#1 Account Takeovers? There's an App for That
Thanks to the theft of more than 11.7 billion personal identity records in just the past three years, credit card information, Social Security numbers and mountains of other personal identity credentials sell for as little as $0.19 on the dark web. As a result, identity proofing is becoming a critical issue for every business operating within digital channels — including via mobile apps. Today, mobile apps continue to rank among the safest ways to transact digitally and are four times safer than transactions made through the mobile browser.
#2 Account Creation Attacks on The Rise
According to our 2019 Cybercrime Report, mobile account creation attacks have soared 144% in just the first six months of this year.2 In these rapidly proliferating cybercrimes, fraudsters are using bots to sign up for mass new media accounts to take advantage of free trials/streaming bonuses that can be sold for a profit. In e-commerce, these new account creation bots are seen at online marketplaces, virtual gift card companies and ridesharing sites.
#3 Mobile Payments Face More Growing Pains
Account login/take-overs and fraudulent creations represent the majority of identity-related fraud activity, particularly for e-Commerce merchants.3 But retailers and quick service restaurants launching their own mobile loyalty and payment apps are starting to feel the heat as well. This summer, an international mini-mart brand shut down its new Japanese mobile payment app just days after it was first released. In a matter of hours after its launch, fraudsters armed with stolen customer birthdates, phone numbers and email addresses were able to initiate a password reset and take over nearly 1,000 customer accounts. Because the app was tied to the customer's credit card, these thieves were able to pull off $500,000 in fraudulent purchases in just a few days.
#4 Mobile Bots Mean Bad News Ahead
Bots are people, too—if you can't tell the difference. Fraudsters are increasingly targeting mobile devices, using bot attacks to test or exploit stolen customer login credentials in retail and banking accounts. In financial services, for instance, our data indicates mobile web-based account takeover attacks, many involving bots, grew by over 100% in 2018.4 And it may be about to get worse.
In a growing number of instances, mobile account creation bots are targeting social media apps to test, validate or build synthetic identities for use in downstream cybercrimes. During the first six months of this year, we detected hundreds of thousands of bot attacks launched from Russia, Indonesia, Brazil, Thailand, India and Bangladesh—suggesting significant growth in synthetic identity farms in emerging and growth economies.