Blog

Mobile is the New Battleground for Fraudsters

As originally seen in the ‘Fraud & Privacy Report’ published by Raconteur Media on 23rd July 2020 in The Times (UK).

‍‍

‍As fraudsters find ways to exploit superapps, digital wallets and e-commerce platforms, businesses must adopt a new approach to fraud detection that is powered by artificial intelligence and encompasses the entire user journey.

While the first wave of digital fraud was caused by the migration of physical credit cards to digital payments, a second wave is now seeing fraud move to mobile applications.

By offering multiple products and services on a single platform, superapps and digital wallets risk complicating fraud risk management. In addition to payments, companies now have to deal with diverse types of fraud, such as account takeovers, fake registrations, promotional code exploitation, loyalty fraud and other reward-based loopholes.

Cybercrime was traditionally the domain of professional hackers who break into enterprises and governments to steal funds or personal data, or to cause reputational harm. But the arrival of a more digital-native generation has democratised their techniques, enabling opportunists to exploit online platforms, such as mobile apps, given their immense popularity.

Blinded by perceptions that mobile environments are more secure and being unaware of the malicious tools available to fraudsters, many businesses are unprepared. Such tools can change device profiles, manipulate physical or internet addresses, clone apps and even tamper with them.

Consumers are readily granting access to their smartphone data to enjoy a more personalised user experience, but by doing so they often become collateral damage in the ongoing hunt by fraudsters for financial gain.

“We have seen companies suffer tens of millions of dollars in fraud losses in a matter of days,” says Justin Lie, founder and chief executive of SHIELD, a global cyber fraud protection company that leverages over a decade of domain intelligence and artificial intelligence (AI) to help enterprises prevent fraud in real time.

“This can be business-ending for smaller startups or fledgling companies. 7-Eleven in Japan lost half a million dollars and shut down its new app offering mobile payments within a month of launch.

There is a new war being waged. Mobile apps require a different class of fraud detection and prevention solutions and tactics

“The more unsecured and profitable mobile landscape has drawn fraudsters who traditionally target e-commerce platforms. There is a new war being waged and the battleground is your smartphone. As a new attack vector ground, mobile apps require a different class of fraud detection and prevention solutions and tactics.”

New weapons and attack vectors

Sophisticated fraud syndicates employ customised tools to mimic the behaviour of real users. Tampered apps, in particular, open many new possibilities for them. The more services an app offers, the more opportunities there are to exploit.

When fraudsters constantly change their attack patterns, traditional static defence mechanisms are ineffective. Solutions need to be precise, targeted and adaptable to minimise false positives while blocking fraud accurately. Otherwise, businesses risk significantly hindering their customers’ user experience and suffering revenue losses.

At the same time, growing competition to establish market dominance in the digital age has driven the rise of online promotions and reward offers designed to lure consumers with attractive discounts. Popularised by the likes of WeChat and Alipay, these discounts are common on superapps such as Grab and Careem, while ride-hailing companies like Uber give out free rides to attract customers.

Fraud on these kinds of platforms can be cheap to carry out and difficult to trace. The result is a difficult operating environment for businesses relying on online and mobile-based commerce, with smartphone devices at the centre of a new battleground for fraud.

What companies must do

Companies need to urgently assess, if their fraud mitigation measures cover the threats and vulnerabilities that they face.

The first question they need to ask themselves is, do their fraud attacks only happen at the point of payment? Fraud commonly happens across the entire user journey. Promotion codes attract not only new users but fraudsters too.

Secondly, do companies know the real extent of the fraud? Fraudsters often create multiple fake accounts, fund these accounts with illicit money and then proceed to divert these funds through a complex network before cashing them out: a classic case of money laundering, but on a new platform.

Thirdly, is the company’s anti-fraud solution end-to-end, future-proof and hyper-relevant? End-to-end solutions capture and block fraud at every checkpoint, ensuring complete visibility alongside a fraud mitigation approach that can be calibrated according to the needs and risk propensity at each checkpoint.

Solutions would also do well to keep up with the latest fraud trends and tools from a global perspective, ideally through a global threat intelligence network, which helps companies block emerging fraud.

Because every business is different, a good anti-fraud solution ensures relevancy of their clients digital ecosystem by accounting for the unique circumstances and requirements.

How SHIELD can help

Founded in 2008, SHIELD was the first organisation to introduce an instant fraud prevention solution, securing the entire user journey for enterprises. Its AI engine crunches millions of data points, performing real-time pattern recognition to identify fraud. SHIELD’s self-learning algorithms constantly adapt to deliver risk assessments for each user activity in less than 70 milliseconds, ensuring its clients’ customers can continue to transact without affecting user experience.

SHIELD profiles more than seven billion devices and 500 million user accounts globally. The plug-and-play nature of its solutions helps simplify fraud management and secure digital ecosystems from end to end through a single application programming interface, or API. Fraud attacks against their clients are uploaded in real time to its global intelligence network, enabling other clients around the world to block similar attacks.

“The future of cyber fraud is AI and it’s already here,” says Irene Brime, co-founder and managing director of SHIELD. “Fraudsters are using more advanced scripts and, increasingly, machine-learning to fine-tune and vary their attacks. As machine-learning and AI becomes more accessible, any opportunist has the potential to be a fraudster.

“SHIELD’s mission is to be the only autonomous risk intelligence solution that enterprises need to scale without risk. With end-to-end protection of the user journey, enterprises are kept safe from fraud while ensuring their products and services reach the largest number of real users, maximising their profit margins. We help clients achieve a better and safer customer experience, making the internet a safer place for everyone.”