When performing tasks, payments, transactions and generally browsing the internet on a desktop, we are often reminded to keep our guard up against possible threats. Viruses, malware and a whole host of cyberattacks can lead to system breaches and financial
losses. It can be daunting keeping track of and preventing all online risks, but do individuals, businesses and financial institutions treat the same aforementioned interactions on mobile devices with the same level of heightened security? Arguably, no. But
the threat of serious fraud and security risks in mobile apps is becoming a growing problem.
Mobile app payments and transactions rose sharply during the COVID-19 Pandemic
Mobile devices are regarded as a safer environment compared to desktops, which is generally true, however, no system is ever 100% secure. While the transmission of data via mobile apps is still safer than on desktops, the threat risks must be taken seriously
to prevent a false sense of security. The world is going mobile, and so have payments and transactions. For instance, eCommerce's global share of retail sales rose from 14% in 2018 to 19% in 2020, and by 2025, 50% of all e-Commerce sales are set to be performed
in mobile apps. And what helped fuel this boom? Pandemic lockdowns.
To survive shop closures during lockdowns, many brick-and-mortar businesses made the move online for the first time - as did many customers - not always fully aware of the online dangers and how to best protect themselves and their data. And like most e-Commerce
merchants, they wished to capitalize on the mobile market, providing not only mobile apps but an increasing choice of payment options (Buy Now, Pay Later, for example) to ensure continued revenue growth during difficult times. This means millions more daily
global transactions and payments.
But it’s not only M-Commerce which has grown. Similar uptake of mobile apps is apparent in digital banking, which is also set to see a meteoric rise up to 2026. The pandemic hastened an already rising trend, with our lives increasingly moving online, gradually
changing and normalizing how we interact, play, digest media, work, shop and bank online. And fraudsters have taken note. The sheer global scale of new online users has given fraudsters the perfect smokescreen; the ability to hide in a vast sea of transactions.
And performing fraudulent activities has become easier with the professionalisation of fraud tools, easily purchasable on dark web marketplaces, allowing even rookie fraudsters the chance to make lucrative illegal gains. You’d be surprised how easily some
fraud attempts can succeed,
Fraudsters pose a real threat to mobile app users
Global fraud rates are on the rise, and although efforts are continuously being made to make the online environment as secure as it can be, fraudsters can often bypass these measures. How? By gaining your trust or using a sense of urgency to make you act.
Fraudsters can dupe online users by using simple
social engineering techniques to make people do things which are not necessarily in their best interest. You’ve heard of email phishing scams, persuading you to click on a link to download software or fill out your details in a convincing copy of
an e-Commerce or digital banking login page? This common scam continues to benefit fraudsters who are counting on the fact that the vast increase of new online users, especially on mobile devices, are not able to spot the telltale signs that they are being
scammed.
But with smartphones, a scam communication can also be received in an SMS (SMiShing) and even through direct calls from fraudsters (vishing) claiming to be a bank worker. They will explain that there is a problem with the customer’s account, requiring immediate
action to resolve the problem. They provide a link to a scam page aimed at collecting login details and personal information. Alternatively, an email link may download malware that will likewise steal personal information from a mobile device. A fraudster
now armed with a wealth of data can proceed with an account takeover (ATO), potentially buying high value goods, or performing large sum transactions. They will only be stopped if they are caught by effective anti-fraud systems or the original account holder
spots the suspicious account activity.
Through social engineering, a fraudster may gain access not only to your accounts, but to your mobile device. Malware is not always required to gain access to personal information. A fraudster may convince a user to install remote access tools such as the
popular Teamviewer app, allowing a fraudster to essentially gain full access to a mobile device, record screen activity and transfer personal files - which can even lead to identity theft. A more determined fraudster can take over a mobile device by compelling
users to download root or jailbreak software, unaware that the intention is to remove Apple and Google software restrictions, which are designed to prevent the installation of 3rd party apps (specifically designed to stop fraudsters). The threats are numerous
and growing.
An advanced fraud solution for a mobile app problem
Fraudsters no longer need to spend time orchestrating the perfect hack, as the popular media image may depict. Bypassing security systems is the quickest option, and this has proven most successful against ineffective rules-based anti-fraud systems. This
is why advanced fraud detection and prevention is proving itself most effective when powered by artificial intelligence (AI) and machine learning (ML) models, which continually evolve to the threats, analysing thousands of pieces of data automatically, passively
and in real-time. In practical terms, AI/ML models power advanced fraud solutions to effectively analyse digital fingerprints and behavioral biometrics to paint an accurate picture of every single user. This approach is very effective at determining a legitimate
user from a fraudster, all from their device and network setup, to attempts to mask their true identities and IP and geo locations to how they behave through every interaction with a device, app and service. This means that social engineering fraud can be
detected and prevented at the very beginning of such an attempt.
Naturally, e-Commerce merchants and financial institutions have an obligation to use the most advanced anti-fraud systems possible - neglecting this can lead to huge financial losses and damage to reputation. But individuals too can contribute to their own
online safety, by being able to spot the signs of fraud, but also employing good digital hygiene practices (strong passwords, using password managers, updating Android/iOS operating systems and apps to patch security issues). In a world that’s going mobile,
so too is fraud, but thankfully, the solutions to beat the fraudsters are already available. FinTech is the key, as is a little bit of know-how.