m-Commerce: how to prevent fraud during a mobile app payment

Global eCommerce is growing faster than ever, and with this, so too is the expectation of a wide choice of consumer payment methods. Some of the most popular options have stemmed from the rise in m-Commerce (mobile eCommerce), making mobile shopping easier, experienced in the very palms of our hands as smartphone ownership increases. In the face of rising m-Commerce, how can fraud be prevented during a mobile app payment? The answer is to use an advanced fraud solution that works as well on all payment platforms, and with the same security now expected when making a mobile app payment.

Financial forecasts change frequently, and just like weather forecasts, they can sometimes be incredibly accurate or way off the mark. Prior to COVID-19, for instance, the rise of eCommerce was predicted to proceed steadily up to 2025, but its global share of retail sales rose sharply from 14% in 2018 to 19% in 2020 due to the pandemic (looking back to 2010, eCommerce accounted for less than 5% of all global retail sales). Already in 2020 with the pandemic in full swing and lockdowns affecting brick-and-mortar shops’ ability to sell, the only option was to move online. The thing about eCommerce is that the backbone of online shopping and specifically mobile app payments has been in place for years, just that the uptake was slow off the starting line. Although initially expected to grow by only 8% in 2020-25, M-Commerce is now projected to amount to 80% of all eCommerce sales by 2025. A huge increase.

m-Commerce was an initial slow burner, with many providers going bust before their full potential could be utilized. But as the pandemic took hold, all of a sudden paying by any means possible beyond using cash became desirable, from contactless payments in-store and mobile wallets, to m-Commerce options allowing varied payment options from a standard mobile app payment to the popular buy now, pay later (BNPL). eCommerce merchants had a means to ensure their survival, by moving online, trying to ensure their customers have a positive shopping experience and return with continued custom. It’s much easier than before to enjoy mobile shopping, and M-Commerce is going to be a big mover in the very near future. It all sounds great, but cybercriminals have taken delight in the deluge of new and unsavvy internet shoppers. Consumers have the tools to perform an array of online transactions, but aren’t fully aware of the security dangers. These people are, unfortunately, the perfect targets for fraudsters. And in an age of professionalisation of hacking, it’s now easier than ever before to defraud victims - even on mobile devices. But how? And how can they be stopped?

All fraudsters will try to defraud their victims by hiding their true identities and their true intentions. They will aim to hide behind a number of smokescreens. In order to see through the cloud of smoke, it is therefore essential to Know Your Users (KYU), just as Nethone does, at the point of each transaction. This is possible by using behavioral biometrics and digital fingerprinting, analysing 5,000+ pieces of data automatically and in real-time, backed up by machine learning (ML) models that can distinguish between cybercriminals and genuine customers. The aim is to detect and prevent fraudulent activities before fraudsters have a chance to act.

The most common fraud encountered when making a mobile app payment is account takeover (ATO) where fraudsters will gain access to a victim’s account through social engineering methods, enticing them to open emails (phishing) and SMS messages (SMiShing) to install malware and gain personal information directly or by using remote desktop protocols (RDP) to gain control of a device. To prevent fraudsters from succeeding in M-Commerce fraud, it is essential to expand advanced fraud solutions and enchance the security capabilities of your mobile application. This is done by finding ‘signals’ that in essence are triggers for irregular behaviors that are indicative of a high probability of fraud. At Nethone, we detect 60+ signals, and just some of the most fraudulent behaviors are as follows:

- Root/Jailbreak Hiding Software

Root and Jailbreak indicate that smartphone software restrictions imposed by Google and Apple have been removed by the user. These are in place to prevent the installation of 3rd party applications, especially designed to prevent fraudsters in their illicit activities. Cybercriminals can use many tools, but some include CheckRa1n, Unc0ver, Chimera for iOS and Kingo Root, Magisk and One Click Root for Android. But removing such restrictions is only the first step as the next key step is to hide the fact this has been done and act as normally as a normal user as possible. That’s why the capability of detecting root and jailbreak hiding attempts may be often more valuable for fraud prevention than only checking the device for root and jailbreak presence. For the best accuracy, we should have both levels of information at our disposal.

- Use of Remote Access Tools

One of the techniques often deployed by scammers in order to take over a victim's device is to convince them to install remote access tools. This is often sent as part of a social engineering scam via email (phishing) or SMS (SMiShing), among others. Often associated with desktop computers, this fraud also applies to mobile devices. On a PC, popular tools include VNC Connect, AnyDesk and Teamviewer, which is also popular on smartphones. Due to the pandemic, many online users, especially students, will have already installed RDPs in order to continue remote study and sharing learning materials. In such circumstances, it is often the case that half a fraudster's task is already accomplished. Via RDP access, a cybercriminal can control a device to capture and record screen activity or transfer files. To combat this threat, various layers of mobile application security are necessary: to scan the device in search for installed tools, but also keep an eye on behaviors that accompany the usage of RDPs.

The m-Commerce market has already become huge and will continue to get bigger. With it, the dangers of fraud that can affect a mobile app payment will always be lurking in the background when customers carry out a mobile app payment. At Nethone, we have always taken the safety of all online payments as seriously, therefore, our advanced fraud solution has been adapted for mobile and our list of signals is continually growing and being updated to match iOS and Android operating system updates. We believe our behavioral profiling solution is a market leader and can effectively help M-Commerce merchants ensure their customers have the best possible experience without succumbing to fraud actors. Making the move into m-Commerce without adequate mobile application security in place risks serious problems ahead for both merchants and customers alike. This is why Nethone can bridge the gap between positive customer experiences and the possibility to ensure continued revenue growth.

If you are involved with m-Commerce and wish to effectively prevent fraud when making a mobile app payment, Nethone's advanced fraud solution is perfect for you.