With the rise of mobile devices used for every aspect of our lives, the possibility of mobile fraud has also increased. Especially in the ecommerce field, many new options are now available for fraudsters to target mobile users, and PSPs need to constantly be on the lookout to protect users and themselves against attacks. Here is how some of the new fraud attacks could look like and what we can do to prevent them.

What is mobile fraud?

The ecommerce space is rife with fraudsters looking to skim customer data and use it for online purchases. In this area, we have seen many different forms of fraud, including identity theft, chargeback fraud, and friendly fraud.











Being able to shop from your smartphone or other devices is a relatively new development and, so, mobile fraud comes from fraudsters trying to take advantage of gaps in mobile security. Between 2011 and 2020, payment fraud tripled globally.

Particularly during the COVID-19 pandemic, mobile and purchases surged for hygienic reasons, and have not abated. Mobile payments are projected to reach USD 2.1 trillion in 2023 and, with that, comes a wider window for mobile payment fraud. Let’s take a look at a few examples of how this was presented:

Account takeover

Account takeover or ATO is the most well-known type of fraud in the online space and remains the most prevalent. The particular danger lies in cases where financial or government account credentials are stolen. This can be done in several ways, e.g., phishing, credential stuffing, man-in-the-middle attacks, etc.

Merchant identity fraud

There are several ways fraudsters try to impersonate merchants. In the mobile context, it can take the form of rogue mobile apps that mimic genuine ones or false online shops.

Short links

Short links are used more and more in mobile contexts where there may not be space to display a long URL. Especially with the advent of QR code payments, it has become harder for consumers to verify whether they are following a valid link or a false one that makes it easier for their data to be pirated. The end result of these techniques is always the same - fraudsters gain access to the funds and personal data of end users.





How can we prevent it?

There are several measures that online businesses and merchants can take to protect themselves and their customers from targeted mobile fraud.

Firstly, having a robust payment security system is a good starting point. Asides from complying with mandatory PCI and PSD2 requirements, including components that ensure two-factor authentication is paramount. These can include 3-D Secure or newer options like Delegated Authentication. Related to this is network tokenization, which is a type of technology that replaces PANs with a representative token, reducing the use of PANs during the payment process.

Click to Pay is another option with which PANs can be cloaked altogether. On the authentication side, merchants can also offer biometric options to clients, as an alternative to passwords. Using options such as facial recognition, hand geometry, and voice recognition may be easier and faster for mobile users and harder for fraudsters to fake.

Using a dedicated fraud engine such as risk-based authentication (RBA) is another tool in a merchant’s arsenal. This AI engine automatically assesses each log-in or transaction based on the prior behaviour of the customer, i.e., customer behavioural analytics. Other fraud prevention engines include link analysis and graph databases, providing information on flagged cards and devices, and adding an extra layer of security.

Finally, merchants can also encourage customers to follow simple anti-fraud measures, such as checking that they are shopping using a legitimate URL with an SSL certificate, using a security scanner on their device, and not downloading apps that are not from an official Apple or Android app store.





Lessons learned

The increased rates of fraud and cybercrime in the last few years have only shown that we cannot rest on our laurels when it comes to fraud protection and prevention. Fraud methods have changed and are ever-evolving, which means we need to take a multifaced and collaborative approach to prevent it. It is also very important to analyse the customer journey to identify possible gaps in fraud prevention measures. For this reason, it is best to not stick to only one form of fraud prevention, but a combination of different tools.

With the holidays coming up and big retail events such as Black Friday, there will be a surge of potential sales and transactions in the months to come. To ensure that you maximise your business and avoid cyberattacks, you should optimise your mobile offering and make sure your defences are sharpened against mobile fraud.

