Account Takeover via Mobile Payments Now Drives Largest Fraud Losses
According to a new consumer fraud report, account takeover (ATO) now drives the largest fraud losses, whereby phishing remains a strong, vital part of the fraud.
ATO occurs when a scammer impersonates a consumer in order to steal from their account. It is on the rise in large part due to various data breaches that have exposed personal identifiable information, as well as the rise of mobile devices used for e-commerce all while customer authentication methods remain weak. What this means–in terms of legal responsibilities–is that financial institutions need to significantly improve the customer authentication process and device identification methods in order to properly protect consumers.
Methods of Account Takeover
There are five main types methods used in account takeover, including:
- Brand abuse: fraud that misleads consumers by exploiting a brand; for example, counterfeiting of products or services;
- Financial malware fraud (also known as fraud originating from Trojan horses): using specialized malware to scan a computer or network to gain access to financial transaction information. Most commonly used in association with banking fraud cybercrimes;
- Malware in the mobile channel: fraudsters use keyloggers and ransomware for man-in-the-middle attacks; for example, intercepting a one-time password sent by a financial institution to a consumer’s mobile phone;
- Phishing: fraudsters intercept or steal personal information directly from the consumer by using false pretenses. Currently serves as the leading type of fraud, globally; and
- Rogue mobile apps: fraudulent apps that can steal information. Usually available on unofficial app store websites or are distributed via emails.
Guarding Against Mobile Payment Fraud
The most important way to guard against mobile payment fraud is to ensure accurate device identification is in place. The largest amount of online payment fraud occurs with new devices that financial institutions are still unfamiliar with.
Spotting Phishing Fraud
The most common tools used to spot phishing fraud include one-time passwords sent to customers to confirm transactions, behavioral analytics that compare prospective transactions with the consumer’s typical transaction patterns, and device fingerprinting that recognizes a specific piece of hardware.
Florida Consumer Protection Lawyers
Unfortunately, many large financial institutions are still way too trusting of low-security, knowledge-based authentication tools that rely on static questions which the institution also keeps on file in order to verify a consumer’s identity. These are regularly breached, and are reportedly one reason why we continue to see a lot of account takeover activity. In fact, less than half of these institutions use biometric tools to authenticate consumers.
Lavalle, Brown & Ronan P.A. has a combined 130 years of experience working to protect clients from consumer fraud here in Florida. If you are concerned about this issue, contact us today for a free consultation so that we can provide you with guidance.