to remain e, companies must offer mobile apps on smartphones and tablets despite
significant security risk in potential fraud.
But there is also a dark side to this reliance on mobile revenues. Only 8% of companies losses due to fraudulent activity in the past 12 months.
indicated they had lost as much as 5% of revenues, 14% indicated they lost as much as 10% of revenues, and 15% indicated they lost as much as 25% of revenues. This is a
fraud induced losses. It also indicates that a very serious problem exists, one which is not being adequately addressed by current systems and processes.
Protecting Against Fraud About 2/3 of respondents believe that they can quickly detect and remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are occurring. It seems clear that while many companies believe they are adequately
level of security is lacking. We expect the growth of mobile interactions to significantly increase the percentage of mobile incidents, with 19% of companies already
49% of their fraud incidents are due to mobile. We expect these rates to at least double over the next 2-3 years as mobile revenue contributions increasesignificant remedial actions are implemented quickly.
TREND
years, we expect commerce interactions attributable to mobile
devices and mobile apps to surpass those from
standard browsers. As a result, companies not
properly securing their mobile a significant risk of fraud incidents overwhelming
their businessesJ.Gold Associates LLC.
Commerce: Friend or Foe?Cyber Security Study
3
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
The average revenue of the organizations responding was $2.54B. Fully one third of erated revenues from the Internet in the 26%-50% range. 25% of that revenue came from a mobile app. These
figures indicate the importance of Internet and Mobile revenue generation. Further, more 50% over the next 3
100%.This expected growth in mobile app revenues market reality of more mobile users, as well as the realization that to remain
and tablets despite a
Only 8% of companies the past 12 months. And 34%
indicated they had lost as much as 5% of revenues, 14% indicated they lost as much as 10% of revenues, and 15% indicated they lost as much as 25% of revenues. This is a
losses. It also indicates that a very serious problem exists, systems and processes.
About 2/3 of respondents believe that they can quickly detect and remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are occurring. It seems clear that while many companies believe they are adequately
mobile interactions to significantly increase the percentage of mobile incidents, with 19% of companies already
49% of their fraud incidents are due to mobile. We expect these rates to revenue contributions increase, unless
TREND: In the next 2-3 years, we expect e-
commerce interactions attributable to mobile
devices and mobile apps to surpass those from
standard browsers. As a result, companies not
properly securing their mobile transactions face a significant risk of fraud incidents overwhelming
their businesses J.Gold Associates LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Averaging the Mobile LossesThe average mobile loss across all the organizations responding was $92.3M per yearaverage, organizations indicated that losses each year due to mobile fraud. Further they expect an average 47% growth of mobile transactions over the next five years (which we believe to be too conservative). Assuming loss ratios remain the same, the losses a47% over the same time period Average revenue, mobile revenue, Average Total Revenue
Average % of Total Revenue Due to Mobile
$2.54B 4.53%
The total losses present a large amount of indicates that although many companies believe they are spending sufficientgiven the losses they are reportlevel of expenditure on remediation of these losses. Investing an amou10%-20% of the yearly losses in enhanced security systems would provide a significant boost to an organization’s ability to
Are You Investing Enough? Probably Not!All organizations with a mobile presence are experiencing loss due to inadequate security. It is imperative that organizations of all sizes invest in technology solutions that Mobile induced fraud if the company is to thrive in an increasingly competitive marketplace. Mobile security has a huge potential payback, likely returning 10the investment. Clearly security is a long term challenge that needs continuous intervention. But it musorganization’s high priority list for the next 1to get a handle on this challenge will only grow in the future with increased reliance on mobile commerce. Waiting until the problem is aggravated by increased numbers of ushigher losses are not in the best interest of the organization and will make remediation even more difficult. making the required investment now in enhanced mobile security will have sharply reduced revenue, as well as much higher cosdissatisfied customer base that may be exposed to to other more secure sites.
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Averaging the Mobile Losses loss across all the organizations responding was $92.3M per year
average, organizations indicated that losses of approximately 3% of total revenues occur each year due to mobile fraud. Further they expect an average 47% growth of mobile transactions over the next five years (which we believe to be too conservative). Assuming loss ratios remain the same, the losses attributable to mobile will also increase by at least 47% over the same time period.
Average revenue, mobile revenue, losses, and growth rate indicated by respondents
Average % of Total Revenue Due to Mobile
Average % of Total Rev Lost Due to Mobile
Average $ Loss per year due to Mobile
3.04% $92.3M
he total losses present a large amount of potential revenue if fraud were eliminated. Itindicates that although many companies believe they are spending sufficient
reporting, it’s clear that most aren’t. Companies must increase the level of expenditure on remediation of these losses. Investing an amount equal to as little as
20% of the yearly losses in enhanced security systems would provide a significant boost to an organization’s ability to limit or eliminate the losses resulting from fraud.
Are You Investing Enough? Probably Not! All organizations with a mobile presence are experiencing loss due to inadequate security. It is imperative that organizations of all sizes invest in technology solutions that limit and/or eliminate
company is to thrive in an increasingly competitive marketplace. Mobile security has a huge potential payback, likely returning 10-20 times or more of the investment. Clearly security is a long term challenge that needs continuous intervention. But it must be on every organization’s high priority list for the next 1-2 years as the need to get a handle on this challenge will only grow in the future with increased reliance on mobile commerce. Waiting until the problem is aggravated by increased numbers of users and higher losses are not in the best interest of the organization and will make remediation even more difficult. Companies not
the required investment now in enhanced mobile security will have sharply reduced revenue, as well as much higher costs of operations, and a dissatisfied customer base that may be exposed to fraudulent activities which will drive them
Conclusion
not makinginvestment now in
security will have sharply reduced revenue,
as well as much higher costs of operations, and a dissatisfied customer
exposed to fraudulent activities
drive them
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
4
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
loss across all the organizations responding was $92.3M per year. On approximately 3% of total revenues occur
each year due to mobile fraud. Further they expect an average 47% growth of mobile transactions over the next five years (which we believe to be too conservative). Assuming
ttributable to mobile will also increase by at least
indicated by respondents
Average 5 Year Mobile Growth Rate
47%
revenue if fraud were eliminated. It indicates that although many companies believe they are spending sufficiently on security,
, it’s clear that most aren’t. Companies must increase the nt equal to as little as
20% of the yearly losses in enhanced security systems would provide a significant the losses resulting from fraud.
