Mobile App Fraud: Online Fraud’s Bigger, Badder Brother

There seems to be a mobile application for just about anything these days. From dating and deliveries to dog-walking and drama-streaming, apps now play a huge part in our daily lives - and this is not likely to change anytime soon. Yet what many people and businesses do not realize is that this shift to mobile-based interactions has opened a pandora’s box of fraudulent tools and techniques. Meet mobile app fraud - online fraud’s bigger, badder brother.

To most businesses, the phrase ‘online fraud’ evokes images of hijacked accounts and stolen payment details that are used to carry out unauthorized transactions on e-commerce or banking sites. However, with consumers averaging 4.2 hours daily on mobile in 2020, mobile applications have become the new target for fraudsters and unfortunately, require a much different approach to fraud prevention. Here are four things all businesses with mobile apps should know:


1. Online fraudsters like to take the shortest path. Mobile fraudsters might not. 

Online fraud is typically associated with making a quick buck and cashing out just as fast. When an online fraudster gains access to someone’s account and payment details, they need to act fast before the credit card gets blocked. 

Mobile app fraudsters on the other hand sometimes utilize much more elaborate processes, such as creating hundreds of fake accounts to exploit referral credits, before offloading the reward points at a discount. Mobile app fraud is also often scattered across different points in the user journey, as compared to conventional online fraud that tends to revolve around payments and transactions. 


2. Online fraudsters steal more, less frequently. Mobile fraudsters steal less, more frequently. 

Conventional online fraudsters tend to target more expensive items in order to max out the stolen credit cards as quickly as possible. The cost of each attack to businesses could be in the hundreds to thousands of dollars. 

As for mobile applications, the amount defrauded each time is usually much less significant, often just a few dollars. However, these types of attacks are more common. When replicated at scale using automated tools, losses can amount to six or seven-figure sums. 


3. Incentives for users = incentives for fraudsters

Mobile apps tend to spend heavily on user acquisition - it costs US$86.61 on average to acquire a new user who makes an in-app purchase. With ride-hailing giant Uber offering up to US$25 worth of ride discounts for new users and food delivery app DoorDash offering a US$15 bonus credit for each referral, these promotion campaigns are clearly considered critical to winning market share and staying on top of the competition.

The problem is that fraudsters are equally incentivized by these campaigns. Without an effective system to prevent fraud and abuse, fraudsters can drain your marketing spend meant for acquiring real users.


4. Fraudsters find it easier to attack mobile apps

Fraudsters love to attack mobile apps - and with good reason too. 

For one, the tools used to commit mobile app fraud can be accessed by anyone and new ones are emerging each day. These malicious tools can change device profiles, spoof IP addresses, clone mobile apps, and more, enabling fraudsters to appear as if they are at a different location and using a different device each time. Furthermore, fraudsters often leverage emulators to launch high-velocity attacks on mobile apps from their laptop computers. With these tools, fraudsters can easily appear as legitimate users, and businesses struggle to identify them accurately. Additionally, mobile devices are relatively cheap to acquire - allowing anyone who has a mobile phone to be a fraudster.


It’s Time To Adopt A Better Approach To Fraud and Abuse Prevention  

If you thought that mobile app fraud can be addressed the same way as conventional online fraud, think again. In today’s increasingly connected world, companies need to adopt a mobile-first approach to fraud and abuse prevention. 


Stay tuned for future blog posts where we dive deeper into mobile app fraud.