Smartphones are fast becoming ubiquitous in our technologically advanced landscape. Adoption of smartphones is expected to hit two billion by 2016, and by 2018, it will reach half of the world’s mobile phone users.
This has in turn led to an increase in mobile commerce (m-commerce) globally. Currently it accounts for 34 per cent of all e-commerce transactions, and is expected to hit 40 per cent by the end of 2015. Increased popularity of mobile wallets and Bitcoin and are also feeding this rise.
Two Asian countries, Japan and Korea, are experiencing the highest penetration of m-commerce globally, with more than 50 per cent of their population engaging in mobile transactions. China is also fast joining the ranks of this upward trend. In Q1 2015, it experienced a 168 per cent year-on-year increase in mobile sales, amounting to a total value of US$58.4 billion.
Naturally, foul scammers and hackers have caught wind of this trend, and have casted their shifty eyes on this rapidly growing space.
Mobile frauds are increasing at a worrying pace. Although mobile payments only account for 14 per cent of transactions, they make a disproportionate 21 per cent of total fraud cases.
Deceit is the tool of trade
Hackers usually begin by attacking a large credit card database, such as ones of the likes of American retail giants, Target and Depot. The hackers then sell these information in online black markets — which usually lay in the dark recesses of the Deep Web — such as the now defunct Silk Road.
Buyers of these information then use the card numbers to make purchases online, which can accumulate to a hefty sum, as not all m-commerce websites have robust transaction safeguards. For example, some mobile app stores allow you to store your credit card numbers and make unlimited transactions without having to verify your credentials — through the card holder’s mobile phone for example — or card number.
m-commerce scammers also acquiring credit card numbers by going through the usual route of phishing schemes by sending emails that link to fraudulent websites masquerading as a legitimate site.
Many m-commerce merchants are bearing the brunt of these attacks. Each dollar of mobile payment fraud incurred costs the merchant US$3.34, which is 27 per cent more than what it would cost if the fraud occurred on a PC.
The reason being that in addition to the cost of the lost merchandise, you would have also factor in the cost of the investigation. That takes more effort and resources than one conducted with a PC fraud as many merchants aren’t equipped to track the smartphones’ unique identifiers such as IP addresses.
Other schemes are more cunning and intricate.
In the US, several consumers were tricked into buying used cars online by wiring funds through a fake Google Wallet. In Chile, hackers exploited a bug in the public transportation app, which allowed them to top up their travel credits for free.
Within the digital goods world, app developers are also facing troubles.
According to Apsalar, a mobile attribution company, for every valid in-app-purchase (IAP) made in China, 273 of them are shams. For Taiwan, it’s 54, Saudi Arabia, 24.6, and Hong Kong and Israel at 18.
Scammers are also targetting the mobile ad market using a device called mobile device hijacking. With it, the fraudsters are able to use mobile apps that can run up to 20 ads a minute and simulate random clicks.
This fools the advertising companies into thinking that their ads have been viewed by actual people. Last year, it costed them US$857 million and is expected to hit more than US$1 billion by the end of this year. According to Forensiq, a New York firm that provides ad fraud detection and prevention, more than 12 million mobile devices are infected with this malware.
M-commerce merchants are waking up to the realisation that more comprehensive measures need to be taken to combat these threats.
Fraud detection companies like Kount and Ethoca have partnered to inform businesses of credit cards that have incurred suspicious charges. Mobile analytics company Kochava alerts advertisers when detects an outlier or mislabelled blended traffic.
Other measures that are undergoing trials include Selfie-payments, which was launched by MasterCard.
Through this scheme, customer will be sent a pop-up on their phone, when browsing a web store, so that they can use to authorise the payment using either a finger scan or selfie recognition.
Recently, Visa and MasterCard also said they would ditch online passwords and replace with biometric authentication methods.
Mobile payment service LoopPay says it’s adding support for biometric features such as Apple’s fingerprint reader, which it says makes it harder to steal a person’s identity.
Will these measures be effective enough to nail mobile fraud? It’s too early to tell.
One thing is sure that with APAC poised to boast of the leading m-commerce markets in the world, it is vital that more R&D and investments be poured into making m-commerce safer.
Disclaimer: This article has been written in collaboration with Kount. The Fraud 360 World Tour will be landing in Singapore on September 10 at the Marriott Singapore Tang Plaza. Kount and Braintree bring this half-day, free seminar to you with discussions about payments, fraud trends, and best practices standards that you can adapt to your business. Register now to access the latest technology advancements needed to fight fraud.