ts of operations, and a fraudulent activities which will drive them
Conclusion: Companies not making the required
investment now in enhanced mobile security will have
sharply reduced revenue, as well as much higher costs of operations, and a dissatisfied customer
base that may be exposed to fraudulent activities which will
drive them to other more secure sites.
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
The Study Results Mobile E-Commerce: Friend or Foe? That’s the question many onask themselves as they attemptmobile devices. Indeed, many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices and browsers as not fitting into theiconnected, on-the-move lifestyles. For organizations with an ona profound impact, including an impact on website security, loss prevention and fraudAssessing the impact of this shift on an organization’s cyber securesearch study. To discover the impact of mobile commerce we created a survey that was completed by 250 organizations in North America. $2.54B. The survey was intended to web-based Internet and mobile applications for companies engaged in interactions with consumers and business customers through PC and/or mobile application based Ecommerce. The questions focusbreaches, economic impacts, and solutions to securing web and mobile based customer interactions. For this study, users were considered mobile if they interacted with web sites through either a smartphone or questions we asked, and then furnish an analysis of the results obtained. Revenue Channels We asked the respondents to identify the amount of revenues generated from various Internet channels (e.g., PC browser, mobile) and also to estimate the amount of revenues expected to be generated in the future. The intent coming from the Mobile channel, and then be able to identify the risks associated with that revenue stream.
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Commerce: Friend or Foe? That’s the question many on-line organizations need to attempt to take advantage of the dramatic growth in users with
mobile devices. Indeed, many consumers now interact with the Internet primarily through traditional PC devices and browsers as not fitting into thei
move lifestyles. For organizations with an on-line presence, this , including an impact on website security, loss prevention and fraud
of this shift on an organization’s cyber security is the focus of this
To discover the impact of mobile commerce we created a survey that was completed by 250 organizations in North America. The average organizational revenue of the respondents was
intended to study attitudes and the economic impact of fraud on based Internet and mobile applications for companies engaged in interactions with
customers through PC and/or mobile application based Ecommerce. The questions focused on obtaining the companies’ views on threats, recent
ches, economic impacts, and solutions to securing web and mobile based customer For this study, users were considered mobile if they interacted with web sites
through either a smartphone or tablet device. For each section below, we’ll define what questions we asked, and then furnish an analysis of the results obtained.
We asked the respondents to identify the amount of revenues generated from various Internet channels (e.g., PC browser, mobile) and also to estimate the amount of revenues expected to be generated in the future. The intent was to discover the amount of revcoming from the Mobile channel, and then be able to identify the risks associated with that
Commerce: Friend or Foe?Cyber Security Study
5
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
line organizations need to growth in users with
mobile devices. Indeed, many consumers now interact with the Internet primarily through traditional PC devices and browsers as not fitting into their always
line presence, this shift has , including an impact on website security, loss prevention and fraud.
the focus of this
To discover the impact of mobile commerce we created a survey that was completed by 250 The average organizational revenue of the respondents was
study attitudes and the economic impact of fraud on based Internet and mobile applications for companies engaged in interactions with
customers through PC and/or mobile application based E-on threats, recent
ches, economic impacts, and solutions to securing web and mobile based customer For this study, users were considered mobile if they interacted with web sites
For each section below, we’ll define what questions we asked, and then furnish an analysis of the results obtained.
We asked the respondents to identify the amount of revenues generated from various Internet channels (e.g., PC browser, mobile) and also to estimate the amount of revenues
to discover the amount of revenues coming from the Mobile channel, and then be able to identify the risks associated with that
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 1 : Percentage of revenues from Internet channels
0%
1%-10%
11%-25%
26%-50%
51%-75%
76%-100%
Don’t know
0.4%
4.8%
0.8%
Percent of Revenues from Internet
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: Percentage of revenues from Internet channels
9.2%
27.2%
24.4%
4.8%
Percent of Revenues from Internet
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
6
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: Percentage of revenues from Internet channels
27.2%
33.2%
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 2 : Percentage of revenue from a M
Analysis: Fully one third of those responding indicated their organization generated Internet revenues in the 26%-revenue came from a mobile appindicates the importance of Internet and Mobile revenue generationmajor revenue stream. At such those revenues from fraud. And we expect these revenues to continue to grow making it even more imperative to secure these transactions.
0%-10%
11%-25%
26%-50%
51%-75%
76%-100%
Don’t know
We don’t have a mobile app
What Percentage of Revenue comes from
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: Percentage of revenue from a M obile App
third of those responding indicated their organization generated -50% range. Further, 25% indicated that 11%
revenue came from a mobile app. These figures are higher than we expected, but clearly it indicates the importance of Internet and Mobile revenue generation which constitutes
. At such a high percentage, companies must find ways to protect And we expect these revenues to continue to grow making it
even more imperative to secure these transactions.
