Published: February 22, 2019
Reading time: 6 minute read
Written by: Forter Team

The number of mobile users continues to increase rapidly year after year, with projections of over 6.5 billion users in 2022 and beyond. For 90% of these individuals, online shopping is one of the top ways they use their mobile devices.

What may be lesser known to these consumers is the rate at which mobile fraud has increased in recent years.

Mobile fraud is rampant, and clever fraudsters know that the mobile framework makes spotting fraud more complicated than catching fraud on desktop applications. Online retailers need to understand that their mobile fraud prevention requires a special touch, and they should be looking for a fraud prevention solution that can stop it on both mobile and desktop.

What Is Mobile Fraud Detection & Protection?

Put simply, typical mobile fraud protection operates based on a set of pre-determined rules which seek to actively block fraud in real-time.

The problem is that more advanced and sophisticated types of fraud require additional features and in-depth analysis to prevent.

Advanced mobile fraud detection is different. Machine learning and AI help identify and prevent these more sophisticated fraud attacks before they can cause significant damage.

Types of Mobile Fraud That Make Advanced Fraud Detection Necessary

Some common fraud techniques which call for advanced fraud detection include:

  • Repackaging – This is where malicious code is inserted into an app before publishing this app on an unofficial marketplace. On the outside, the app seems legitimate. However, the malicious code within the fraudulent app will download various personal information from the user.
  • Click re-direction – Also known as automatic redirection, this is a type of fraud where a user will be redirected to an ad landing page despite never having clicked on the ad itself. This is done through a triggered script on the page.
  • Install fraud – Install fraud involves fraudsters faking app installs through various methods, such as bots or install hijacking, in order to generate more revenue from advertisers.

What Constitutes Mobile Fraud?

Mobile fraud can include attempted or successful fraudulent transactions carried out in a mobile environment, either through a mobile application or through the browser of a mobile device. Mobile fraud sometimes takes advantage of weaknesses inherent to applications that are tied to e-wallets. Gaining access to the phone or the e-wallet, therefore, opens up easy avenues for fraudsters to exploit.

Examples of mobile fraud include fraudulent m-commerce transactions, fraudulent buyer/seller collusion within a mobile marketplace, and payment accounts taken over and funds misappropriated via mobile.

Mobile fraud can also be perpetrated by fraudsters who are not actually using a mobile device. This is done through ‘emulators’ which allow the criminal to appear to come from a mobile device, and make purchases via mobile apps or mobile websites, while in fact a laptop or desktop computer is being used. This gives the fraudster enormous flexibility when it comes to pretending to come from a different location and appearing to be using a different device for every transaction.


How Fraudsters Leverage Mobile Devices

For fraudsters, mobile devices are easier and cheaper to replace, allowing them to appear from multiple devices and simply switch out or change devices in order to perpetrate new attacks.

Fraudsters also know that regular methods of geolocation are less effective when it comes to mobile devices since IP address identification is not always reliable. IP addresses can be more complicated to pinpoint on mobile because users can easily move between legitimate networks. As such, if applying the same fraud prevention method via desktop and mobile devices, false positives will be much higher on mobile.

Additionally, device fingerprinting — a mechanism that works by uniquely identifying computers, tablets, and mobile phones based on that device’s own unique specific configurations (browser versions, plugins installed, fonts installed, time zone settings, etc.) — aims to connect online identities to real-world ones.

This may seem like a straightforward manner of catching a fraudster. Say an online criminal were to commit fraud using a particular mobile device, and then was caught and had the device fingerprinted. Reason indicates that this fraudster would be foiled, or at the very least, they would be precluded from utilizing this device again. However, the fingerprint is fluid. It changes every time a user makes an update to their device. Therefore, it is incredibly easy for fraudsters to fake new device fingerprints, and incredibly difficult for fraud fighters to spot the fraudster among such details.

Fraudsters also commonly exploit three aspects via mobile fraud.

1) Card data – Using stolen card data to make transactions, either using a mobile application or on a mobile browser.

2) Looking for weaknesses in e-wallets – Weaknesses can occur in the authentication processes, when using unsecured WiFi networks, and of course, if a phone is lost or stolen. The most recognizable scenario for many shoppers will probably be theft using their PayPal account since PayPal is a widely popular means of making payments in a variety of situations. Once a criminal has access to a PayPal account, they are able to leverage access into many places.

3) Account exploitation or more specifically, Account Takeovers (ATO) – Once a fraudster has gained access to an account, they can make transactions with whatever payment method has been set for the account. This is a problem with accounts on an individual retailer site, and also with accounts which can provide access to many purchases from different sites. Also note that once a password has been uncovered for one account, fraudsters will try it elsewhere since many consumers reuse passwords.


A Fraud Prevention Solution Unique to Mobile

So, what makes mobile fraud detection so much more complicated than spotting fraud on your brand’s desktop store?

To start with, many retailers do not track transactions by channel and assume that all the things they know to be true of e-commerce transactions also hold true for m-commerce. This means that less is known about the comparatively new mobile behavior than about desktop behavior.

Similarly, this means that the adaptation of fraud management and protection of mobile devices still requires increased efforts and a unique understanding of the build of mobile devices — a nuanced knowledge which not all fraud prevention providers possess.

Growing the utility of mobile apps is essential in creating long-term, loyal clientele. Customers want their stores to be as nimble as their smartphones — no friction, just seamless shopping. Mobile commerce is rising, and in order to keep pace, retailers must ensure that they can provide their shoppers the same fraud-free experience on mobile as they do on desktop.

Mobile devices require a mobile-specific fraud protection solution. E-commerce merchants need a fraud solution not just suitable for desktop website shoppers but for all users shopping while on the go via their mobile devices.

A fraud prevention solution that offers integration for mobile through an SDK, fit for Google Android and Apple iOS devices, is imperative in order to catch all fraudsters. This SDK should accommodate the specific profile of mobile commerce fraud and fraudsters, while also optimizing the purchase experience for genuine customers. Mobile shoppers want to enjoy frictionless shopping via their devices. Any increased resistance along their shopping journey could cause them to drop off or abandon their carts before checkout.

Forter’s Trust Platform combines the best of human ingenuity and research with the speed and accuracy of the machine while offering a complete solution to fraud prevention for both desktop and mobile devices. From mobile logins to coupons, referrals, checkout, and beyond, Forter will be there to fortify your mobile market.

6 minute read