M-Commerce is booming - is your mobile app as secure as you think?

Be the first to comment

M-Commerce is booming - is your mobile app as secure as you think?

Contributed

This content is contributed or sourced from third parties but has been subject to Finextra editorial review.

When performing tasks, payments, transactions and generally browsing the internet on a desktop, we are often reminded to keep our guard up against possible threats. Viruses, malware and a whole host of cyberattacks can lead to system breaches and financial losses. It can be daunting keeping track of and preventing all online risks, but do individuals, businesses and financial institutions treat the same aforementioned interactions on mobile devices with the same level of heightened security? Arguably, no. But the threat of serious fraud and security risks in mobile apps is becoming a growing problem.

Mobile app payments and transactions rose sharply during the COVID-19 Pandemic

Mobile devices are regarded as a safer environment compared to desktops, which is generally true, however, no system is ever 100% secure. While the transmission of data via mobile apps is still safer than on desktops, the threat risks must be taken seriously to prevent a false sense of security. The world is going mobile, and so have payments and transactions. For instance, eCommerce's global share of retail sales rose from 14% in 2018 to 19% in 2020, and by 2025, 50% of all e-Commerce sales are set to be performed in mobile apps. And what helped fuel this boom? Pandemic lockdowns.

To survive shop closures during lockdowns, many brick-and-mortar businesses made the move online for the first time - as did many customers - not always fully aware of the online dangers and how to best protect themselves and their data. And like most e-Commerce merchants, they wished to capitalize on the mobile market, providing not only mobile apps but an increasing choice of payment options (Buy Now, Pay Later, for example) to ensure continued revenue growth during difficult times. This means millions more daily global transactions and payments.

But it’s not only M-Commerce which has grown. Similar uptake of mobile apps is apparent in digital banking, which is also set to see a meteoric rise up to 2026. The pandemic hastened an already rising trend, with our lives increasingly moving online, gradually changing and normalizing how we interact, play, digest media, work, shop and bank online. And fraudsters have taken note. The sheer global scale of new online users has given fraudsters the perfect smokescreen; the ability to hide in a vast sea of transactions. And performing fraudulent activities has become easier with the professionalisation of fraud tools, easily purchasable on dark web marketplaces, allowing even rookie fraudsters the chance to make lucrative illegal gains. You’d be surprised how easily some fraud attempts can succeed,

Fraudsters pose a real threat to mobile app users

Global fraud rates are on the rise, and although efforts are continuously being made to make the online environment as secure as it can be, fraudsters can often bypass these measures. How? By gaining your trust or using a sense of urgency to make you act. Fraudsters can dupe online users by using simple social engineering techniques to make people do things which are not necessarily in their best interest. You’ve heard of email phishing scams, persuading you to click on a link to download software or fill out your details in a convincing copy of an e-Commerce or digital banking login page? This common scam continues to benefit fraudsters who are counting on the fact that the vast increase of new online users, especially on mobile devices, are not able to spot the telltale signs that they are being scammed.

But with smartphones, a scam communication can also be received in an SMS (SMiShing) and even through direct calls from fraudsters (vishing) claiming to be a bank worker. They will explain that there is a problem with the customer’s account, requiring immediate action to resolve the problem. They provide a link to a scam page aimed at collecting login details and personal information. Alternatively, an email link may download malware that will likewise steal personal information from a mobile device. A fraudster now armed with a wealth of data can proceed with an account takeover (ATO), potentially buying high value goods, or performing large sum transactions. They will only be stopped if they are caught by effective anti-fraud systems or the original account holder spots the suspicious account activity.

Through social engineering, a fraudster may gain access not only to your accounts, but to your mobile device. Malware is not always required to gain access to personal information. A fraudster may convince a user to install remote access tools such as the popular Teamviewer app, allowing a fraudster to essentially gain full access to a mobile device, record screen activity and transfer personal files - which can even lead to identity theft. A more determined fraudster can take over a mobile device by compelling users to download root or jailbreak software, unaware that the intention is to remove Apple and Google software restrictions, which are designed to prevent the installation of 3rd party apps (specifically designed to stop fraudsters). The threats are numerous and growing.

An advanced fraud solution for a mobile app problem

Fraudsters no longer need to spend time orchestrating the perfect hack, as the popular media image may depict. Bypassing security systems is the quickest option, and this has proven most successful against ineffective rules-based anti-fraud systems. This is why advanced fraud detection and prevention is proving itself most effective when powered by artificial intelligence (AI) and machine learning (ML) models, which continually evolve to the threats, analysing thousands of pieces of data automatically, passively and in real-time. In practical terms, AI/ML models power advanced fraud solutions to effectively analyse digital fingerprints and behavioral biometrics to paint an accurate picture of every single user. This approach is very effective at determining a legitimate user from a fraudster, all from their device and network setup, to attempts to mask their true identities and IP and geo locations to how they behave through every interaction with a device, app and service. This means that social engineering fraud can be detected and prevented at the very beginning of such an attempt.

Naturally, e-Commerce merchants and financial institutions have an obligation to use the most advanced anti-fraud systems possible - neglecting this can lead to huge financial losses and damage to reputation. But individuals too can contribute to their own online safety, by being able to spot the signs of fraud, but also employing good digital hygiene practices (strong passwords, using password managers, updating Android/iOS operating systems and apps to patch security issues). In a world that’s going mobile, so too is fraud, but thankfully, the solutions to beat the fraudsters are already available. FinTech is the key, as is a little bit of know-how.

Channels

Comments: (0)

/payments Long Reads

Hamish Monk

Hamish Monk Reporter at Finextra

What is Open Banking?

/payments

Dominique Dierks

Dominique Dierks Content Manager at Finextra

Ushering in a new era of real-time payments

/payments

Sehrish Alikhan

Sehrish Alikhan Reporter at Finextra

What are A2A payments?

/payments

Níamh Curran

Níamh Curran Senior Reporter at Finextra

What is the Regulated Liability Network?

/payments

David Skeie

David Skeie Professor of Finance at University of Warwick

Why commercial banks should be concerned about a digital pound

/payments

Sponsored

This content has been created by the Finextra editorial team with inputs from subject matter experts at the funding sponsor.