18.4%
4.8%
1.6%
4.4%
What Percentage of Revenue comes from
Mobile App
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
7
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
third of those responding indicated their organization generated 50% range. Further, 25% indicated that 11%-25% of that
expected, but clearly it which constitutes a
high percentage, companies must find ways to protect And we expect these revenues to continue to grow making it
24.4%
23.6%
22.8%
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 3 : Expected growth of Mobile App revenue in next 5 y ears
Analysis: More than 50% of respondents believe that mobile revenues will grow 11%-50% over the next 3 years, and 30% believe it will grow 51%-100%.mobile app revenues reflects market reality of more mobile users, as well as the realization that to remain competitive, companies must continue to invest in their mobile capabilities.represents a significant securitysee.
Revenue Loss Due to FraudMost companies expect mobile interactions to increase dramatically and generate significant revenues. However, there is also a significant potential for increased fraudulent activity mobile devices, as they may be harder to protect and sec
0%-5%
6%-10%
11%-25%
26%-50%
51%-75%
76%-100%
101%-150%
151%-200%
Greater than 200%
Don’t know
1.6%
4.0%
0.8%
1.6%
2.4%
How much do you expect Mobile App
Revenue to grow over next 5 years
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: Expected growth of Mobile App revenue in next 5 y ears
More than 50% of respondents believe that mobile 50% over the next 3 years, and 30% 100%.This expected significant growth in
mobile app revenues reflects market reality of more mobile users, as well as the realization that to remain competitive, companies
continue to invest in their mobile capabilities. However, this represents a significant security risk in potential fraud, as we shall
Revenue Loss Due to Fraud ost companies expect mobile interactions to increase dramatically and generate significant
revenues. However, there is also a significant potential for increased fraudulent activity mobile devices, as they may be harder to protect and secure than traditional PC devices
9.6%
21.2%
30.4%
17.2%
11.2%
4.0%
How much do you expect Mobile App
Revenue to grow over next 5 years
Copyright 2014 J.Gold Associates, LLC.
More than 50% of respondents mobile revenues will grow 11%next 3 years, 30% believe it will grow 51%
Commerce: Friend or Foe?Cyber Security Study
8
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: Expected growth of Mobile App revenue in next 5 y ears
ost companies expect mobile interactions to increase dramatically and generate significant revenues. However, there is also a significant potential for increased fraudulent activity from
ure than traditional PC devices.
30.4%
Copyright 2014 J.Gold Associates, LLC.
More than 50% of respondents believe mobile revenues will grow 11%-50% over next 3 years, 30% believe it will grow 51%-100%.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 4 : What percentage of revenues were lost to Internet and/or Mobile fraud in past 12 months
Analysis: Only 8% of companies indicated that they had no fraudulent activity associated losses over the past 12 months.34% indicated they had lost as much as 5% of revenues, 14% indicated they lost as much as 10% of revenues, and 15% indicated they lost as much as 25% of revenues. Many respondents indicated even greater losses, although the higher amounts may be overestimations. Nevertheless, this is a staggering level of fraudulent activity losses and explains why many organizations have been cautious about moving to a greater presence in EIt also indicates that a very sertoday’s systems and processes. Improvements in loss prevention must be implemented quickly to stem these losses.
0%
1%-5%
6%-10%
11%-25%
26%-35%
36%-50%
51%-65%
66%-100%
Don’t know
0.0%
0.0%
2.8%
Revenue lost due to Internet and Mobile
Fraud in past 12 months
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: What percentage of revenues were lost to Internet and/or Mobile fraud in past 12 months
Only 8% of companies indicated that they had no ted losses over the past 12 months. And
34% indicated they had lost as much as 5% of revenues, 14% indicated they lost as much as 10% of revenues, and 15% indicated they lost as much as 25% of revenues. Many respondents indicated
ugh the higher amounts may be overestimations. Nevertheless, this is a staggering level of fraudulent activity losses and explains why many organizations have been cautious about moving to a greater presence in E-commerce. It also indicates that a very serious problem exists that is not being adequately addressed by today’s systems and processes. Improvements in loss prevention must be implemented
8.4%
13.6%
15.2%
14.4%
11.6%
Revenue lost due to Internet and Mobile
Fraud in past 12 months
Copyright 2014 J.Gold Associates, LLC.
Therelevel of fraudulent activity lossesindicates a very serious problem exists that is not being adequately addressed by today’s systems and processes
Commerce: Friend or Foe?Cyber Security Study
9
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: What percentage of revenues were lost to Internet and/or
ious problem exists that is not being adequately addressed by today’s systems and processes. Improvements in loss prevention must be implemented
34.0%
Revenue lost due to Internet and Mobile
Copyright 2014 J.Gold Associates, LLC.
There is a staggering level of fraudulent activity losses. It indicates a very serious problem exists that is not being adequately addressed by today’s systems and processes.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Measuring Attitudes and ExpectationsWe asked a series of questions to gauge the attitudes and expectations on threats that are posed to their organizations. We asked them to answer on a scale of 1 to 5, with 1 being strongly disagree and 5 being strongly Figure 5 shows the average level of agreement and priorities for each statement. Figure 5 : Internet and Mobile fraud represent a signif icant risk
Analysis: While most respondents say they have experienced significant losses from fraud, the majority also claim they have sufficient systems and processes in place to minimize such fraud. This seems to be a clear disconnect between reality and perception. Further, while most believe the on the rise, they likewise believe they have and systems in place to deal with them. respondents believe that they can quickly detect and remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are nevertheless occurring. On average, organizations indicated they lost $92M per year in mobile fraud related incidents.seems clear that while many of the respondents believe they are adequately protected, the level of security for both Internet and Mobile app interactions is lacking. The level of fraud and the average lossesorganizations have invested enough to keep their losses to an acceptable level. What is needed is a realistic assessment of the level of fraud losses which must drive the level of investment made in security systems to r
We have not seen any Fraud on our Internet E
We have not seen any Mobile App fraud on on E
The frequency and severity of fraud is on the rise
Internet and Mobile fraud represent a significant risk
We are able to eliminate Internet and/or Mobile fraud
Company security budget is sufficient for minimizing Internet/Mobile fraud
Fraud on our Mobile App is quickly detected and remediated
Have sufficient systems/processes for fraud detection on mobile platform
Fraud on our web site is quickly detected and remediated
Severity of Fraud
1=Strongly Disagree, 5=Strongly Agree
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Measuring Attitudes and Expectations We asked a series of questions to gauge the attitudes and expectations on threats that are posed to their organizations. We asked them to answer on a scale of 1 to 5, with 1 being strongly disagree and 5 being strongly agree, how they feel about the followFigure 5 shows the average level of agreement and priorities for each statement.
