In Southeast Asia, mobile phones and financial services go hand in hand. Mobile wallets reign supreme, stock trading apps are widely used, and BNPL apps are commonplace. Thanks to apps such as these, Southeast Asia has taken large strides towards greater financial inclusion. But every rose has its thorn. This rapid adoption of mobile has led to a surge in mobile-related fraud attacks.
We invited senior risk and product executives from Southeast Asia’s leading and fastest-growing fintech apps for a virtual roundtable to discuss evolving threats and to share their best approaches to preventing fraud on mobile apps. Guests included executives from PayMaya, Ooredoo, GCash, OY!, and more.
The state of mobile app fraud in Southeast Asia
During the roundtable, participants noted that digital financial services have exploded in popularity over the past two years. While they welcomed this progress, they acknowledged that it was a double-edged sword. On the one hand, the uptake of digital financial services means more opportunities for businesses. But on the other hand, it has opened a Pandora's box of fraud.
A report by AppsFlyer revealed that fraud losses in APAC cost businesses a whopping US$650 million in 2019. Southeast Asia bore the brunt of that, accounting for over 40%. Finance apps in the region currently experience the highest rates of fraud, largely because of how lucrative they are to fraudsters.
The challenges of digital identity verification
All participants agreed that having a reliable identity verification process is central to the success of fintech apps. However, they also acknowledged building a reliable identity verification system is no easy feat.
Participants from the e-wallet industry noted that one of the main roadblocks they faced was the immaturity of digital infrastructure in their respective countries. Many countries still use handwritten social security and identification documents, making them easy to forge. It can be extremely difficult to validate the authenticity of these documents, and by extension, whether the users using them are legitimate.
Adding on to the discussion, others mentioned that fraudsters were increasingly able to exploit loopholes in digital identity verification systems. One example cited was the growing popularity of single sign-on (SSO) authentication methods. Given that SSO is used as a master key to access many different platforms, a compromised account could give fraudsters an all-access pass to multiple others.
Securing the entire user journey
Everyone present also concurred that securing their user journey from end to end was crucial to protect their mobile apps from fraud and abuse. One executive commented:
“Fraudsters know we have fraud prevention solutions in place. Through trial and error, they can find out which parts of the user journey aren’t as secure. Once they find this sweet spot, they’ll continue to attack until detection. This is why it’s so important to protect our ecosystem from end to end.”
An executive from the e-wallet industry shared an anecdote about how fraudsters were able to bypass their authentication measures at the login checkpoint and carry out fraudulent transactions at a later stage in the user journey.
A recommendation was made for risk teams to create risk profiles based on legitimate user behaviour. Doing so would help them detect suspicious activity at all points within the user journey.
The makeup of a successful fraud prevention strategy
Participants agreed that the consistent monitoring of threat trends was key to staying ahead of fraudsters. Doing so would reveal the latest fraud tools and techniques, and allow businesses to take advantage of this insight to stop fraudulent activity.
Keeping users in mind, other participants also acknowledged the need to maintain a frictionless experience when implementing fraud prevention solutions:
“We have to make things difficult for fraudsters, but at the same time keep the balance and ensure that it doesn’t affect our genuine customers.”
To round off the session, all participants agreed that there isn’t a one-stop solution for preventing fraud. Instead, companies need to continuously prioritise and transform their fraud prevention strategies to ensure that their digital ecosystems are tight and secure.
As a fraud prevention partner for many of the world’s leading mobile apps, SHIELD is committed to helping companies turn the challenges that come with the growing fraud risk into opportunities for growth.