Risk
01/25/2017

Is Amazon Go Safe from Mobile Fraud?


mobile-fraud.png

With the introduction of Amazon’s new brick and mortar grocery store, Amazon Go, standing in line to pay at the cashier is a thing of the past. At Amazon Go stores, the customer’s mobile phone detects what items they have placed in their basket, and simply bills their account when they exit the store using a sensor. This is a massive shift in the way commerce is experienced. Despite the novelty in innovation, with the prevalence of identity theft, mobile fraud and credit card phishing, Amazon Go needs to provide consumers the assurance that this new, innovative payment experience is safe and secure.

Here’s how the new Amazon Go stores could impact the security of credit cards in existing Amazon accounts, as well as the potential impact of “invisible payments” on the banking industry, and what Amazon Go will likely do to enhance fraud prevention and mobile payment security.

Securing Existing Amazon Accounts
If you look at the total number of existing Amazon users, the platform has roughly 1 billion total credit cards on file. That’s a potentially huge security concern for Amazon Go, since fraudsters will likely try to phish those accounts. Those seeking to commit fraud in an Amazon Go store are more likely to sign up for a new Amazon account with a stolen credit card, since it is easier than penetrating Amazon’s existing security network. Rodger Desai, CEO of Payfone, illustrates this point:

“Whenever you buy something online, merchants and their processors look at where you’re sending the goods. When fraudsters change the “Ship To” from the address your bank has on file, it’s a clear signal that something may be amiss and requires further vetting. With Amazon Go, those traditional warning signals go out the window. So I can just login as “you,” walk out with stuff, and bill it to you. I think it further exacerbates a very weak identity authentication system. This is true for omni-commerce in general. Buying online and picking up in-store has the same new vulnerabilities.”

Amazon Go will need to utilize various methods to prevent mobile fraud. Technologies are being developed that analyze how people walk and hold their phone as they move in and out of the payment gate. After establishing a baseline for each customer, the software can then spot potential abnormalities as people exit the store and alert as potential fraud.

The Future of Invisible Payments
Amazon Go is attempting to set a standard for invisible payments that could then be applied to different industries and scenarios. What banks need to recognize is that there’s an underserved demographic of people for whom every second of the day is precious. A parent who would rather spend time with their children than wait in a grocery line, or a student who could squeeze in a visit to the gym if they didn’t spend so much time shopping. While the internet saves consumers money by giving them access to price comparisons, invisible payments (like the Amazon Go model) via mobile save people time.

It’s worth noting that invisible payment adoption probably won’t be equally distributed across the board; the older generation might not see that much use for it and prefer the perceived security of paying at the cashier. It is the younger demographic, and on-the-go professionals, who will be the most impacted by invisible payment technology moving forward. The key, Desai emphasizes, is establishing trust with the consumer and being “very conscious of how you’re supporting them” despite the risk that can accompany this payment experience.

Fraud Prevention & Mobile Security
A major security issue will be the provisioning of new accounts, where people might purchase a stolen credit card number on a black market website, then set up a new Amazon Go account on a burner phone to make purchases.

It remains to be seen how Amazon Go will cope specifically with this challenge, but there is an opportunity for banks and fintech companies to play a role in both identity fraud and mobile intelligence. Purchases made on phone numbers and/or devices that have only existed for a couple of days might trigger a fraud alert, for instance. It will be this familiarity with consumer purchase tendencies, and established track records with phone numbers and devices, that Amazon Go will likely use to detect fraud. At the end of the day, verifying mobile identity will be the critical authentication factor for Amazon Go.

David Harrington