hands-coffee-smartphone-technology.jpg

securedtouch blog

Most Common Types of Mobile Fraud

Most Common Types of Mobile Fraud

November 30, 2015

Offering the convenience of mobile payments is a great way to increase your businesses’ revenue. Unfortunately, there is a big risk you must be aware of—fraud. This is a problem worth paying attention to.

Mobile fraud has become a rampant problem, especially when compared to fraud through a computer. There is a 20% higher chance of mobile transaction fraud than online fraud. This translates into profit loss. Mobile fraud costs businesses 3x the cost of the product stolen. This can be especially detrimental for small businesses who are less equipped to rebound from these losses.

Why do scammers target mobile devices? These devices involve high complexity, so there are many places for them to hide. This means many types of fraud for consumers and businesses to keep track of and avoid. Below is data from LexisNexis showing some of the most pervasive:

2015-10-05_9-41-13

Assumptions about payments through mobile devices don’t help, either. Research through LexisNexis shows a significant amount merchants believe mobile devices are more secure than computers.  These opinions don’t match up to the real-life scope of mobile payment fraud.

lexisnexis

Scammers will look for any way to get free products or money by exploiting users. Here we discuss some common types of fraud committed through mobile devices:

  1. Subscription Fraud

This type of fraud is first on the list because it is the most common. The image below shows how large the percentage of mobile subscription fraud is to other types of fraud.

Subscription fraud involves fraudulent users gaining access to a person’s information and using it to sign up for expensive subscription services. The scammer then reaps the benefit of the subscription, whether it is a product or service they’re getting for free.

2015-10-05_11-00-23

 

  1. Large-Scale Merchant Data Breaches

You may have heard about some fairly recent data breaches involving stolen credit card information. Think about the huge data breach in 2013 where hackers stole credit card information from the retail store, Target.

Hackers are able to intercept the payment process and steal precious information, even through mobile devices. They can do this by installing malware on mobile devices and controlling them to steal card information through apps and internet browsers. They then take control of your credit card to rack up purchases.

  1. Mobile Apps Using Pre-Paid Cards

One example is Starbucks. Earlier in 2015, hackers used the Starbucks app to gain access to consumer’s credit card information to re-load giftcards associated with the app. They charged hundreds of dollars in a matter of minutes.

 starbucks-account

  1. Stolen Devices

Fraudulent users can also pretend they are you by stealing your mobile device and using it to make purchases through apps. They are able to do this easily if users are already logged in. Checking the “keep me logged in” box on apps is common for users who want quick access.

paysmart app

  1. Phishing

This type of fraud is an easy way for scammers to access your information. If you are the user, you get a message asking you to enter your login information, through text (this is called “smishing”) or email. You are conned into thinking this is an authentic message from a business you trust.

This information is then used to make purchases through the app you revealed your information for. Or it can be used on other apps/websites by counting on the fact that consumers use the same usernames/passwords across multiple apps. Mobile users are 3x as vulnerable to phishing attacks as online users.

walmart smishing

  1. Phantom Apps

This involves scammers luring users into fake apps for companies they know. For example, in 2014 there was a scam that tricked users into paying for cheap cars through a phony version of Google Wallet. The funds were then wired back to the fraudsters.

From Lookout

  1. Premium SMS fraud

Premium SMS services involve users sending a text to a number and receiving what they want in exchange (ringtone, wallpaper, etc.). The charge is then billed to the phone company.

This can be used for bad intentions. Users can download a malicious app that looks like one by a content provider. This app then sends SMS messages without the user knowing as though they are the user making a purchase. The money generated from this is wired to the fraudster. Below is a schematic describing how this works.

  1. Fraudulent Websites

Scammers can make phony websites that look like real websites to steal user’s information and make purchases with it. This is so successful on mobile devices because users are less likely to notice a website is slightly different on a mobile phone than on a computer.

  1. Friendly Fraud

Friendly fraud involves users making a purchase, such as on a mobile app, and then requesting a chargeback from their credit card company. Sometimes this is accidental, but often it involves bad intentions. Scammers then have the item for free and can sell it to make more money.

Friendly fraud and other types of return fraud make up a significant amount of mobile fraud and are more likely to happen through a mobile device than online and in-person.

  1. Return Fraud

Similar to friendly fraud, scammers can also request a refund directly form a company. They don’t do this because there is a defect in the product, but to get a free item they can later sell to make money.

As you can see, there are many different types of mobile fraud merchants and users must watch out for. Identity theft is a huge issue, as we store a large amount of personal information on our phones. Pretending to be a user is one of the most common ways hackers make fraudulent purchases or wire money.

Scammers look to exploit many avenues for their bad intentions. Therefore, businesses that address security concerns through several avenues are less likely to be harmed by fraud. This includes using many types of authentication and biometric methods.

It’s important for businesses and users to realize mobile devices are not more secure than computers. This doesn’t mean businesses should stop offering mobile options. Instead, they should employ several effective methods to curb mobile attacks.

 

 

Recent Posts

Ask The Experts: The Future of Banking & FinTech in Light of PSD2, Part 1
The Digital Officer’s Guide to Mobile Fraud Detection
Fighting Mobile Banking Fraud with Continuous Authentication
The Digital Officer’s Guide to Multifactor Authentication
Best Practices to Identify Compromised User Credentials

Follow Us