Along with the enormous success of mobile phone sales, wireless carriers and resellers have to contend with a variety of issues around theft and fraud. Working closely with several carriers and resellers, we’ve seen four primary fraud threats that financially impact carrier business. They include:

1. Account creation / application fraud – In this case, a fraudster uses a stolen identity to apply for an account online to order phones and services.  After initiating a shipping scheme to obtain the goods, the fraudster runs up the phone bill until the carrier or identity theft victim uncovers the charges.Much like credit issuers, carriers perform comprehensive identity and financial background checks on applicants, however, the checks are on the identity theft victim.  By adding a device check at the front of the process (which looks at the computer or Internet-enabled device being used), carriers can quickly identify suspicious activity such as when the same computer initiates multiple applications under various identities, or if the computer being used has been involved in previous fraudulent activity. (more…)

This week alone, I have seen two separate iPhone apps enabling multi-factor authentication for the likes of your accounts at AOL, eBay, PayPal and Blizzard, the provider of the popular online game World of Warcraft. The first application is provided by Verisign and provides multi-factor authentication for AOL, eBay, and PayPal to combat identity theft and account takeover. This could easily be expanded to include other sites and is a significant improvement over the options that were previously available. The second application is provided by Blizzard to authenticate users to their popular online games, like World of Warcraft, and is intended to address their account takeover problems.

Before these mobile applications, sites could either provide a separate hardware token for multi-factor authentication which was expensive and difficult to manage, or it could provide this capability through a text message on the phone which could be costly for both the consumer and the company. This application solves the token problem by attaching itself to something that most users always have in their possession (their mobile phone) and solves the cost problem by bypassing costly text messages and embedding the password generation intelligence in the mobile app. There is a beta version of the Verisign app for some BlackBerry models and for another 40 phones in development. The Blizzard version is currently only available for the iPhone and iPod touch, but other models will likely follow.  The ease of adoption for the iPhone could be the difference make in this instance and it could be a positive step in the direction at combatting online fraud and more specifically account takeovers.