Mobile E-Commerce: Friend or Foe? A Cyber Security Study

Research February 2015 Mobile E-Commerce: Friend or Foe? A A J.Gold Associates Research Report Many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices and browsers as not fitting into their always connected, on-the- move lifestyles. For organizations with an on-line presence, this shift has a profound impact, including an impact on website security, loss prevention and fraud. Assessing the impact of this shift on an organization s cyber security is the focus of this research study. Research Sponsored By

Contents Executive Summary... 3 Mobile Revenues... 3 The Friend:... 3 The Foe:... 3 Protecting Against Fraud... 3 Averaging the Mobile Losses... 4 Average revenue, mobile revenue, losses, and growth rate indicated by respondents... 4 Are You Investing Enough? Probably Not!... 4 The Study Results... 5 Revenue Channels... 5 Figure 1: Percentage of revenues from Internet channels... 6 Figure 2: Percentage of revenue from a Mobile App... 7 Analysis:... 7 Figure 3: Expected growth of Mobile App revenue in next 5 years... 8 Analysis:... 8 Revenue Loss Due to Fraud... 8 Figure 4: What percentage of revenues were lost to Internet and/or Mobile fraud in past 12 months... 9 Measuring Attitudes and Expectations... 10 Figure 5: Internet and Mobile fraud represent a significant risk... 10 Analysis:... 10 Counting Fraud Incidents... 11 Figure 6: How many Internet Fraud incidents in past 12 months... 11 Figure 7: What percentage of fraud incidents were Mobile... 12 Analysis... 12 How Big are the Risks... 13 Figure 8: How big a risk is Average of Responses... 13 redistribute without the permission of J.Gold Associates, LLC.

Analysis... 13 Login Requirements for Mobile Users... 14 Figure 9: What type of Mobile login credentials Currently required... 14 Figure 10: What type of Mobile login credentials required In Future... 15 Verifying user account changes... 16 Figure 11: Security measures used to verify Internet account changes... 16 Figure 12: Security measures used to verify Mobile account changes... 17 Use of Advanced Analytical Tools... 17 Figure 13: Using Advanced Analytical tools to detect fraud... 18 Mobile E-Commerce: Friend or Foe... 18 Figure 14: Revenues by Company Size... 19 Figure 15: Lost Revenues due to Internet Fraud in past 12 months, by Company Size (Average Percentage)... 19 Figure 16: Lost revenues as percentage of total in past 12 months due to Mobile Fraud, by Company size (Average Percentage)... 19 Analysis... 19 Conclusions... 20 redistribute without the permission of J.Gold Associates, LLC.

Executive Summary Mobile E-Commerce: Friend or Foe? That s the question many organizations need to ask themselves as they attempt to take advantage of the dramatic growth in users with mobile devices. Indeed, many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices and browsers as not fitting into their always connected, on-the-move lifestyles. For organizations with an on-line presence, this shift has a profound impact, including an impact on website security, loss prevention and fraud. Assessing the impact of this shift on an organization s cyber security is the focus of this research study. We conducted a web-based based survey of 250 organizations to find out whether Mobile E-commerce is a friend or a foe. Mobile Revenues The Friend: The average revenue of the organizations responding was $2.54B. Fully one third of organizations indicated they generated erated revenues from the Internet in the 26%-50% range. Further, 25% indicated that 11%-25% of that revenue came from a mobile app. These figures indicate the importance of Internet and Mobile revenue generation. Further, more than 50% of organizations believe that mobile revenues will grow 11%-50% over the next 3 years, and 30% believe it will grow 51%-100%.This 100%.This expected growth in mobile app revenues reflects both the market reality of more mobile users, as well as the realization that to remain competitive, e, companies must offer mobile apps on smartphones and tablets despite a significant security risk in potential fraud. The Foe: But there is also a dark side to this reliance on mobile revenues. Only 8% of companies indicated that they had no losses due to fraudulent activity in the past 12 months. And 34% indicated they had lost as much as 5% of revenues, 14% indicated they lost as much as 10% of revenues, and 15% indicated they lost as much as 25% of revenues. This is a staggering level of fraud induced losses. It also indicates that a very serious problem exists, one which is not being adequately addressed by current systems and processes. Protecting Against Fraud Mobile E-Commerce: Friend or Foe? TREND: In the next 2-3 years, we expect e- commerce interactions attributable to mobile devices and mobile apps to surpass those from standard browsers. As a result, companies not properly securing their mobile transactions face a significant risk of fraud incidents overwhelming their businesses J.Gold Associates LLC. About 2/3 of respondents believe that they can quickly detect and remediate Internet and Mobile fraud on their sites. Yet a large number of fraud incidents causing significant revenue losses are occurring. It seems clear that while many companies believe they are adequately protected, their level of security is lacking. We expect the growth of mobile interactions to significantly increase the percentage of mobile incidents, with 19% of companies already indicating that 25%-49% of their fraud incidents are due to mobile. We expect these rates to at least double over the next 2-3 years as mobile revenue contributions increase, unless significant remedial actions are implemented quickly. 3

