#1 Account Takeovers? There's an App for That
Thanks to the theft of more than 11.7 billion personal identity records, credit card information, Social Security numbers and mountains of other personal identity credentials sell for as little as $0.19 on the dark web. As a result, identity proofing is becoming a critical issue for every business operating within digital channels — including via mobile apps. Today, mobile apps continue to rank among the safest ways to transact digitally and are four times safer than transactions made through the mobile browser.
#2 Account Creation Attacks on the Rise
According to our Cybercrime Report, account creation attack volumes increased by 293% year over year in the last six months of 2019.1 In these rapidly proliferating cybercrimes, fraudsters are using bots to sign up for mass new media accounts to take advantage of free trials/streaming bonuses that can be sold for a profit. In e-commerce, these new account creation bots are seen at online marketplaces, virtual gift card companies and ridesharing sites.
#3 Mobile Payments Face More Growing Pains
Account login/take-overs and fraudulent creations represent the majority of identity-related fraud activity, particularly for e-Commerce merchants.2 But retailers and quick service restaurants launching their own mobile loyalty and payment apps are starting to feel the heat as well. This summer, an international mini-mart brand shut down its new Japanese mobile payment app just days after it was first released. In a matter of hours after its launch, fraudsters armed with stolen customer birthdates, phone numbers and email addresses were able to initiate a password reset and take over nearly 1,000 customer accounts. Because the app was tied to the customer's credit card, these thieves were able to pull off $500,000 in fraudulent purchases in just a few days.
#4 Bot Volumes Still Growing
Bots are people, too—if you can’t tell the difference. Fraudsters are targeting mobile devices, using bot attacks to test or exploit stolen customer login credentials in retail and banking accounts. Though still a significant problem, logins recently have become a safer transaction compared to the past. The attack rate has decreased by 38% YOY, but 110 million login in attacks were still recorded in the Digital Identity Network® during the last half of 2019.
Bot volumes can be very volatile given that one bot attack can represent millions of individual attacks. The Digital Identity Network has recorded strong growth in bot attacks from Canada, Germany, France, India and Brazil, despite the fact that the global bot volume has fallen YOY.1
Digital Identity: The Secret to Mobile Fraud Detection
To detect and disrupt mobile fraud threats, organizations need to adopt modern, digital identity-based approaches to user verification and assessment. By identifying the linkages between customers and their associated credentials, devices, accounts, locations and hundreds of other risk attributes, organizations will be able to accurately determine the legitimacy of the person on the other end of a mobile transaction.
In particular, mobile fraud detection solutions that combine SSL-based device fingerprinting, web and mobile device intelligence and behavioral biometrics tied to digital identity intelligence are seen as an effective way for organizations to gain an upper hand against cybercriminals.
1. LexisNexis® Risk Solutions Cybercrime Report, July – December 2019
2. 2019 LexisNexis® True Cost of FraudSM Study