65% of Fraud Transactions Happen on Mobile, Study Finds
Consumer transactions and fraud continue to grow on mobile platforms.
Fraudsters are ditching their desktops to do their dirty work, according to new research by Bedford, Mass.-based security solutions company RSA.
The company, which is a subsidiary of Dell, found that between January and March 31, 2018, 65% of fraudulent transactions took place using a mobile browser or mobile app. In the first quarter of 2015, that number was just 39%.
“Consumer transactions and fraud continue to grow in the mobile channel,” it said. “Over the course of 2017, fraud by mobile app increased 50%.”
“As organizations look to roll out new services through the mobile channel, security is key. So much attention has been focused on customer experience, perhaps to the detriment of security, allowing cybercriminals to move their activity to less protected channels. With about two out of every three fraudulent transactions originating from a mobile browser or app, mobile fraud poses a very real threat,” RSA warned.
New devices fueling fraud
The data for online banking was especially bleak.
“While less than half of a percent (0.4%) of legitimate logins were attempted from a combination of a new account and a new device, this scenario accounted for 32% of total fraud volume observed in Q1. This pattern could indicate fraud actors attempting to leverage stolen identities to create mule accounts as part of their ‘cash-out’ plans,” RSA reported.
“Similar to fraud patterns at login, only 0.4% of legitimate payment transactions are attempted from a new account and new device, yet this combination makes up 22% of total fraud values, once again potentially indicating money mule activity,” it added.
“The highest volume of fraud, or 34% of total value, originates from a known/trusted account and device, which suggests that there is a high likelihood that these devices may be infected with financial malware capable of performing man-in-the-middle account takeover attacks.”
Phishing still the frontrunner
Phishing accounted for 48% of all cyberattacks in the first quarter of 2018, RSA reported. Financial Trojan horse malware accounted for one out of every four fraud attacks during that time.
“Phishing, while among the oldest types of online fraud attacks, is still the most widely used tactic. This may be due to its low technical barriers to entry, combined with the low resource requirement for simple, low-tech attack vectors such as email.”
For criminals, the payoff can be huge. The average value of a fraudulent transaction in the United States was 144% higher than a genuine one and averaged $508.
That’s made identifying members’ devices a critical part of data security and fraud prevention. According to the report, 82% of fraudulent e-commerce transactions during the first quarter of 2018 originated from devices that were not “known” or “trusted” by the fraud platform.
The new hideout: social media
Credit unions and other organizations that rely on mobile have to get more comfortable with the inner workings of social media and monitor it for fraud threats targeting their businesses, it added.
“There is a thriving fraud business happening on most major social media sites that is going completely unnoticed,” it said.
“There are several reasons fraudsters, like legitimate users, are attracted to social media platforms as ‘control stations’ for their social lives and even their businesses,” RSA warned. “The mass communicative properties of these networking programs bridge physical divides and distances to allow seamless sharing of ideas and information. On top of that, many platforms provide additional benefits to users looking to maintain an exclusive space for a specific purpose that remains unknown to those not trusted enough to be part of the circle.”