Averaging the Mobile Losses Mobile E-Commerce: Friend or Foe? The average mobile loss across all the organizations responding was $92.3M per year. On average, organizations indicated that losses of approximately 3% of total revenues occur each year due to mobile fraud. Further they expect an average 47% growth of mobile transactions over the next five years (which we believe to be too conservative). Assuming loss ratios remain the same, the losses attributable to mobile will also increase by at least 47% over the same time period. Average revenue, mobile revenue, losses, and growth rate indicated by respondents Average Total Revenue $2.54B 4.53% Average % of Total Revenue Due to Mobile Average % of Total Rev Lost Due to Mobile 3.04% $92.3M Average $ Loss per year due to Mobile Average 5 Year Mobile Growth Rate 47% The total losses present a large amount of potential revenue if fraud were eliminated. It indicates that although many companies believe they are spending sufficiently on security, given the losses they are reporting, it s clear that most aren t. Companies must increase the level of expenditure on remediation of these losses. Investing an amount equal to as little as 10%-20% of the yearly losses in enhanced security systems would provide a significant boost to an organization s ability to limit or eliminate the losses resulting from fraud. Are You Investing Enough? Probably Not! All organizations with a mobile presence are experiencing loss due to inadequate security. It is imperative that organizations of Conclusion: Companies all sizes invest in technology solutions that limit and/or eliminate not making the required Mobile induced fraud if the company is to thrive in an investment now in enhanced mobile increasingly competitive marketplace. Mobile security has a security will have huge potential payback, likely returning 10-20 times or more of sharply reduced revenue, the investment. Clearly security is a long term challenge that as well as much higher needs continuous intervention. But it must be on every costs of operations, and organization s high priority list for the next 1-2 years as the need a dissatisfied customer to get a handle on this challenge will only grow in the future with base that may be increased reliance on mobile commerce. Waiting until the exposed to fraudulent problem is aggravated by increased numbers of users and activities which will higher losses are not in the best interest of the organization and drive them to other more will make remediation even more difficult. Companies not secure sites. making the required investment now in enhanced mobile security will have sharply reduced revenue, as well as much higher costs of operations, and a dissatisfied customer base that may be exposed to fraudulent activities which will drive them to other more secure sites. 4

The Study Results Mobile E-Commerce: Friend or Foe? That s the question many on-line organizations need to ask themselves as they attempt to take advantage of the dramatic growth in users with mobile devices. Indeed, many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices and browsers as not fitting into their always connected, on-the-move lifestyles. For organizations with an on-line presence, this shift has a profound impact, including an impact on website security, loss prevention and fraud. Assessing the impact of this shift on an organization s cyber security is the focus of this research study. To discover the impact of mobile commerce we created a survey that was completed by 250 organizations in North America. The average organizational revenue of the respondents was $2.54B. The survey was intended to study attitudes and the economic impact of fraud on web-based based Internet and mobile applications for companies engaged in interactions with consumers and business customers through PC and/or mobile application based E- commerce. The questions focused on obtaining the companies views on threats, recent breaches, economic impacts, and solutions to securing web and mobile based customer interactions. For this study, users were considered mobile if they interacted with web sites through either a smartphone or tablet device. For each section below, we ll define what questions we asked, and then furnish an analysis of the results obtained. Revenue Channels Mobile E-Commerce: Friend or Foe? We asked the respondents to identify the amount of revenues generated from various Internet channels (e.g., PC browser, mobile) and also to estimate the amount of revenues expected to be generated in the future. The intent was to discover the amount of revenues coming from the Mobile channel, and then be able to identify the risks associated with that revenue stream. 5

Figure 1: Percentage of revenues from Internet channels Percent of Revenues from Internet Don t know 0.8% 76%-100% 4.8% 51%-75% 24.4% 26%-50% 33.2% 11%-25% 27.2% 1%-10% 9.2% 0% 0.4% 6