: Internet and Mobile fraud represent a signif icant risk
While most respondents say they have experienced om fraud, the majority also claim they have
sufficient systems and processes in place to minimize such fraud. This seems to be a clear disconnect between reality and perception. Further, while most believe the incidents of fraud are
believe they have significant budgets and systems in place to deal with them. About 2/3 of respondents believe that they can quickly detect and remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are
On average, organizations indicated M per year in mobile fraud related incidents. It
seems clear that while many of the respondents believe they are adequately protected, the level of security for both Internet and Mobile app interactions is
The level of fraud and the average losses per organization indicate that few organizations have invested enough to keep their losses to an acceptable level. What is needed is a realistic assessment of the level of fraud losses which must drive the level of investment made in security systems to remediate those losses. For most companies it is
We have not seen any Fraud on our Internet E-Commerce offerings
We have not seen any Mobile App fraud on on E-commerce offering
The frequency and severity of fraud is on the rise
Internet and Mobile fraud represent a significant risk
We are able to eliminate Internet and/or Mobile fraud
Company security budget is sufficient for minimizing Internet/Mobile fraud
Fraud on our Mobile App is quickly detected and remediated
Have sufficient systems/processes for fraud detection on mobile platform
Fraud on our web site is quickly detected and remediated
3.30
3.47
3.58
3.78
3.82
3.85
4.00
4.01
4.04
Severity of Fraud - Average of responses
1=Strongly Disagree, 5=Strongly Agree
Copyright 2014 J.Gold Associates, LLC.
About 2/3 of respondents believe that they cand remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are occurring
Commerce: Friend or Foe?Cyber Security Study
10
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
We asked a series of questions to gauge the attitudes and expectations on threats that are posed to their organizations. We asked them to answer on a scale of 1 to 5, with 1 being
following statements. Figure 5 shows the average level of agreement and priorities for each statement.
: Internet and Mobile fraud represent a signif icant risk
adequately protected, the level of security for both Internet and Mobile app interactions is per organization indicate that few
organizations have invested enough to keep their losses to an acceptable level. What is needed is a realistic assessment of the level of fraud losses which must drive the level of
For most companies it is
Copyright 2014 J.Gold Associates, LLC.
About 2/3 of respondents believe that they can quickly detect and remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are nevertheless occurring.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
imperative that the level of investment in security systems and processes be increased significantly.
Counting Fraud IncidentsWe asked how many fraud incidents they have had in the past year and how many wea result of using a Mobile app accessing their E Figure 6 : How many Internet Fraud incidents in past 12 mont hs
0
1-9
10-24
25-49
50-99
100-249
250-499
500-999
1000-4999
5000-9999
10,000+
Don't Know
0 1-9 10-24 25
Total 11% 30% 16%
How many Internet Fraud incidents in past 12
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
imperative that the level of investment in security systems and processes be increased
Counting Fraud Incidents We asked how many fraud incidents they have had in the past year and how many wea result of using a Mobile app accessing their E-commerce sites.
: How many Internet Fraud incidents in past 12 mont hs
25-49 50-99100-
249
250-
499
500-
999
1000-
4999
5000-
9999
9% 7% 7% 6% 5% 4% 1%
How many Internet Fraud incidents in past 12
months
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
11
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
imperative that the level of investment in security systems and processes be increased
We asked how many fraud incidents they have had in the past year and how many were as
: How many Internet Fraud incidents in past 12 mont hs
10,000
+
Don't
Know
0% 0%
How many Internet Fraud incidents in past 12
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 7 : What percentage of fraud incidents were Mobile
Analysis: 48% of respondents1-24 overall fraud incidents in the past year, while 25% indicated they experienced between 25incidents reported either indicates organizations that have a small scale presence on the web, or oblivious to what is actually happening. Interestingly 28% of respondents indicated that 1%mobile based, while 29% indicated that mobile caused 10%fraud incidents. We expect the growth of mobile interactions to significantly increase the percentage of incidents caused by the mobile channels, with 19% of companies already i25%-49% of their fraud incidents are due to the mobile channel. Even if the number of incidents is underreported, the amount of loss as we shall see is quite high. place in securing mobile interactions and mobileorganizations can feel confident that mobile fraud is being controlledcontrol with the expected growth in interactionsbeing adequately addressed.
