3 min read
Mobiles have become an extension of our arms. We use them for anything, and everything — from checking our heart rate to making sure a photo frame hangs straight. Over six billion people worldwide use smartphones, including 85% of Americans. In the U.S., mobile e-commerce spending topped $47 billion.
In 2022, the online shopping industry — specifically mobile and social commerce — will continue to grow exponentially, and with it, fraud will follow. As more apps come to market with commerce capabilities, more functionalities will be introduced to make purchasing easier. And for fraudsters, this means more opportunities for abuse. The more services an app provides, the wider the attack surface and the harder it is to secure. Those looking to commit fraud are increasingly good at finding where the vulnerabilities lie and how to take advantage of them. And businesses continue to be behind the 8-ball when it comes to securing their assets fast enough.
We see four fraud trends that businesses need to be on the lookout for this year:
Mobile App Fraud
Lots of it. Period. It’s easy to defraud an app especially given the low barriers to entry. In 2020, a massive fraud operation used a network of devices to drain millions from online bank accounts at record speed. A single emulator spoofed over 8,000 devices. These malicious tools are so readily available we expect to see many more instances this year. To combat it, mobile apps need to dial up their anti-fraud efforts. If they don’t, they run the risk of being defrauded across every service they offer.
Cross-border e-commerce transactions spiked to obscene levels in 2021, with consumers under lockdown. But where there is smoke, there is usually fire. Spikes in sales led to spikes in fraud. In 2021, more than 60% of U.S. and U.K. businesses reported issues with cross-border fraud, and global card not present fraud tripled to over $32 billion in the last few years. As travel start to recover, fraudsters will take advantage of travel-starved individuals. Fake accounts, websites, and apps to trick people into purchasing travel packages that don’t exist will start to pop up. In addition, two years of travel restrictions have left some travel accounts dormant, and it’s been easier for fraudsters to break into them and drain loyalty points or stored value. Businesses need to pay close attention to new patterns of activity and secure their platforms.
Account Take Overs (ATO)
Battling ATOs is a never-ending game of whack-a-mole. Years of massive data breaches have made it easy for fraudsters to acquire user credentials. Data leaks continue to be on the rise. Breaches in 2021 surpassed those in 2020 by almost 20%. As a result, ATO attempts will start to surge even higher in the coming months. It’s not just the number of accounts being breached; it’s how. Advances in deepfake technology have led to more effective social engineering scams. Cybercriminals are also using A.I. and machine learning to engineer attacks. They are often bad bots as they mimic actual user login behavior and attempt thousands of user login attempts in seconds.
KYU vs KYC
One (KYC) is about validating a customer’s identity in the fight against fraud. It’s an important check to stop identity theft or other financial crimes. The other (KYU) is about establishing broader protocols about a user’s behavior. It requires a more comprehensive approach to digital identity users, such as their device, behavioral biometrics, account activity, and more. This allows businesses to understand user intentions and motivations across the user lifecycle and keep up with cybercriminals. Businesses that are forward-focused will start to focus on KYU as a way to learn more about their user, specifically when it comes to spotting fraud.
Fraud isn’t going to slow down this year. The opportunities for criminals are endless, and their techniques are getting more sophisticated. Businesses can no longer cut corners, and they must prioritize monitoring risk where customers are spending the most time — on mobile phones. To combat and avoid attacks, businesses need to be aware of the latest tricks of the trade and speed up their defenses. Specifically, they need to prepare apps and implement countermeasures sooner rather than later, such as starting to profile risk and secure every user checkpoint. In 2022, the digital landscape will sprout new opportunities for everyone — the good and the bad. Those who get ahead of it will be on the winning side of the year.
Our Take:As companies continue to adopt more seamless and effective ways to run their businesses, it is important to be kept abreast of the fraud trends become proactive in developing cyber security systems to shield them from compromise from hackers.
Smartphone users who access services on the internet must learn the risks associated with the online space; this would be instrumental in equipping them with the skills to avoid becoming victims of fraud. Companies must also establish an anti-fraud unit and put in place other systems for their online service users to report suspicious criminal interference with transactions on their mobile apps.
About the Author(s): Justin Lie is the Founder and CEO of SHIELD. With over 20 years’ experience in the industry, he is one of the earliest pioneers of fraud prevention technology. While running a cross-border e-commerce business as a teenager, Lie created his own system to combat online fraudsters that were attacking his websites.
Source: Security Magazine