Figure 2: Percentage of revenue from a Mobile App What Percentage of Revenue comes from Mobile App We don t have a mobile app 4.4% Don t know 1.6% 76%-100% 4.8% 51%-75% 26%-50% 11%-25% 22.8% 23.6% 24.4% 0%-10% 18.4% Analysis: Fully one third of those responding indicated their organization generated Internet revenues in the 26%-50% range. Further, 25% indicated that 11%-25% of that revenue came from a mobile app. These figures are higher than we expected, but clearly it indicates the importance of Internet and Mobile revenue generation which constitutes a major revenue stream. At such a high percentage, companies must find ways to protect those revenues from fraud. And we expect these revenues to continue to grow making it even more imperative to secure these transactions. 7

Figure 3: Expected growth of Mobile App revenue in next 5 years How much do you expect Mobile App Revenue to grow over next 5 years Don t know Greater than 200% 151%-200% 101%-150% 2.4% 1.6% 0.8% 4.0% 76%-100% 11.2% 51%-75% 17.2% 26%-50% 30.4% 11%-25% 21.2% 6%-10% 9.6% 0%-5% 1.6% Analysis: More than 50% of respondents believe that mobile revenues will grow 11%-50% over the next 3 years, and 30% believe it will grow 51%-100%. 100%.This expected significant growth in mobile app revenues reflects market reality of more mobile users, as well as the realization that to remain competitive, companies must continue to invest in their mobile capabilities. However, this represents a significant security risk in potential fraud, as we shall see. More than 50% of respondents believe mobile revenues will grow 11%-50% over next 3 years, 30% believe it will grow 51%-100%. Revenue Loss Due to Fraud Most companies expect mobile interactions to increase dramatically and generate significant revenues. However, there is also a significant potential for increased fraudulent activity from mobile devices, as they may be harder to protect and secure than traditional PC devices. 8

Figure 4: What percentage of revenues were lost to Internet and/or Mobile fraud in past 12 months Revenue lost due to Internet and Mobile Fraud in past 12 months Don t know 2.8% 66%-100% 51%-65% 0.0% 0.0% 36%-50% 11.6% 26%-35% 11%-25% 6%-10% 14.4% 13.6% 15.2% 1%-5% 34.0% 0% 8.4% Analysis: Only 8% of companies indicated that they had no fraudulent activity associated losses over the past 12 months. And There is a staggering 34% indicated they had lost as much as 5% of revenues, 14% level of fraudulent activity losses. It indicated they lost as much as 10% of revenues, and 15% indicated indicates a very serious they lost as much as 25% of revenues. Many respondents indicated problem exists that is not even greater losses, although the higher amounts may be being adequately overestimations. Nevertheless, this is a staggering level of addressed by today s fraudulent activity losses and explains why many organizations have systems and processes. been cautious about moving to a greater presence in E-commerce. It also indicates that a very serious problem exists that is not being adequately addressed by today s systems and processes. Improvements in loss prevention must be implemented quickly to stem these losses. 9

Measuring Attitudes and Expectations Mobile E-Commerce: Friend or Foe? We asked a series of questions to gauge the attitudes and expectations on threats that are posed to their organizations. We asked them to answer on a scale of 1 to 5, with 1 being strongly disagree and 5 being strongly agree, how they feel about the following statements. Figure 5 shows the average level of agreement and priorities for each statement. Figure 5: Internet and Mobile fraud represent a significant risk Severity of Fraud - Average of responses 1=Strongly Disagree, 5=Strongly Agree Fraud on our web site is quickly detected and remediated Have sufficient systems/processes for fraud detection on mobile platform Fraud on our Mobile App is quickly detected and remediated Company security budget is sufficient for minimizing Internet/Mobile fraud We are able to eliminate Internet and/or Mobile fraud Internet and Mobile fraud represent a significant risk The frequency and severity of fraud is on the rise We have not seen any Mobile App fraud on on E-commerce offering We have not seen any Fraud on our Internet E-Commerce offerings 4.04 4.01 4.00 3.85 3.82 3.78 3.58 3.47 3.30 Analysis: While most respondents say they have experienced significant losses from fraud, the majority also claim they have About 2/3 of sufficient systems and processes in place to minimize such respondents believe that fraud. This seems to be a clear disconnect between reality and they can quickly detect perception. Further, while most believe the incidents of fraud are and remediate Internet on the rise, they likewise believe they have significant budgets and Mobile fraud on and systems in place to deal with them. About 2/3 of their sites. Yet a large respondents believe that they can quickly detect and remediate number of fraud Internet and Mobile fraud on their sites. Yet a large number of incidents causing significant revenue fraud incidents causing significant revenue losses are losses are nevertheless nevertheless occurring. On average, organizations indicated occurring. they lost $92M per year in mobile fraud related incidents. It seems clear that while many of the respondents believe they are adequately protected, the level of security for both Internet and Mobile app interactions is lacking. The level of fraud and the average losses per organization indicate that few organizations have invested enough to keep their losses to an acceptable level. What is needed is a realistic assessment of the level of fraud losses which must drive the level of investment made in security systems to remediate those losses. For most companies it is 10

