How fraudsters take advantage of ride-hailing apps

Today it's hard to find someone who isn't a frequent user of ride-hailing apps. The success of the global mobility as a service (MaaS) market is huge, mainly down to the sheer convenience of ride-hailing apps and other similar services for ride-sharing, e-scooter rides and public bike sharing! App-based ride services are easy to sign-up for, easy to use, and go hand-in-hand with the fast-paced urban lifestyles they cater to. The world is going mobile, and so too are personal transportation services. But where there’s a popular online service involving payments, promos and discounts, there will always be fraudsters and dishonest customers to take advantage through policy abuse.

Simplicity, convenience and affordability reign supreme when it comes to modern transportation services. Ride-hailing apps like Uber, for example, can be downloaded quickly, users can sign-up for the services in a heartbeat, and once an account is verified, you can be driven from A to B fairly quickly with the help of the nearest driver to you. It’s that simple. Mobility as a service is not just limited to taxi-like services, but to ride-sharing apps such as BlaBlaCar, where a driver can post details of an upcoming trip and offer spaces in their vehicle for any interested parties. Sharing the cost between people makes the journey more convenient and economical for passengers.

Within an urban setting, for locals and tourists alike, the choice of even cheaper public transportation services such as e-scooters and public bike-sharing schemes have proven to be particularly popular. Almost every city has them, and again, their simple sign-up processes, convenience of use and affordability make them an appealing option for people wishing to avoid traffic congestion and perhaps go further than public roads may permit.

Almost all mobility as a service apps offer sign-up promotions to entice users to join, along with incentives to get their friends and family to join too. No doubt this is a clever marketing ploy, which can also lead to negative financial impacts based on a type of fraud called promo abuse. This type of policy abuse can seem innocent, but dishonest customers and fraudsters gain financially from such promos if they try to sign up for services using multiple email accounts and fake identities. One of the most famous examples of this occurred with Uber in 2014 when one user posted a referral promo code on Reddit for people to sign up, which gained him $50,000 in free-ride credit. With such figures, it is easy to understand how companies can face major financial losses from a simple company policy. Internal policies must adequately prevent such occurrences, while still offering honest customers the best possible service.

It is very important to beware of scammers when using ride-hailing apps, indeed, with all mobility as a service apps. Although promo abuse is just one thing to look out for, fake apps, fake drivers, fake accounts and more can lead to financial losses. So what are some other common types of fraud associated with mobility as a service?

- Account Takeover (ATO)

Mobile app fraud is a growing problem as smartphone ownership grows, and more apps are made to cater for mobile platforms. ATO is not limited to mobile devices, of course, the usual scams that apply to desktop users have simply been adapted to affect mobile device users too. Always maintain good digital hygiene, use strong passwords, keep operating systems and apps up to date and never fall for phishing emails with suspicious links and attachments. The consequences can be that your account ends up on a ‘for sale’ list, available for purchase on dark web marketplaces.

- A quick way for fraudsters to make money!

Fraudsters like to create fake profiles, or take advantage of existing accounts through ATO in order to gain people’s payments for a ride-hail or car-share. They quickly transfer the funds to a designated account, while leaving the unsuspecting user to deal with a no-show driver.

Russian hackers have been prompting users to make payments outside apps by sending them a fake link. This should naturally raise the suspicion of users, as any payments that occur beyond the app cannot be traced by the service provider.

- Fake drivers and fake user accounts to gain money and earn incentives

Fake users and fake drivers have been common features of ride-hailing apps in the past. Where fake drivers appear, malicious actors have created multiple fake accounts and spoofed their GPS location in order to trick the ride-hailing service into believing that real journeys have been made. The reality is multiple accounts across multiple devices simply give the impression of real drivers and users to boost a fake driver's reputation and no. of rides completed. The more rides a driver has, the more cash rewards they receive.

- Fake e-scooter and public bike scheme QR codes

With eScooter or public bike schemes, it is not unheard of for malicious actors to attach fake QR codes on top of the legitimate QR code assigned to a scooter or bike. By scanning the fake QR code, users can unwillingly hand over their personally identifiable information (PII) or be directed to a phishing site or fake app download, which can then be used by malicious actors to gain access to their accounts or use their identities for creating other fake accounts.

Ride-hailing services continue to grow in popularity, and so long as there are people willing to use them, they will remain a regular urban feature for the foreseeable future. Rather than being just about individual scammers or dishonest drivers and customers committing policy abuse, it is clear that there are organised crime gangs trying to make money from ride-hailing and ride-sharing apps, in particular. There have been instances where ATO has been performed using social engineering attacks on registered drivers, whose accounts will be drained of their earnings, and the criminals will be long gone before the drivers have noticed and been able to take action.

All these forms of fraud not only affect individuals but the companies that are providing ride-hailing and mobility as a service in general. Their reputations can be at stake, for if they do not tackle the issue of securing user accounts and their personal information, reputations can be tarnished.

It is essential that companies dealing with payments and transactions deploy advanced fraud solutions to keep not only their businesses but their customers safe. Nethone, for example, uses machine learning models to power effective analysis of every single service user. What does this mean in practicality? 5,000+ pieces of digital fingerprinting and behavioural biometric data are automatically analysed to fully understand a user’s device setups and behaviours (know your user), all to weed out genuine and honest users from dishonest customers and fraudsters. This means if a user is making concerted efforts to mask their true identity and device settings, they most likely have bad intentions. This analysis is performed in real-time and completely unnoticed by the user.

Any company providing ride-hailing apps cannot underestimate the risk involved, which is why the only solution is to use advanced anti-fraud systems, that can truly make payments and transactions secure, protecting the entire customer journey from account setup to the point of a payment being made. For any company to not take the threat seriously, they will have to deal with the online backlash of negative reviews, social media character assassination and inevitable media interest. All of these can be avoided, so why risk enduring the worse case scenarios?

---

If you liked our text about how fraudsters take advantage of ride-hailing apps and wish to protect your business against threats, let's talk. Click 'book a call' at the top of this page or contact Eric directly via email at eric.alegre@nethone.com or via LinkedIn.