Deliver Your News to the World

Gartner Says the Use of Mobile Fraud Detection in Mobile Commerce Environments is Imperative


Key Issues Facing Context-Aware Computing to Be Discussed at Gartner Symposium/ITxpo, October 17-21, in Orlando

STAMFORD, Conn. - By year-end 2013, location information or profile information from mobile phones will be used to validate 90 percent of mobile transactions, according to Gartner, Inc. Gartner said that the rapid adoption of smartphones is forcing banks, social networks and other e-commerce providers to implement the kinds of fraud detection capabilities that have become mainstream with fixed-line computing.

“Because of the improving browser experiences on smartphones, mobile commerce and transaction execution are set to increase rapidly,” said William Clark, research vice president at Gartner. “We estimate that by the end of 2013, 12.5 percent of all e-commerce transactions will be mobile.”

“Enterprise applications must detect fraud in these mobile environments, but fraud detection tools available today that work in fixed-line computing environments don’t work well or at all in the mobile world,” Mr. Clark said. “There are a number of methods that can be implemented to help enterprises detect fraud in the mobile space, but they are still in their early stages of development, and it will take until at least 2012 for them to transform from embryonic applications to technically mature systems that work easily and transparently across disparate mobile networks.”

“The evolution of these fraud detection tools will play a part in turning mobile commerce into location- and context-aware commerce by increasing the confidence of businesses, financial institutions and end users,” said Avivah Litan, vice president and distinguished analyst at Gartner. “This increase in confidence will help open up new possibilities for context awareness that will be richer than they are in fixed-line commerce.”

Fraud prevention methods available today to mobile applications include:

Mobile device identification — This is enabled through a JavaScript on the server that the user logs in to, which captures whatever information it can get from the user’s browser and phone, depending on whether the user is using a browser or native application. If the application is browser-based, then the JavaScript application captures whatever information it can get from the user’s browser to uniquely identify that particular user’s browser and mobile device. If the mobile application is native and residing on the mobile handset, native applications can additionally gather the phone’s serial number and network card number. This will require opt-in by the user.

Location of device — This is based on the phone’s location information independent of the browser (IP address), so the user does not have to have his or her mobile browser application open for this to work; the phone only needs to be turned on. Enterprises may want to check and correlate the location of the device relative to anything else they know about the user’s location through other systems they may interact with at the enterprise. For mobile phones, there are two architectures that are used to obtain location information: One relies on device information (e.g., using the GPS-API applications that the user must opt into); the other employs APIs provided through mobile network operators that don’t require the users to opt in to releasing this information.

Some online fraud detection vendors are starting to tune their risk scoring and/or rule-based models specifically for mobile applications — For example, some vendors are looking at the mobile device itself, the location of the phone, and the behavior of the user inside the host application while transacting from the phone. This area is very new to the fraud detection vendors, as there is little mobile transaction experience to draw on in order to build effective risk models and scores that significantly improve on risk models that have already been built for fixed-line computing. It tries to combine some of the methods listed above, including mobile device identification and examining the location of the mobile phone in relation to other information known about the user and his/her location.

“Given the explosive growth of smartphones and other mobile devices, the increase in mobile commerce, and the migration of fraud attacks to these devices, using mobile fraud detection in mobile commerce environments is an imperative,” Ms. Litan said. “While smartphones are a catalyst for mobile commerce, enterprises need to also consider the potential of using context information for fraud detection for nonmobile transactions by combining and correlating the location information that can now be derived from any kind of mobile phone worldwide with the other process information associated with the consumer who owns the phone.”

Gartner estimates that 70 percent of the largest 20 global card issuers (who authorize more than 50 percent of all payment card transactions) will gradually adopt mobile context information to help detect fraud on fixed-line transactions, and that by year-end 2015, more than 15 percent of all payment card transactions will be validated using context-aware profile information.

“Enterprises that want to remain competitive in electronic commerce over the next five years should begin exploring context-aware applications by year-end 2011, for both fraud detection and later on for customer acquisition and retention activities afforded by personalized and customized marketing and advertising information,” Mr. Clark said. “Both users and service providers should have a better and more secure experience enabled through the use of rich contextual information coming from mobile phones.”

Additional information is available in the report “Get Smart With Context-Aware Mobile Fraud Detection” which is available on Gartner’s website at

Mr. Clark will provide more detailed analysis during the session “Context-Aware Computing Scenario: What CIOs Must Know” at Gartner Symposium/ITxpo, being held October 17-21 in Orlando, Florida.

About Gartner Symposium/ITxpo

Celebrating its 20th anniversary, Gartner Symposium/ITxpo is the world’s most important gathering of CIOs and senior IT executives. This event delivers independent and objective content with the authority and weight of the world’s leading IT research and advisory organization, and provides access to the latest solutions from key technology providers. Gartner’s annual Symposium/ITxpo events are key components of attendees’ annual planning efforts. IT executives rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use IT to address business challenges and improve operational efficiency. Additional information is available at Members of the media can register for the event by contacting Christy Pettey at

Additional information from the event will be shared on Twitter at and using #GartnerSym.

Upcoming dates and locations for Gartner Symposium/ITxpo include:

October 17-21, Orlando, Florida:

October 25-27, Tokyo, Japan:

November 8-11, Cannes,

November 16-18, Sydney,

About Gartner:
Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner deliver the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to approximately 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has approximately 4,300 associates, including approximately 1,200 research analysts and consultants serving clients in 80 countries. For more information, visit


This news content was configured by WebWire editorial staff. Linking is permitted.

News Release Distribution and Press Release Distribution Services Provided by WebWire.