imperative that the level of investment in security systems and processes be increased significantly. Counting Fraud Incidents We asked how many fraud incidents they have had in the past year and how many were as a result of using a Mobile app accessing their E-commerce sites. Figure 6: How many Internet Fraud incidents in past 12 months How many Internet Fraud incidents in past 12 months Don't Know 10,000+ 5000-9999 1000-4999 500-999 250-499 100-249 50-99 25-49 10-24 1-9 0 0 1-9 10-24 25-49 50-99 Total 11% 30% 16% 100-249 250-499 500-999 1000-4999 5000-9999 9% 7% 7% 6% 5% 4% 1% 10,000 + Don't Know 0% 0% 11

Figure 7: What percentage of fraud incidents were Mobile Percentage of Fraud Incidents Due to Mobile 75%-100% 2% 50%-74% 7% 25%-49% 19% 10%-24% 29% 1-9% 28% 0% 14% Analysis: 48% of respondents indicated they experienced between 1-24 overall fraud incidents in the past year, while 25% indicated 48% indicated they they experienced between 25-250 incidents. The small number of experienced between 1- incidents reported either indicates organizations that have a small 24 fraud incidents in the scale presence on the web, or more likely ones that are somewhat past year, while 25% indicated between 25- oblivious to what is actually happening. Interestingly 28% of 250 incidents. 19% of respondents indicated that 1%-9% of the total fraud incidents were companies indicated mobile based, while 29% indicated that mobile caused 10%-24% of that 25%-49% of their fraud incidents. We expect the growth of mobile interactions to fraud incidents are due significantly increase the percentage of incidents caused by the to the mobile channel. mobile channels, with 19% of companies already indicating that Clearly mobile is a 25%-49% of their fraud incidents are due to the mobile channel. growing risk that s not Even if the number of incidents is underreported, the amount of being adequately loss as we shall see is quite high. Much more work needs to take addressed place in securing mobile interactions and mobile applications before organizations can feel confident that mobile fraud is being controlled, or will not spin out of control with the expected growth in interactions. Clearly mobile is a growing risk that s not being adequately addressed. 12

How Big are the Risks We asked about the risk that various technologies and processes pose by having respondents indicate on a scale of 1-5, with 1 being strongly disagree and 5 being strongly agree, what they thought of a particular risk. Figure 8 indicates the average score for each risk, and reflects what users thought were the most serious threats. Malware, as is to be expected, ranked quite high on the overall list. But increasingly, App Store Fraud (i.e., unauthorized or illegitimate app stores) and Fake Mobile Apps (i.e., apps masquerading as something else or embedded with malware), are increasingly being recognized. Figure 8: How big a risk is Average of Responses How Big a Risk is: (Average of Responses) Mobile E-Commerce: Friend or Foe? PC/Web Browser Malware Mobile Device Malware E-Wallet Fraud App Store Fraud Fake Mobile Apps Account Takeover Password Guessing 3.81 3.64 3.36 3.29 3.28 3.26 3.14 Analysis: There was a fairly even distribution of what the respondents thought were risk factors, with no one risk vector being dramatically more than the others. However, PC/Web Browser Malware, followed by Mobile Device Malware are the most visible and likely easiest to identify. This is likely a legacy of past experiences with PC-based systems, extended into the mobile realm. Yet these are very real risks, and it would make sense to exert reasonable efforts in protecting against these two security threats through updated practices and technology solutions (e.g., two factor authentication, malware protection, encrypted storage, secured vaults ). There is also a realization that mobile apps, via a fake app store or via malicious code embedded in an app, represent a growing risk that t must be dealt with. 13

