Online and mobile fraud prevention needs to be part of every retailer’s brand’s holiday retail strategy. According to Cybersource’s 2011 survey of e-commerce fraud, $3.4 billion in online revenue was lost in 2011 as a result of fraud, and this number is only expected to increase. Although the holidays are just around the corner, there is still time to take action and reduce your exposure to fraudulent mobile channel activities.
1. Spoofing. Cybercriminals often leverage weaknesses in mobile mini-browsers to spoof their locations. Since spoofing is a red flag for fraud, you should pay close attention to users who interact with your system using spoofed mobile devices.
2. Jailbroken Devices. Jailbroken iOS devices don’t automatically indicate malicious intent. But cyber thugs frequently jail break iPhones and other iOS devices so they can download apps that aren’t screened and distributed via the App Store, turning Apple devices into optimized tools for fraudulent mobile transactions.
3. Android Mini-Browsers. In the same way that fraudsters jailbreak iPhones for fraudulent purposes, cybercriminals will sometimes download mini-browsers other than the browser that comes installed with their Android device. This allows them to achieve mobile access through proxy sites and disguise their true location. For example, while an online transaction may seem to originate in the U.S., it actual originate offshore – in global hotbeds for cybercriminal activity, such as Vietnam, Phillipines and Nigeria.
4. MitB Attacks. Man-in-the-Browser (MitB) attacks can be lethal because they lurk undetected in the background of authenticated mobile transactions. With MitB detection technology, retailers can create a more secure mobile channel by identifying these threats in real-time.
5. Risk Scoring. Mobile can’t be separated from your brand’s other online security measures. In addition to integrating mobile factors into risk scoring, mobile needs to be incorporated into a comprehensive fraud prevention strategy that tracks consumers on both apps and websites.
The demands of the holiday retail season cause many retailers to put new cybersecurity measures on hold until the first of the year or later. But that’s a mistake – especially if your brand is counting on mobile to deliver additional customers and revenue during the holidays.
The current state of mobile fraud prevention technologies enables retailers to implement or extend their capabilities with relatively little effort. Leveraging cloud-based delivery platforms, these technologies can be deployed rapidly, substantially improving security throughout your brand’s holiday retail sales program.
Andreas Baumhof is chief technology officer at ThreatMetrix.