IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Mobile payments are booming and fraudsters have noticed
Wed, 9th Mar 2022
FYI, this story is more than a year old

While payment security is generally regarded as safer on mobiles than on desktops, fraudsters are now using an array of techniques to successfully target mobile customers – but they can be stopped. The key is to use advanced fraud solutions that dive deep into the realm of behavioural biometrics and device data, analysing every user interaction to determine intentions, whether good or bad.

The COVID-19 pandemic fuelled eCommerce and mobile payments 

The ease and convenience of eCommerce shopping experiences has been a firm feature of global retail for well over a decade now. Browsing online shops, creating accounts and committing to payments has given consumers the power to buy goods and services around the world with just a few clicks and taps. Things got easier with the introduction of smartphones and tablets, offering the same, but now in the cradle of your hands and from any location so long as there is a mobile signal. And with this advance, the array of mobile payment options grew. From mobile wallets to in-app payments. But with this rise in popularity, there has always been the necessity to ensure secure customer transactions. Fraudsters are always seeking effortless ways to take advantage of customers and merchants. And things got easier when the COVID-19 pandemic struck.

In a short time, the effects of lockdown restrictions significantly impacted brick-and-mortar retailers, who kicked into survival mode by expanding, or in some cases, moving into eCommerce for the first time. The same applied to consumers; those that felt uncomfortable with the online shopping environment were suddenly forced to drastically change their shopping habits to continue buying goods and services.

For fraudsters, the sheer scale of potential targets became food for thought, providing the perfect smokescreen – a vast ocean of transactions to hide behind to avoid detection. eCommerce's global share of retail sales rose from 14% in 2018 to 19% in 2020, and this is expected to grow further. While mobile payments have been part of this trend, by 2025 they are now expected to amount to 80% of all eCommerce transactions. Europe is still catching up, but the dominance of mobile payments across Asia has been at a considerable 80+% even before the effects of the pandemic. The success of mobile payments is a relishing prospect for cybercriminals.

The tricks used by fraudsters on mobile devices

Regardless of how secure mobile payments can be (and they generally are), just like any system, they are not 100% secure from the threat of fraudsters. And this is where the need to understand online security proves its weight in gold, as many fraudsters don't spend copious amounts of time trying to crack or hack payment systems. It's far easier to rely on much simpler social engineering techniques - the act of influencing people to do something that may or may not be in their best interest. What does this mean in practical terms? What should consumers and those involved in risk management be aware of?

You may be surprised that the attack possibilities are numerous and continually growing. The most common type of attack is for fraudsters to use Remote access tools, where apps such as the popular TeamViewer can be used to access a user's device from a linked device, allowing fraudsters to access sensitive data that can aid an account takeover (ATO) or even identity theft. But how can this be installed on a device?

Phishing and SMiShing scams are emails and SMS messages that appear to be legitimate communications from eCommerce merchants or financial institutions encouraging customers to click on a link or download an app or piece of software. In short: malware. Some successful fraud attempts have included installing root/jailbreak hiding software, where in-built Apple and Google software restrictions have been bypassed.

Fraudsters can then install 3rd party software to carry out their illicit activities. The sheer number of new and inexperienced online customers means that the chances of a fraudster striking lucky increases immensely.

Better safe than sorry – how to effectively prevent mobile payment fraud

It can seem that despite the best tech in place to protect payments, a few tricks can unravel the safety net. Of course, education is key to understanding the risks of the online environment, however, advanced fintech can provide the perfect fraud solution.

Numerous companies, like Nethone, have proven the effectiveness of advanced fraud detection and prevention backed up by artificial intelligence (AI) and machine learning (ML) for years. They perform tasks automatically, passively, unseen by customers, using behavioural biometrics to determine how a user interacts with an eCommerce shopping environment, right through to the payment process. Digital fingerprinting comes into the fold, as advanced profilers analyse 5,000+ pieces of data to determine whether users are trying to mask their identity and device setup. Using a VPN, for example, is not suspect, however, if a user is making efforts to hide their true IP address, GPS location, time zone and browser/device they are using, these can be deemed suspicious enough to be classed as fraud attempts. This is where signals kick in – triggers that identify suspicious behaviours/setups that indicate a high probability of fraud. Nethone currently has 60+ signals to ensure smooth customer experiences (UX), and the list is continually growing to combat the threats from fraudsters.