Login Requirements for Mobile Users Mobile E-Commerce: Friend or Foe? Login methods for mobile users are migrating from traditional user name and password to more advanced biometrics and multi-factor authentication. This will be enabled by more devices enhanced with advanced technology as well as a proliferation of easier to use systems allowing more secure ID methods. We expect the majority of the transition to be completed in the next 3-4 years, with some aggressive organizations deploying systems in the next 1-2 years. We also expect the mobile channel to lead in this transition. What s shocking is the percentage of companies that fail to enforce basic credentials we have all grown accustomed to (e.g., 23% don t require user name and password to log in). Figure 9: What type of Mobile login credentials Currently required What type of log in authentication required from Mobile users Currently? Yes No We expect a major transition in mobile authentication to take place over the next 3-4 years, with aggressive organizations doing so in 1-2 years. User name and password 76.8% 23.2% Device ID Challenge based questions IP Recorgnition Phone based authentication (SMS & voice) Soft tokens Biometrics Not applicable None of above 3.2% 1.6% 51.6% 44.0% 40.8% 28.0% 19.6% 17.2% 48.4% 56.0% 59.2% 72.0% 80.4% 82.8% 96.8% 98.4% Don't know 0.4% 99.6% 14

Figure 10: What type of Mobile login credentials required In Future What type of log in authentication required from Mobile users in the Future? Yes No Biometrics Phone based authentication (SMS and Voice) Soft Tokens IP Recognition Challenge based questions Device ID User name and password Don't know Not applicable None of above 47.2% 38.4% 32.0% 30.4% 26.4% 25.6% 9.6% 5.6% 4.0% 2.4% 52.8% 61.6% 68.0% 69.6% 73.6% 74.4% 90.4% 94.4% 96.0% 97.6% Analysis: : There will be a significant shift in required Mobile login credentials taking place over the next 2-3 years as the primary focus shifts from user name and password to more advanced mechanisms like biometric, phone based authentication and soft tokens for two factor authentication. This upgrading of login techniques will improve the security of transactions by more positively determining who and what device is being used, and should significantly reduce the threat levels and consequent fraud on mobile transactions. There will be a significant shift in required Mobile login credentials over the next 2-3 years as focus shifts from name and password to advanced mechanisms like biometric, phone based authentication and soft tokens for two factor authentication. 15

Verifying user account changes We asked which types of verification techniques are employed to confirm that account changes are being made by the designated account owner, both for Internet connections and Mobile connections. Figure 11: Security measures used to verify Internet account changes Security measures used to verify account changes for Internet users Yes No Mobile E-Commerce: Friend or Foe? Challenge based questions 74.4% 25.6% Email verification 63.2% 36.8% Phone based authentication 36.8% 63.2% Nothing beyond user name and password 5.2% 94.8% Don't know 2.0% 98.0% 16

Figure 12: Security measures used to verify Mobile account changes Security measures used to verify account changes for Mobile users Yes No Email verification 54.4% 45.6% Phone based authentication 46.4% 53.6% Challenge based questions 44.8% 55.2% Nothing beyond user name and password 11.6% 88.4% Don't know 3.6% 96.4% Analysis: : The disparity between primary methods for Internet users (challenge based questions) versus Mobile used (Email verification) is primarily one of perception, assuming that mobile devices are harder r to use for data entry and will therefore being more difficult to require challenge-based question inputs. This is generally no longer the case with larger and higher definition screens, and better, faster connections. We expect to see higher levels of authentication required in the near future for mobile users, a least on a par with those of Internet users who are accustomed to multi-factor authentications and multi-step logins/confirmations. It s no longer the case that mobile logins present more of a challenge than on Internet browsers. The result is higher levels of authentication for mobile users. Use of Advanced Analytical Tools We asked if they used any advanced analytics tools such as behavior tracking and analysis, to implement a more secure interaction by detecting likely fraudulent activity. 17

Figure 13: Using Advanced Analytical tools to detect fraud Use of Advanced Analytical Tools to detect Web and Mobile Fraud Yes No Don't know Future 73.6% 19.2% 7.2% Currently 56.8% 39.6% 3.6% Analysis: The use of advanced analytical tools will increase by approximately 50% in the next few years as companies search for We expect an increase of compelling ways to fight the increasing level of fraud. Our at least 50% in use of respondents indicated that the use of advanced analytics tools to analytical prediction tools over the next 2-3 track behavior and mitigate fraud will grow by nearly 50%. This is years for Internet and a direct result of the maturity of these tools and the ability to make Mobile fraud detection. use of them with less required resources, including through cloud based service offerings, as well as the reduced cost of employing the technology. We expect that this trend will continue to gain momentum over the next 2-3 years. Mobile E-Commerce: Friend or Foe Mobile interactions have both a positive and negative effect. On the positive side they allow users to access websites more often when they are truly mobile. Indeed, most of the respondents indicated a significant expected increase in revenues by allowing mobile interactions with their sales or service on-line presence. But mobile also has a negative effect. Most respondents expect mobile to represent a significant portion of fraudulent interactions and provide significant loss of revenue. 18

