Fraud Prevention for Your Shared Mobility Operations

28. June 2023 Reading time: 11 minutes

Outlining key strategies that shared mobility operators can implement to effectively combat fraud at every stage of the end-user journey

Fraud is pervasive. From identity theft and malware attacks to pyramid schemes and money laundering, bad actors are finding new ways to infiltrate nearly every aspect of our daily lives – and shared mobility operators are not immune.

The financial impact of fraud can be staggering.

Most recent reports state that globally more than 5 trillion USD are lost annually to fraudsters with this number projected to double by 2025.

Source: Cybercrime Magazine “Cyberware in the C Suite”

Unfortunately, specific figures relating to the shared mobility industry are not regularly recorded by an independent body – but we do know anecdotally that losses related to fraud continue to be one of the biggest problems for operators of all fleet sizes and models.

If you also consider that shared mobility is a tough industry to achieve consistent profitability in, every penny lost to fraud can threaten the stability of your entire operation. And with fraudsters developing more sophisticated techniques all the time, the future can start to feel a bit like pushing a boulder up a hill. But it’s not all bad news – not even a little bit!

An experienced software provider can be your ultimate partner in fraud prevention. The right partner will understand each stage of your end-user lifecycle and the areas in which you’re most vulnerable. They’ll also be in a constant state of technological evolution, keeping time with and even staying ahead of the techniques that criminals employ to steal your profits.

Let’s start by looking at a broader picture of fraud in shared mobility, from regulatory requirements to the financial costs of getting fraud prevention wrong. Then we’ll describe classic scams to look out for and explain the ways in which shared mobility operators can effectively fight fraud at each stage of the end-user journey from account sign-up to payment.

Quantifying the cost of fraud for shared mobility providers

Putting a price tag on fraud can be difficult since total losses can vary depending on several factors, ranging from the scale of the operation, the specific types of fraud encountered, and the effectiveness of the prevention measures in place.

Fraud in shared mobility can also manifest in different ways, such as fraudulent credit card usage, fake driver’s licenses, identity theft, or false insurance claims. These activities can result in financial losses from covering the costs associated with the fraudulent transactions to compensating for damages left by users who used fake identities during onboarding.

Of course, the cost of fraud is not limited to financial losses alone. Fraud incidents can also severely damage your reputation, lead to customer dissatisfaction, and even incur additional administrative and legal expenses.

So how much does fraud cost operators? Well, McKinsey estimates that shared mobility could generate up to 1$ trillion in consumer spending by 2030. That’s a lot of money left up for grabs.

Regulatory obligations in shared mobility

We spoke with our identity verification partner, Veriff to get the full picture of the regulatory landscape for shared mobility. Aleksander Tsuiman, Head of Regulatory (Privacy and Product) at Veriff shared his perspective, “For the EU, there is a lack of harmonisation in the sector. The regulatory framework for shared mobility is predominantly a patchwork of local country-specific laws and regulations, with certain auxiliary fields of law harmonised on the EU level (e.g., consumer protection).

Tsuiman goes on to explain that operators who provide their services in a variety of locations must acquaint themselves with a wide array of rules that can differ not only from state to state but also from region to region and even city to city.

He describes that within the European Union alone, there is a laundry list of rules to consider, “Specifically in the EU, operators have to consider a range of topics when offering shared mobility services which can include customer protection rules, environment protection rules (i.e. carbon emissions), road traffic rules, rules pertaining to the vehicle requirements, insurance requirements, registration requirements, licensing requirements (i.e. plates) and tax rules. A number of such rules can impose direct or indirect actions for mobility providers, including – for risk management purposes – requirements to make sure that the identity of the persons using the applications and, ultimately, the vehicles are known to the service providers.

To sum up, the shared mobility operators are working within a complex regulatory framework as the operators must consider a diverse range of legal topics but should also be mindful of the internal risks that their operations generate and how to mitigate them.”

Differences in micromobility vs car sharing fraud

There are also important nuances to consider when it comes to the ways in which fraud can impact operators of various fleet types. For example, if you manage a fleet of e-scooters, you may be exposed to more frequent abuses of fraudulent behavior due to the large number of short-duration trips, which can mean more riders, more often and ultimately more risk exposure.

Car-sharing operators, however, typically deal with longer-duration rentals, requiring thorough verification of identities, driving licenses, and payment methods. They must focus on preventing unauthorized access to vehicles and ensuring accurate billing throughout the rental period.

The value of the hardware itself must also be considered. An electric or fuel-based car runs at a significantly higher value per unit than an electric bike or e-scooter. Therefore, damages and theft can derail your annual profit margins even quicker when running a car-sharing operation.

Challenges across the customer lifecycle

Now let’s take a closer look at where fraud can strike and share the measures your software provider or in-house solution should be employed to protect you.

