In 2019, the number of mobile phone users worldwide is forecast to reach 4.68 billion. For 90% of these individuals, online shopping is one of the top ways they use their mobile devices. What may be lesser known to these consumers, is the rate at which mobile fraud has increased in recent years. Fraudulent activities on shopping apps have cost the e-commerce industry $275 million as of Q1 2018, putting customers and retailers alike at risk. A Gartner report indicates that by 2019, mobile malware will amount to one-third of total malware reported in standard tests.
Mobile fraud is rampant, and clever fraudsters know that the mobile framework makes spotting fraud more complicated than catching fraud on desktop applications. Online retailers need to understand that their mobile fraud prevention requires a special touch, and they should be looking for a fraud prevention solution that can stop it on both mobile and desktop.
What Constitutes Mobile Fraud?
Mobile fraud can include attempted or successful fraudulent transactions carried out in a mobile environment, either through a mobile application or through the browser of a mobile device. Mobile fraud sometimes takes advantage of weaknesses inherent to applications that are tied to e-wallets. Gaining access to the phone or the e-wallet therefore opens up easy avenues for fraudsters to exploit. Examples of mobile fraud include fraudulent m-commerce transactions, fraudulent buyer/seller collusion within a mobile marketplace, and payment accounts taken over and funds misappropriated via mobile.
Mobile fraud can also be perpetrated by fraudsters who are not actually using a mobile device. This is done through ‘emulators’ which allow the criminal to appear to come from a mobile device, and make purchases via mobile apps or mobile websites, while in fact a laptop or desktop computer is being used. This gives the fraudster enormous flexibility when it comes to pretending to come from a different location and appearing to be using a different device for every transaction.
How Fraudsters Leverage Mobile Devices
For fraudsters, mobile devices are easier and cheaper to replace, allowing them to appear from multiple devices and simply switch out or change devices in order to perpetrate new attacks. Fraudsters also know that regular methods of geolocation are less effective when it comes to mobile devices, since IP address identification is not always reliable. IP addresses can be more complicated to pinpoint on mobile because users can easily move between legitimate networks. As such, if applying the same fraud prevention method via desktop and mobile devices, false positives will be much higher on mobile. Additionally, device fingerprinting — a mechanism which works by uniquely identifying computers, tablets, and mobile phones based on that device’s own unique specific configurations (browser versions, plugins installed, fonts installed, time zone settings, etc.) — aims to connect online identities to real-world ones.
This may seem like a straightforward manner of catching a fraudster. Say an online criminal were to commit fraud using a particular mobile device, and then was caught and had the device fingerprinted. Reason indicates that this fraudster would be foiled, or at the very least, they would be precluded from utilizing this device again. However, the fingerprint is fluid. It changes every time a user makes an update to their device. Therefore, it is incredibly easy for fraudsters to fake new device fingerprints, and incredibly difficult for fraud fighters to spot the fraudster among such details.
Fraudsters also commonly exploit three aspects via mobile fraud.
1) Card data - Using stolen card data to make transactions, either using a mobile application or on a mobile browser.
2) Looking for weaknesses in e-wallets - Weaknesses can occur in the authentication processes, when using unsecured WiFi networks, and of course if a phone is lost or stolen. The most recognizable scenario for many shoppers will probably be theft using their PayPal account, since PayPal is a widely popular means of making payments in a variety of situations. Once a criminal has access to a PayPal account, they are able to leverage access into many places.
3) Account exploitation or more specifically, Account Takeovers (ATO) - Once a fraudster has gained access to an account, they can make transactions with whatever payment method has been set for the account. This is a problem with accounts on an individual retailer site, and also with accounts which can provide access to many purchases from different sites. Also note that once a password has been uncovered for one account, fraudsters will try it elsewhere since many consumers reuse passwords.
A Fraud Prevention Solution Unique to Mobile
So, what makes mobile fraud so much more complicated than spotting fraud on your brand’s desktop store? To start with, many retailers do not track transactions by channel, and assume that all the things they know to be true of e-commerce transactions also hold true for m-commerce. This means that less is known about the comparatively new mobile behavior than about desktop behavior. Similarly, this means that the adaptation of fraud management and protection of mobile devices still require increased efforts and a unique understanding of the build of mobile devices — a nuanced knowledge which not all fraud prevention providers possess.
Growing the utility of mobile apps is essential in creating long-term, loyal clientele. Customers want their stores to be as nimble as their smartphones — no friction, just seamless shopping. Mobile commerce is rising, and in order to keep pace, retailers must ensure that they can provide their shoppers the same fraud-free experience on mobile as they do on desktop.
Mobile devices require a mobile-specific solution. E-commerce merchants need a fraud solution not just suitable for desktop website shoppers but for all users shopping while on-the-go via their mobile devices. A fraud prevention solution that offers integration for mobile through an SDK, fit for Google Android and Apple iOS devices, is imperative in order to catch all fraudsters. This SDK should accommodate the specific profile of mobile commerce fraud and fraudsters, while also optimizing the purchase experience for genuine customers. Mobile shoppers want to enjoy frictionless shopping via their devices. Any increased resistance along their shopping journey could cause them to drop off or abandon their carts before checkout.
The Forter solution combines the best of human ingenuity and research with the speed and accuracy of the machine, while offering a complete solution to fraud prevention for both desktop and mobile devices. From mobile logins, to coupons, referrals, checkout and beyond, Forter will be there to fortify your mobile market.