March 15, 2019
4 Mobile Fraud Trends to Look Out for in 2019
Posted January 3, 2019
The mobile channel made larger than expected gains during the holiday shopping season— however, the associated security concerns could spell trouble for businesses in retail, payments, and financial services in the year ahead.
Mobile fraud detection is suddenly more important than ever before—and it’s easy to see why.
According to data from more than 165,000 sites within the ThreatMetrix Digital Identity Network, mobile accounted for 59% of all online retail payments worldwide over the Black Friday holiday shopping week. According to other reports, this translated to well over $2 billion in sales on Black Friday alone. That’s up dramatically from its previous record of $1.4 billion.
Mobile’s rapid evolution in the financial services industry is even more pronounced. Today, this channel accounts for 68% of all transactions, compared to 18% during Q1 2015, according to ThreatMetrix data. It’s even increased in my household as my wife bought my gifts on her tablet.
This kind of tectonic shift in just four years is astonishing. But it may also prove troublesome in 2019 as increasingly-sophisticated cybercriminal organizations follow the masses into this decidedly ascendant medium. The following 4 trends are expected to be especially problematic in the year ahead.
#1: Payment Fraud Proliferates
According to Forrester Research, US retail sales made via smart phone will grow at a compound annual growth rate of 18% in 2019, and will impact more than $1 trillion in revenues at some point in the customer journey. At the same time, 55% of retailers are concerned about the rise of payment card fraud, according to the National Retail Federation. Thanks to a never-ending stream of data breaches, credit card numbers and associated identity information go for as little as $10 on the dark web. As a result, static or knowledge-based authentication will continue to be a significant issue for retailers that rely on it to verify identity in the year ahead.
#2: ATO Spells Trouble
Credit card numbers aren’t the only personal data that’s available for harvesting online. User names, passwords, challenge questions, social security numbers, and much (much) more are out there, enabling cyberthieves to take over customer accounts with troubling ease. Even data customers voluntarily post on social media poses a risk. While the results of ATO are never good, mobile will represent unique challenges in 2019. The addition of a new device to a customer bank account, for instance, can enable fraudsters to make cardless ATM withdrawals (which could have daily withdrawal limits as high as $3,000).
#3: Malware Attacks Multiply
According to Paymentssource.com, financial malware currently accounts for about 16% of fraud, which is down from 25% in recent quarters. But it’s rising quickly in the mobile channel, thanks to open wi-fi networks, smishing (sms-based phishing), and every other “-ishing” you can think of. As a result, look for more Man-in-the-Middle attacks to intercept one-time passcodes sent as part of multi-factor authentication used by retailers and financial institutions. And while banking Trojans have long targeted financial services customers, they’re increasingly hunting for online shopping accounts too, resulting in customers conducting transactions on infected devices, according to reports in Forbes.
#4: Rogue Apps Ramp Up
Phishing isn’t just for websites, search results, and personal communications anymore. In November, it was reported that 5% of the mobile apps created specifically for Cyber Monday were found to be malicious, and that half a million rogue apps had recently been downloaded from a popular app store. Whether the fraudulent app impersonates a retail brand or bank, or is just the delivery mechanism for malware, it packs a double whammy in both knowledge-based authentication- and device-based risks.
The Solution: Identity Meets Device
Detecting and disrupting these and other growing mobile threats is no small feat. But it’s also not impossible.
As consumers move seamlessly between devices for an increasing array of daily functions, organizations must ensure they take a holistic approach to authentication and fraud prevention that spans across mobile, online and call center channels.
In today’s mobile-first world which is some cases may be a mobile only world, we must go far beyond traditional authentication methods to identify the linkages between customers and their associated credentials, devices, accounts, locations and behaviors – across all channels. Being able to instantly determine the legitimacy of the person on the other end of a transaction, enables you to provide a low friction approach to security that is fit for the modern consumer.
2019: Mobile to the Max?
Make no mistake: 2019 will see further acceleration in the worldwide mobile revolution. The shift toward 5G will create whole new service delivery models. And new and higher-volume threats will surely cause headaches all around.
As it stands now, Juniper Research estimates US businesses will face more than $22 billion in online and mobile fraud next year, and as much as $48 billion by 2023. For businesses hoping to avoid that kind of pain, a lot could be riding on the fraud prevention solutions they put in place now and in the year ahead.
To learn more about how a digital identity-based approach to mobile fraud detection and disruption can protect your business and its customers, download the mobile solution brief from ThreatMetrix