0%
1-9%
10%-24%
25%-49%
50%-74%
75%-100%
7%
2%
Percentage of Fraud Incidents Due to Mobile
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: What percentage of fraud incidents were Mobile
respondents indicated they experienced between 24 overall fraud incidents in the past year, while 25% indicated
they experienced between 25-250 incidents. The small number of incidents reported either indicates organizations that have a small scale presence on the web, or more likely ones that are somewhat oblivious to what is actually happening. Interestingly 28% of respondents indicated that 1%-9% of the total fraud incidents were mobile based, while 29% indicated that mobile caused 10%-24% of fraud incidents. We expect the growth of mobile interactions to significantly increase the percentage of incidents caused by the mobile channels, with 19% of companies already indicating that
49% of their fraud incidents are due to the mobile channel. Even if the number of incidents is underreported, the amount of loss as we shall see is quite high. Much more work needs to take place in securing mobile interactions and mobile applications before organizations can feel confident that mobile fraud is being controlled, or will not spin out of control with the expected growth in interactions. Clearly mobile is a growing risk that’s not
14%
19%
7%
Percentage of Fraud Incidents Due to Mobile
Copyright 2014 J.Gold Associates, LLC.
experienced between 124 fraud incidents in the
fraud incidents are due
Commerce: Friend or Foe?Cyber Security Study
12
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: What percentage of fraud incidents were Mobile
, or will not spin out of Clearly mobile is a growing risk that’s not
28%
29%
2014 J.Gold Associates, LLC.
48% indicated they experienced between 1-24 fraud incidents in the
past year, while 25% indicated between 25-250 incidents. 19% of companies indicated
that 25%-49% of their fraud incidents are due to the mobile channel.
Clearly mobile is a growing risk that’s not
being adequately addressed
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
How Big are the RisksWe asked about the risk that various technologies and processes respondents indicate on a scale of 1agree, what they thought of a particular risk, and reflects what users thought were the most serious threats. Malware, as is to be expected, ranked quite high on the overall list. But increasingly, App Store Fraud (i.e., unauthorized or illegitimate app stores) and Fake Mobile Appssomething else or embedded with malware), are increasingly being recognized. Figure 8 : How big a risk is
Analysis: There was a fairly even distribution of what the respondents thought were risk factors, with no one risk vector being dramatically more than the others. However, PC/Web Browser Malware, followed by Mobile Device Malwareto identify. This is likely a legacy of past experiences with PCthe mobile realm. Yet these are very real risks, and it would make sense to exert reasonable efforts in protecting against these two security threats through updated practices technology solutions (e.g., two factor authentication, malware protection, encrypted storage, secured “vaults”). There is also a realization that mobile apps, via a “fake” app store or via malicious code embedded in an app, represent a growing risk tha
Password Guessing
Account Takeover
Fake Mobile Apps
App Store Fraud
E-Wallet Fraud
Mobile Device Malware
PC/Web Browser Malware
How Big a Risk is: (Average of Responses)
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Risks the risk that various technologies and processes pose by having
respondents indicate on a scale of 1-5, with 1 being strongly disagree and 5 being strongly agree, what they thought of a particular risk. Figure 8 indicates the average risk, and reflects what users thought were the most serious threats. Malware, as is to be expected, ranked quite high on the overall list. But increasingly, App Store Fraud (i.e., unauthorized or illegitimate app stores) and Fake Mobile Apps (i.e., apps masquerading as something else or embedded with malware), are increasingly being recognized.
: How big a risk is – Average of Responses
even distribution of what the respondents thought were risk factors, with no one risk vector being dramatically more than the others. However, PC/Web Browser Malware, followed by Mobile Device Malware are the most visible and likely easiest
acy of past experiences with PC-based systems, extended into the mobile realm. Yet these are very real risks, and it would make sense to exert reasonable efforts in protecting against these two security threats through updated practices technology solutions (e.g., two factor authentication, malware protection, encrypted storage,
There is also a realization that mobile apps, via a “fake” app store or via malicious code embedded in an app, represent a growing risk that must be dealt with.
3.14
3.26
3.28
3.29
3.36
3.64
3.81
How Big a Risk is: (Average of Responses)
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
13
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
pose by having 5, with 1 being strongly disagree and 5 being strongly
Figure 8 indicates the average score for each risk, and reflects what users thought were the most serious threats. Malware, as is to be expected, ranked quite high on the overall list. But increasingly, App Store Fraud (i.e.,
(i.e., apps masquerading as something else or embedded with malware), are increasingly being recognized.
even distribution of what the respondents thought were risk factors, with no one risk vector being dramatically more than the others. However, PC/Web
are the most visible and likely easiest based systems, extended into
the mobile realm. Yet these are very real risks, and it would make sense to exert reasonable efforts in protecting against these two security threats through updated practices and technology solutions (e.g., two factor authentication, malware protection, encrypted storage,
There is also a realization that mobile apps, via a “fake” app store or via t must be dealt with.
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Login Requirements for Mobile UsersLogin methods for mobile users are migrating fname and password to more advanced biometrics and multiauthentication. This will be enabled by more devices enhanced with advanced technology as well as a proliferation of easier to use systems allowing more secure ID methods.of the transition to be completed in the next 3aggressive organizations deploying systems in the next 1We also expect the mobile channel to lead in this transition.shocking is the percentage of cgrown accustomed to (e.g., 23% don’t require user name and password to log in). Figure 9 : What type of
Don't know
None of above
Not applicable
Biometrics
Soft tokens
Phone based authentication (SMS & voice)
IP Recorgnition
Challenge based questions
Device ID
User name and password
What type of log in authentication required from
Mobile users Currently?
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Login Requirements for Mobile Users Login methods for mobile users are migrating from traditional user name and password to more advanced biometrics and multi-factor authentication. This will be enabled by more devices enhanced with advanced technology as well as a proliferation of easier to use
more secure ID methods. We expect the majority of the transition to be completed in the next 3-4 years, with some aggressive organizations deploying systems in the next 1-2 years. We also expect the mobile channel to lead in this transition. What’s shocking is the percentage of companies that fail to enforce basic credentials we have all grown accustomed to (e.g., 23% don’t require user name and password to log in).
