Nick Cucci

Nick Cucci

April 8, 2019

More Mobile Payments, More Mobile Fraud

his won't come as a surprise, but mobile devices are now the preferred way to access the Internet and make payments. Nearly 80 percent of people in the United States own a smartphone, according to Forbes magazine. This continued rise and growth of mobile payments has made companies shift strategies to a mobile-first approach.

Here are several examples of the rise of mobile from app development company CitrusBits:

  • Mobile devices account for 53 percent of paid search clicks.
  • Google drives 95 percent of all U.S. paid search clicks on mobile.
  • Eighty-seven percent of Facebook ads revenue comes from mobile.
  • By the end of 2019, mobile ads are expected to represent 72 percent of all U.S. digital ad spending.
  • Eighty-eight percent of mobile users increased their use of mobile coupons in the past three years.
  • Over 50 percent of retailers feel they are not prepared to deal with any type of mobile fraud.

Along with this massive increase in mobile devices has come a ripple effect in fraud. One popular fraud trend is click flooding, also called click poaching. This type of fraud aims to poaching organic users. When an unpaid user installs a new app, a series of clicks takes place that falsely attribute the action to that of a paid ad. This causes the advertiser to pay a click fee per user that the advertiser shouldn't be paying for it. This also disrupts analytics because the amount of organic incoming traffic becomes grossly overstated.

This combination is detrimental to marketing plans and budgets. Typically, organic users who run across your advertisement are more high-quality users who are inclined click through to see a service or product.

Another mobile fraud or poaching trend occurs only on Android devices and exploits the Install Broadcasts feature. This is where all existing apps on a phone are notified when a new app is being installed. Scammers create new free apps, and when people download them, the apps send a series of clicks to networks before the install is complete. Through this, the fraudster receives credit, and gets paid for what is more than likely an organic install.

Yet another popular fraud trend on mobile devices is SDK spoofing. This is a bot-driven strategy whereby a bot (malware) hides on the app to generate a series of simulated ad click, install and engagement signals to another location – but no real install occurs. CitrusBits found that in the first quarter of 2018 alone, 37 percent of all rejected installs were from SDK spoofing. This is becoming increasingly popular in 2019.

Not surprisingly, Stripe found that fraud rates increase during the holidays and summer back-to-school season. Interestingly, however, fraud rates do not rise notably on heavy shopping days like Black Friday, but do rise on Christmas when many people aren't shopping. Stripe also noted that fraud rates are much lower on recurring transactions that involve a subscription service or extended relationship.

Another noteworthy fraud trend is that fraud rates are increasing during "quiet times." Traffic peaks during workday hours and plummets during nocturnal hours, while fraud peaks during the lull periods of web traffic. This was not the case five years ago.

Fraud-prevention tips

Fraudsters typically try to hit businesses that do not need to deliver a product or service linked to the buyer. Typically, on-demand services are the ones most targeted. These behaviors will only continue to evolve as we combat fraud, the type of fraud will constantly pivot to adapt to changes. If you're a merchant or ISO battling fraud here's my advice:

  1. Distinguish between ecommerce traffic and mobile traffic. Even when this is split 50/50, it's better to monitor this to see what's normal for your area, and when a spike occurs, you can catch it before a problem develops. This will also help you figure out the origin of fraud should it occur.
  2. Follow the Payment Card Industry Data Security Standard, particularly Level 1. Level 1 is the highest protection. Certification may not be necessary, depending on volume, but as long as you follow the standard, this will be a major deterrence to any fraud attempt to your system.
  3. Track behaviors and set velocity controls. Variances in traffic need to be monitored and understood. A significant number of current mobile retailers implement seamless secure checkout solutions to their customers for a safer experience. The safer customers feel the more likely they will increase their activity, both mobile and e-commerce. Reaching out directly to the customer via SMS or phone call will also give users a good feeling about your service.