It seems that as we spend more time using mobile devices, the fraudsters are following us as a new RSA Security report shows a massive rise in mobile fraud over the last 3 years.
Up Nearly 700%!
The latest quarterly report by fraud and risk intelligence experts at RSA Security shows that as the volume of mobile app transactions has risen by 200% since 2015, accordingly the growth rate for fraudulent transactions has increased to a massive 680%.
New Accounts and ‘Burner Phones’
One of the key trends at the heart of the rise in mobile fraud is the apparent rise of the use of fake new accounts and ‘burner / burn phones’ to commit fraud.
A burner / burn phone is a mobile phone handset that is acquired for temporary use, is usually prepaid / without a contract in order to retain the user’s anonymity, and can be discarded if necessary.
Alongside the burner phone, fraudsters are also known to use stolen identities to set up fake ‘money mule’ accounts, purely for the purpose of collecting the cash from their fraudulent activities.
The RSA report shows that new accounts and new devices have been used in this way in 32% of all the fraudulent transactions in the last quarter.
Phishing Still Top
The report shows that phishing is still the top fraudulent activity accounting for 48% of all fraud attacks in Q1 of 2018.
Trojan Malware & Payment Card Compromise
Other popular frauds involve the use of Trojan malware to steal financial credentials. This method was used in one in four fraud attacks in Q1 2018.
Also, using details from compromised cards is still a very common activity among fraudsters, and the RSA researchers who compiled the report claim to have recovered more than 3.1 million unique compromised cards and card details (which included verification numbers) on offer from online sources in Q1.
Mobile App Security
It is believed that poor security in mobile apps is allowing many criminals to hijack mobile applications and siphon off credentials and funds from many unwitting users.
What Does This Mean For Your Business?
These figures show that our increasing use of mobile devices and apps has opened the door to even more channels for fraudsters. There is clearly a responsibility among mobile app developers and those commissioning mobile apps to deliver their services to ensure that security is built-in from the ground up. This should mean making sure that all source code is secure and known bug-free, all data exchanged over app should be encrypted, caution should be exercised when using third-party libraries for code, and only authorised APIs should be used. Also, developers should be building-in high levels of authentication, using tamper-detection technologies, using tokens instead of device identifiers to identify a session, using the best cryptography practices e.g. store keys in secure containers, and conducting regular, thorough testing.
As users of mobile devices and apps, we also need to pay attention to our own levels of security. For example, we can take precautions to stop ourselves from falling victim to mobile fraud by using mobile security and antivirus scan apps, only using trusted apps / trusted app sources, uninstalling old apps and turning off connections when not using them, locking our phones when not in use, using 2-factor authentication, and using a VPN rather than just the free Wi-Fi when out and about.