: What type of Mobile login credentials Currently
Don't know
None of above
Not applicable
Biometrics
Soft tokens
Phone based authentication (SMS & voice)
IP Recorgnition
Challenge based questions
Device ID
User name and password
0.4%
1.6%
3.2%
17.2%
19.6%
28.0%
40.8%
44.0%
51.6%
76.8%
99.6%
98.4%
96.8%
82.8%
80.4%
72.0%
59.2%
56.0%
48.4%
What type of log in authentication required from
Mobile users Currently?
Yes No
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
14
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
ompanies that fail to enforce basic credentials we have all grown accustomed to (e.g., 23% don’t require user name and password to log in).
Currently required
23.2%
What type of log in authentication required from
Copyright 2014 J.Gold Associates, LLC.
We expect a major transition in mobile
authentication to take place over the next 3-4 years, with aggressive organizations doing so
in 1-2 years.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 10 : What type of Mobile login credentials required In Future
Analysis: There will be a significant shift in required Mobile login credentials taking place over the next 2shifts from user name and password to more advanced mechanisms like biometric, phone based authentication and soft tokens for two factor authentication. This upgradthe security of transactions by more positively determining whwhat device is being used, and should significantly reduce the threat levels and consequent fraud on mobile transactions.
None of above
Not applicable
Don't know
User name and password
Device ID
Challenge based questions
IP Recognition
Soft Tokens
Phone based authentication (SMS and Voice)
Biometrics
What type of log in authentication required from
Mobile users in the Future?
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: What type of Mobile login credentials required In Future
: There will be a significant shift in required Mobile login credentials taking place over the next 2-3 years as the primary focus
from user name and password to more advanced mechanisms like biometric, phone based authentication and soft tokens for two factor authentication. This upgrading of login techniques will improve the security of transactions by more positively determining who and what device is being used, and should significantly reduce the threat levels and consequent fraud on mobile transactions.
None of above
Not applicable
Don't know
User name and password
Device ID
Challenge based questions
IP Recognition
Soft Tokens
Phone based authentication (SMS and Voice)
Biometrics
2.4%
4.0%
5.6%
9.6%
25.6%
26.4%
30.4%
32.0%
38.4%
47.2%
97.6%
96.0%
94.4%
90.4%
74.4%
73.6%
69.6%
68.0%
61.6%
52.8%
What type of log in authentication required from
Mobile users in the Future?
Yes No
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
15
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: What type of Mobile login credentials required In Future
What type of log in authentication required from
Copyright 2014 J.Gold Associates, LLC.
There will be a significant shift in
required Mobile login credentials over the next 2-3 years as focus shifts
from name and password to advanced
mechanisms like biometric, phone based authentication and soft
tokens for two factor authentication.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Verifying user account changesWe asked which types of verification techniques are employed to confirm that accountchanges are being made by the designated account owner, both for Iand Mobile connections. Figure 11: Security measureschanges
Don't know
Nothing beyond user name and password
Phone based authentication
Email verification
Challenge based questions
Security measures used to verify account
changes for Internet users
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Verifying user account changes We asked which types of verification techniques are employed to confirm that accountchanges are being made by the designated account owner, both for Internet connections
Security measures used to verify Internet account
Don't know
Nothing beyond user name and password
Phone based authentication
Email verification
Challenge based questions
2.0%
5.2%
36.8%
63.2%
74.4%
98.0%
94.8%
63.2%
36.8%
25.6%
Security measures used to verify account
changes for Internet users
Yes No
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
16
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
We asked which types of verification techniques are employed to confirm that account nternet connections
used to verify Internet account
36.8%
25.6%
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 12: Security measures used to verify Mobile account changes
Analysis: The disparity between primary methods for Internet users (challenge based questions) versus Mobile used (Email verification) is primarily one of perception, assuming that mobile devices are harder to use for data entry and will therefore being morerequire challenge-based question inputs. This is generally no longer the case with larger and higher definition screens, and better, faster connections. We expect to see higher levels of aurequired in the near future for mobile users, a least on a par with those of Internet users who are accustomed to multiauthentications and multi-step logins/confirmations.
Use of Advanced Analytical ToolsWe asked if they used any advanced analytics tools such as behavior tracking and analysis, to implement a more secure interaction by detecting likely fraudulent activity.
Don't know
Nothing beyond user name and password
Challenge based questions
Phone based authentication
Email verification
Security measures used to verify account changes for
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
measures used to verify Mobile account changes
: The disparity between primary methods for Internet users (challenge based questions) versus Mobile used (Email verification) is primarily one of perception, assuming that mobile devices are
r to use for data entry and will therefore being more difficult to based question inputs. This is generally no longer
the case with larger and higher definition screens, and better, faster We expect to see higher levels of authentication
required in the near future for mobile users, a least on a par with those of Internet users who are accustomed to multi-factor
step logins/confirmations.
Use of Advanced Analytical Tools advanced analytics tools such as behavior tracking and analysis,
to implement a more secure interaction by detecting likely fraudulent activity.
Email verification
3.6%
11.6%
44.8%
46.4%
54.4%
96.4%
88.4%
55.2%
53.6%
45.6%
Security measures used to verify account changes for
Mobile users
Yes No
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
17
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
measures used to verify Mobile account changes
advanced analytics tools such as behavior tracking and analysis, to implement a more secure interaction by detecting likely fraudulent activity.
Security measures used to verify account changes for
Copyright 2014 J.Gold Associates, LLC.