Fraud during registration

At the time of registration, an operator can find themselves exposed to cyber-attacks via their end-user app. A common method entails an individual or group mass-registering phone numbers over a short period. In one instance, a mobility operator described having received more than 2000 requests over the course of several minutes. This is a problem for operators as there are charges associated with every text or SMS that is triggered by a phone number registration (fees that they must pay to their communications provider). Unimpeded, this type of attack can disrupt and in even the most severe cases, overwhelm the infrastructure that enables the operator’s service in the first place, resulting in service down times.

At goUrban, we have robust measures in place to mitigate attacks like these. For example, also allow operators to blacklist phone numbers with specific pre-fixes as required. Such measures are an effective way to automatically defend against spam and cyber-attacks throughout the registration period.

After successful registration, users will log in and add a payment method. They may also be required to add government-issued identification documents – it’s at this phase of the customer journey where the most common and potentially damaging acts of fraud are attempted. We can separate these fraudulent actions into two categories: identity fraud and financial fraud.

Identity fraud during log-in (including fake emails, phone numbers and documents)

When a user first logs in, they are typically asked to provide either a phone number or email address – in some cases even both. However, these forms of “identification” are simple to fake. Email addresses can be created quickly, easily, and anonymously. A user can input a phone number that doesn’t belong to them. Without further authentication requirements, a user can proceed with their rental without ever having had to confirm any authentic personal information.

This is particularly relevant for micromobility operators. As they are not required to collect proof of valid government-issued IDs to access services, it’s of the utmost importance that valid emails and phone numbers are used during login.

goUrban clients are assisted in two ways:

  • Email verification: new address must be confirmed via a confirmation email
  • Phone number verification: phone numbers must be confirmed via an SMS containing a one-time-password (OTP)

Both methods provide an additional layer of protection against fraud at the onset of the customer journey while also improving an operator’s ability to communicate with users in the event of any issues regarding invoicing, service disruptions and other such concerns. But what happens when an official photo ID is required?

In the case of car sharing (although not limited to), before the first trip can even begin, the operator will need to confirm that the user has a valid driver’s license and that they are the owner of the submitted documentation. Ensuring that the identity of the user matches their document is an essential step of the identity verification process and an effective method to prevent fraudsters from using your services.

But the act of identifying customers can be easier said than done. The system in place needs to be as fast as it is accurate in order to not disrupt genuine users from starting trips as quickly and conveniently as possible. That’s where our identity verification partner Veriff comes in.

goUrban has integrated the expertise of Veriff into our tech stack, resulting in a robust and seamless identity verification service that works for operators and users alike. Our clients, mobility operators, can easily defend their fleets from bad actors while making genuine service access as barrier-free as possible.

How it works: The user provides a photo of their driver’s license as well as a real-time photo of their face to the in-app portal. Using artificial intelligence, biometrics, and machine learning technology, Veriff extracts and analyzes the data, providing a decision of acceptance or rejection in only a matter of seconds. They currently support over 10,000 government-issued IDs from 190 countries which means operators can be reassured that they’ll be able to onboard users across a variety of jurisdictions.

Financial fraud and unpaid invoices

Now what about payment-based fraud in shared mobility?

We frequently see common scams that include the usage of stored value cards with low balances or bank accounts with low or negative balances that prevent the successful payment of the services after they’ve been delivered. In either circumstance, the result is an unpaid invoice, which means the operator is left footing the cost of the trip themselves.

Operators routinely tell us that unpaid invoices continue to be one of their biggest challenges and largest loss areas. For this reason, we’ve taken steps to provide shared mobility operators with a set of tools that can effectively reduce and in some cases, altogether eliminate defaults on payment.

How it works: goUrban helps defend our clients against financial fraud in three ways: pre-authorization, minimum balance requirements, and in the event of non-payment, scheduled charge attempts. In the case of pre-authorization, we enable operators to check if a user has a pre-determined amount of funds available on their selected payment method.

With minimum balance requirements, an operator can set a specific amount of funds that the user must have in their account to be able to begin a rental. Finally, scheduled charge attempts are applied in the case of non-payment and involve attempting to charge a user’s payment method several times over a pre-determined period to recover the lost funds should the opportunity arise.

But applying some of the defences above is also a numbers game. For instance, this type of financial fraud currently disproportionately impacts micromobility operators as the trips those users take tend to be shorter and less expensive which translates to less revenue per ride. Paying for a pre-authorization check in these instances may not make the most sense when trying to achieve profitability – it really depends on what a close analysis of your fraud loss-to-profit ratio reveals.

Fighting fraud with better data insights

At goUrban our customer success team focus on helping clients with their strategic planning, operational optimization, implementing new technology and fraud prevention. Our teams understand the unique challenges facing mobility operators and are well-trained in providing unique, tailored strategies to achieve profitability. By leveraging our industry insights and data-driven approach, operators can optimize their operations, streamline processes, and maximize revenue while preventing even the most complex cases of fraud – as well as the ones most relevant to their unique operations.

Read more: How to Choose the Right Mobility Software Provider

In this rapidly evolving landscape, shared mobility operators cannot afford to ignore the pressing issue of fraud. Reach out to us today to learn more about how goUrban’s comprehensive solutions can help you effectively combat fraud and achieve long-term profitability.