The world is going mobile. And so too is Fraud. Global smartphone ownership rose sharply from 49% in 2016 to 83% in 2022, equating to 6.64 billion people owning a mobile device, turning to mobile apps to surf the web, do online shopping and mobile banking.
What is seen as a success of tech innovation has also resulted in an increasing opportunity for fraudsters to target mobile device users, mobile app fraud is not only growing, but is still misunderstood by e-commerce merchants, financial institutions and mobile device users alike.
COVID-19 forced more people online
The natural step necessary to continue life as normal as possible during the early pandemic lockdowns was for people and businesses to move online.
This huge influx of new online users included brick-and-mortar stores that were forced to provide an e-commerce platform to survive.
Existing online merchants also sought to introduce m-commerce platforms and more payment options to entice users with their service. Although already popular pre-pandemic, mobile banking uptake also shot up.
The result has been a huge rise in global payments and transactions taking place to ensure continued business revenue growth.
Unfortunately, this rise has gone hand in hand with global fraud rates, as fraudsters have targeted those that do not fully understand the online threats or have inadequate anti-fraud and security measures in place.
This lack of understanding has led fraudsters to focus on tried and tested techniques to defraud victims, most of which rely on building trust, and having victims do half the work of the fraudsters.
Fraud threats on mobile devices are continually being adapted
Social engineering scams are nothing new. They’re frequently mentioned in the media, with phishing email scams being the most recognizable form.
A fraudster will aim to encourage victims to carry out an action that may not be in their best interest. Victims may be convinced to unwittingly visit a phishing site or download malware, all with the intent of stealing data to perform account takeovers (ATO) and identity theft and fraud.
To new online users, maintaining security to hinder fraudsters may seem like a daunting task on desktops, but on mobile devices, the threat is still misunderstood.
“The online payment fraud threats we often associate with desktop browsing experiences can just as easily affect smartphone users,” explains Hubert Rachwalski, CEO, Nethone .
“Fraud methods of equal, if not greater risk to online businesses, are being continually adapted to target all mobile device users – and with increasing technical sophistication. There are now mobile specific fraud techniques that are growing and becoming popular amongst fraudsters, at a time when mobile device ownership is increasing.
Unfortunately, as FinTech companies adapt to all fraud threats, we often see that individuals and some e-commerce companies have a false sense of security regarding mobile experiences, believing them to be immune from security threats.
Even those with a good understanding of online payment and transaction fraud may not be fully aware that there is a rising threat of account takeovers, for example, that can be performed via mobile native platforms.”
Mobile app fraud protection must be taken seriously
Phishing is still a very real threat, but emails may contain links to download a fake app which can steal your details. SMiShing and vishing aim for the same.
Direct SMS messages and voice calls can appear to be from legitimate banks or online stores with spoofed caller IDs, enticing victims to download and install fake apps.
There have been cases where fake apps found in Apple’s App Store and Google Play were downloaded 100,000+ times before they were taken down. The potential for fraudsters to succeed in account takeovers is huge.
The effects of downloading malicious malware or fake apps can result in Apple and Android security restrictions being bypassed and 3rd party (illegal) software being installed to steal your details or even allow a fraudster to control your phone and monitor everything you do.
It often doesn’t have to be so complicated – a fraudster can attempt to use your already installed remote access tools (such as TeamViewer) to then have a free hand at transferring all your personal files and data.
Why is all this important? Some forecasts state that by 2025, 72% of all internet users will surf online using smartphones.
This change is already happening as we analyse service traffic and can see increases in mobile visitors.
Without effective company anti-fraud measures in place, and the know-how amongst everyday users, fraud will continue to increase.
Fraudsters are actively discussing, planning and sharing tools on dark web marketplaces and forums to target mobile users. To ignore the threat is dangerous.
Dark web intelligence helps fight fraudsters
The professionalisation of fraud has been a growing problem for years, becoming increasingly more sophisticated in nature.
It is now possible for people even with mid-level tech skills to access dark web tools, knowledge and even stolen accounts and identities necessary to perform online fraud activities.
The marketing is sleek, with fraudster customer support also on hand to provide help for other cybercriminals with tech issues – all at very reasonable prices.
The financial gains from such activities can be lucrative for fraudsters, but the losses can dent company revenues and reputations, whereas individual victims can be crippled by financial theft.
Fighting back, one can use dark web intelligence to continually adapt to the threats posed by fraudsters. This knowledge can be incorporated into advanced fraud detection and prevention solutions, which can be powered by machine learning (ML) models.
Behavioural biometrics for automatic analysis of digital fingerprints and user interactions, gives 3-times higher fraud detection on mobile applications, for instance.
This means it is possible determine a user’s device setup and whether or not they are making efforts to mask their true identities and locations etc.
Every single swipe and tap of a smartphone screen is also analysed to determine if a user is real, imitating an original account holder, or is part of a bot factory.
With such capabilities, it is possible to prevent mobile app fraud during all stages of the customer journey (registration, login, payment, etc).