It’s no longer the case that mobile logins present more of a challenge than on
Internet browsers. The result is higher levels of
authentication for mobile users.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Figure 13 : Using Advanced Analytical tools to detect fraud
Analysis: The use of advanced analytical tools will increase by approximately 50% in the next few years as companies search for compelling ways to fight the increasing level of fraud. respondents indicated that the use of advanced analytics tools to track behavior and mitigate fraud will grow by nearly 50%. This is a direct result of the maturity of these tools and the ability to make use of them with less required resources, including through cloud based service offerings, as well as the reduced cost of employinthe technology. We expect that this trend will continue to gain momentum over the next 2years.
Mobile E-Commerce: Mobile interactions have both a positive and negative effect. On the positive side they allow users to access websites morrespondents indicated a significant expected increase in revenues by allowing mobile interactions with their sales or service oneffect. Most respondents expect mobile to represent a significant portion of fraudulent interactions and provide significant loss of revenue.
Currently
Future
56.8%
Use of Advanced Analytical Tools to detect
Web and Mobile Fraud
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: Using Advanced Analytical tools to detect fraud
The use of advanced analytical tools will increase by approximately 50% in the next few years as companies search for compelling ways to fight the increasing level of fraud. Our respondents indicated that the use of advanced analytics tools to
or and mitigate fraud will grow by nearly 50%. This is a direct result of the maturity of these tools and the ability to make
of them with less required resources, including through cloud , as well as the reduced cost of employing
. We expect that this trend will continue to gain momentum over the next 2
Commerce: Friend or Foe Mobile interactions have both a positive and negative effect. On the positive side they allow users to access websites more often when they are truly mobile. Indeed, most of the respondents indicated a significant expected increase in revenues by allowing mobile interactions with their sales or service on-line presence. But mobile also has a negative
expect mobile to represent a significant portion of fraudulent interactions and provide significant loss of revenue.
56.8%
73.6%
39.6%
19.2%
3.6%
7.2%
Use of Advanced Analytical Tools to detect
Web and Mobile Fraud
Yes No Don't know
Copyright 2014 J.Gold Associates, LLC.
We expect at least 50% in use of analytical prediction
tools over the next 2years
Mobile fraud detection
Commerce: Friend or Foe?Cyber Security Study
18
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
: Using Advanced Analytical tools to detect fraud
. We expect that this trend will continue to gain momentum over the next 2-3
Mobile interactions have both a positive and negative effect. On the positive side they allow e often when they are truly mobile. Indeed, most of the
respondents indicated a significant expected increase in revenues by allowing mobile line presence. But mobile also has a negative
expect mobile to represent a significant portion of fraudulent
3.6%
7.2%
We expect an increase of at least 50% in use of analytical prediction
tools over the next 2-3 years for Internet and
Mobile fraud detection.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
Below is an evaluation of the potential losses from Internet shows the average revenues generated by organizsurvey data provided by the respondentstotal revenue. The company sizes were Very Small (Medium ($500M-$1B) and Large ($1B+). Figure 14: Reve nues by Very Small
Total Revenues
<$100M
Internet Revenues
$26M-$50M
Figure 14 is a compilation of the average amount of loss in the past 12 months due to Internet fraud based on the responses obtained from various size companies. Figure 15: Lost Revenues due to by Company Size (Average Percentage) Very Small Small% 6%-10% 6%$ $1.5M-$5M $1.5 Figure 15 represents losses incurred were due to Mobile fraud (as part of overall Internet related fraudulent losses). Figure 16 : Lost revenues due to Mobile Fraud, by Company size (Average Percentage) Very Small Small
% 1%-9% 10%$ $150K-$450K $150K
Analysis: The above figures show the average they lost due to Internet and Mobile channel fraud over the past 12 months. taking additional steps to reduce the amount of fraud in the onhuge payback, particularly for larger organizations that obtain significant revenue
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
the potential losses from Internet and Mobile Fraud. shows the average revenues generated by organizations of various sizessurvey data provided by the respondents, indicating Internet revenues were 26%
company sizes were Very Small ($100M), Small ($100M$1B) and Large ($1B+).
nues by Company Size
Small Medium Large
$100M-$499M $500M-$999M $1B
$26M-$250M $125M-$500M $250M
is a compilation of the average amount of loss in the past 12 months due to Internet fraud based on the responses obtained from various size companies.
Revenues due to Internet Fraud in past 12 monthsby Company Size (Average Percentage)
Small Medium Large 6%-10% 11%-20% 6%-10%$1.5M-$25M $13M-$100M $150M
incurred within the past 12 months that organizationsdue to Mobile fraud (as part of overall Internet related fraudulent losses).
: Lost revenues as percentage of total in past 12 months by Company size (Average Percentage)
Small Medium Large
10%-24% 10%-24% 10%-24%$150K-$6M $1.3M-$24M $15M-$240M
: The above figures show the average amount of revenue organizations indicated Internet and Mobile channel fraud over the past 12 months.
to reduce the amount of fraud in the on-line channel has a potentially huge payback, particularly for larger organizations that obtain significant revenue
Copyright 2014 J.Gold Associates, LLC.
Copyright 2014 J.Gold Associates, LLC.
Copyright 2014 J.Gold Associates, LLC.
Commerce: Friend or Foe?Cyber Security Study
19
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
Mobile Fraud. Figure 14 ations of various sizes, based on the
, indicating Internet revenues were 26%-50% of $100M), Small ($100M-$500M),
Large
$1B-$20B+
$250M-$10B
is a compilation of the average amount of loss in the past 12 months due to Internet fraud based on the responses obtained from various size companies.
Fraud in past 12 months ,
10%
$150M-$1B
organizations indicated due to Mobile fraud (as part of overall Internet related fraudulent losses).
in past 12 months by Company size (Average Percentage)
24% $240M
organizations indicated Internet and Mobile channel fraud over the past 12 months. It’s apparent that
line channel has a potentially huge payback, particularly for larger organizations that obtain significant revenues from e-
Copyright 2014 J.Gold Associates, LLC.