Below is an evaluation of the potential losses from Internet and Mobile Fraud. Figure 14 shows the average revenues generated by organizations ations of various sizes, based on the survey data provided by the respondents, indicating Internet revenues were 26%-50% of total revenue. The company sizes were Very Small ($100M), Small ($100M-$500M), Medium ($500M-$1B) $1B) and Large ($1B+). Figure 14: Revenues by Company Size Total Revenues Internet Revenues Very Small <$100M $26M-$50M Small Medium Large $100M-$499M $500M-$999M $1B-$20B+ $26M-$250M $125M-$500M $250M-$10B Figure 14 is a compilation of the average amount of loss in the past 12 months due to Internet fraud based on the responses obtained from various size companies. Figure 15: Lost Revenues due to Internet Fraud in past 12 months, by Company Size (Average Percentage) Very Small Small Medium Large % 6%-10% 6%-10% 11%-20% 6%-10% $ $1.5M-$5M $1.5M-$25M $13M-$100M $150M-$1B Figure 15 represents losses incurred within the past 12 months that organizations indicated were due to Mobile fraud (as part of overall Internet related fraudulent losses). Figure 16: Lost revenues as percentage of total in past 12 months due to Mobile Fraud, by Company size (Average Percentage) Very Small Small Medium Large % 1%-9% 10%-24% 10%-24% 10%-24% $ $150K-$450K $150K-$6M $1.3M-$24M $15M-$240M$240M Analysis: : The above figures show the average amount of revenue organizations indicated they lost due to Internet and Mobile channel fraud over the past 12 months. It s apparent that taking additional steps to reduce the amount of fraud in the on-line channel has a potentially huge payback, particularly for larger organizations that obtain significant revenues from e- 19

commerce and mobile app solutions. Losses of $15M - $240M in fraudulent interactions are compelling reasons to invest in Taking additional steps better fraud reduction systems. Further, it s important to to reduce the amount of understand that the losses above are within a 12 month period fraud on-line has a potentially huge and therefore available to recover annually. This makes it even payback, particularly for more imperative that companies invest in better security for larger organizations their mobile applications and transactions. We also expect the that obtain significant amount of Internet revenues generated, and hence the amount revenues from e- of Fraudulent losses, to increase over the next 2-3 years. It is commerce and mobile therefore imperative that organizations of all sizes invest in app solutions. reducing and as much as possible in eliminating all Internet and Mobile induced fraud if the company is to thrive in an increasingly competitive marketplace. Conclusions As can be seen from the results of this study, many companies are relying on the Internet as a major contributor to their Those companies that do revenues. Further, the role of Mobile interactions is increasing, not make the required both through mobile web and mobile apps. Yet there seems to investment in enhanced be a major disconnect between the contributions from mobile e- mobile security will have sharply reduced revenue, commerce, and the steps being taken to protect those as well as much higher interactions. Despite many companies indicating they believe costs of operations, and they are protected, it is clear that the current level of investment a dissatisfied customer in mobile security is not up to the task. It is imperative that base. organizations reassess ess their mobile strategies in light of the growth in fraudulent transactions and the resulting loss of revenues. Mobile security has a huge potential payback, likely returning 10-20 times or more of the investment. It must be on every organization s high priority list for the coming 1-2 years to get things started now, and then continuously updated and enhanced for the foreseeable future. Those companies that do not make the required investment in enhanced mobile security will have sharply reduced revenue, as well as much higher costs of operations, and a dissatisfied customer base. The research contained in this study has been licensed to RSA and TeleSign. No other parties are authorized to copy, post and/or redistribute this research without the express written permission of the copyright holder, J.Gold Associates, LLC. 20

About J.Gold Associates J.Gold Associates provides insightful, meaningful and actionable analysis of trends and opportunities in the computer and technology industries. We offer a broad based knowledge of the technology landscape, and bring that expertise to bear in our work. J.Gold Associates provides strategic consulting, syndicated research and advisory services, and in-context analysis to help its clients make important technology choices and to enable improved product deployment decisions and go to market strategies. J.Gold Associates, LLC 6 Valentine Road Northborough, MA 01532 USA +1 508 393 5294