Copyright 2014 J.Gold Associates, LLC.
Copyright 2014 J.Gold Associates, LLC.
Copyright © 201
This research is licensed to RSA and TeleSignredistribute this research without the permission of J.Gold Associates, LLC.
commerce and mobile app solutions.in fraudulent interactions are compelling reasons to invest in better fraud reduction systems.understand that the losses above are within a 12 month period and therefore available to recover more imperative that companies invest in better security for their mobile applications and transactions. amount of Internet revenues generated, and hence the amount of Fraudulent losses, to increasetherefore imperative that organizations of all sizereducing and as much as possible Mobile induced fraud if the company is to thrive in an increasingly competit
Conclusions As can be seen from the results of this study, many companies are relying on the Internet as a major contributor to their revenues. Further, the role of Mobile interactions is increasing, both through mobile web and mobile apps. Yet there seembe a major disconnect between the contributions commerce, and the steps being taken to protect those interactions. Despite many companies they are protected, it is clear that the current level of investment in mobile security is not up to the task. It is imperative that organizations reassess their mobile strategies in light of the growth in fraudulent transactions and the resulting loss of revenues. Mobile security has a huge potential payback, likely returning 10every organization’s high priority list for the coming 1then continuously updated and enhanced for the foreseeable futuredo not make the required investment in enhanced mobile security will have sharply reduced revenue, as well as much higher costs of operations, and a dissatisfied customer base.
The research contained in this study has been licensed to RSA and TeleSign. No other parties are authorized to
this research without the express written permission of the copyright holder,
Copyright © 2015 J.Gold Associates, LLC. All rights reserved.
www.jgoldassociates.com
Mobile E-Commerce: Friend or Foe?Cyber Security Study
This research is licensed to RSA and TeleSign. No other parties are authorized to copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
commerce and mobile app solutions. Losses of $15M - $240M in fraudulent interactions are compelling reasons to invest in better fraud reduction systems. Further, it’s important to understand that the losses above are within a 12 month period
herefore available to recover annually. This makes it even more imperative that companies invest in better security for their mobile applications and transactions. We also expect the amount of Internet revenues generated, and hence the amount
es, to increase over the next 2-3 years. It is that organizations of all sizes invest in
reducing and as much as possible in eliminating all Internet and obile induced fraud if the company is to thrive in an increasingly competit
As can be seen from the results of this study, many companies e relying on the Internet as a major contributor to their
revenues. Further, the role of Mobile interactions is increasing, both through mobile web and mobile apps. Yet there seems to be a major disconnect between the contributions from mobile e-
and the steps being taken to protect those interactions. Despite many companies indicating they believe
, it is clear that the current level of investment in mobile security is not up to the task. It is imperative that
ess their mobile strategies in light of the growth in fraudulent transactions and the resulting loss of revenues. Mobile security has a
, likely returning 10-20 times or more of the investment.priority list for the coming 1-2 years to get things started now
then continuously updated and enhanced for the foreseeable future. Those companies that do not make the required investment in enhanced mobile security will have sharply reduced
as well as much higher costs of operations, and a dissatisfied customer base.
The research contained in this study has been licensed to RSA and parties are authorized to copy, post and/or redistribute
this research without the express written permission of the copyright holder, J.Gold Associates, LLC.
Taking additional stepto reduce the amount of
fraud onpotentially huge
payback, particularly for larger organizations
that obtain significant revenues from e
commerce and mobile
Those not make the required
investment in enhanced mobile security will have sharply reduced revenue,
as well as much higher costs of operations, and a dissatisfied customer
Commerce: Friend or Foe?Cyber Security Study
20
copy, post or redistribute this research without the permission of J.Gold Associates, LLC.
obile induced fraud if the company is to thrive in an increasingly competitive marketplace.
growth in fraudulent transactions and the resulting loss of revenues. Mobile security has a or more of the investment. It must be on
to get things started now, and . Those companies that
do not make the required investment in enhanced mobile security will have sharply reduced as well as much higher costs of operations, and a dissatisfied customer base.
The research contained in this study has been licensed to RSA and copy, post and/or redistribute
this research without the express written permission of the copyright holder,
Taking additional steps to reduce the amount of
fraud on-line has a potentially huge
payback, particularly for larger organizations
that obtain significant revenues from e-
commerce and mobile app solutions.
Those companies that do not make the required
investment in enhanced mobile security will have sharply reduced revenue,
as well as much higher costs of operations, and a dissatisfied customer
base.
About J.Gold AssociatesJ.Gold Associates provides insightful, meaningful and actionable
opportunities in the computer and technology industries. We offer a broad based knowledge of the
technology landscape, and bring that expertise to bear in our work. J.Gold Associates provides
strategic consulting, syndicated research
clients make important technology choices and to enable improved product deployment decisions
and go to market strategies.
About J.Gold Associates J.Gold Associates provides insightful, meaningful and actionable analysis of trends and
opportunities in the computer and technology industries. We offer a broad based knowledge of the
technology landscape, and bring that expertise to bear in our work. J.Gold Associates provides
strategic consulting, syndicated research and advisory services, and in-context analysis to help its
clients make important technology choices and to enable improved product deployment decisions
and go to market strategies.
J.Gold Associates, LLC 6 Valentine Road
Northborough, MA 01532 USA +1 508 393 5294
www.jgoldassociates.com
analysis of trends and
opportunities in the computer and technology industries. We offer a broad based knowledge of the
technology landscape, and bring that expertise to bear in our work. J.Gold Associates provides
context analysis to help its
clients make important technology choices and to enable improved product deployment decisions