Fraudsters are ditching their desktops to do their dirty work,according to new research by Bedford, Mass.-based securitysolutions company RSA.

|

The company, which is a subsidiary of Dell, found that betweenJanuary and March 31, 2018, 65% of fraudulent transactions took place using amobile browser or mobile app. In the first quarter of 2015, thatnumber was just 39%.

|

“Consumer transactions and fraud continue to grow in the mobilechannel,” it said. “Over the course of 2017, fraud by mobile appincreased 50%.”

|

“As organizations look to roll out new services through themobile channel, security is key. So much attention has beenfocused on customer experience, perhaps to the detriment ofsecurity, allowing cybercriminals to move their activity to lessprotected channels. With about two out of every three fraudulenttransactions originating from a mobile browser or app, mobile fraudposes a very real threat,” RSA warned.

New devices fueling fraud

The data for online banking was especially bleak.

|

“While less than half of a percent (0.4%) of legitimate loginswere attempted from a combination of a new account and a newdevice, this scenario accounted for 32% of total fraud volumeobserved in Q1. This pattern could indicate fraud actors attempting to leverage stolen identities to create muleaccounts as part of their 'cash-out' plans,” RSA reported.

|

“Similar to fraud patterns at login, only 0.4% of legitimatepayment transactions are attempted from a new account and newdevice, yet this combination makes up 22% of total fraud values,once again potentially indicating money mule activity,” itadded.

|

“The highest volume of fraud, or 34% of total value, originatesfrom a known/trusted account and device, which suggests that thereis a high likelihood that these devices may be infected withfinancial malware capable of performing man-in-the-middle accounttakeover attacks.”

Phishing still the frontrunner

Phishing accounted for 48% of all cyberattacks in the firstquarter of 2018, RSA reported. Financial Trojan horse malwareaccounted for one out of every four fraud attacks during thattime.

|

“Phishing, while among the oldest types of online fraud attacks,is still the most widely used tactic. This may be due to its lowtechnical barriers to entry, combined with the low resourcerequirement for simple, low-tech attack vectors such as email.”

|

For criminals, the payoff can be huge. The average value of afraudulent transaction in the United States was 144% higher than agenuine one and averaged $508.

|

That's made identifying members' devices a critical part of datasecurity and fraud prevention. According to the report, 82% offraudulent e-commerce transactions during the first quarter of 2018originated from devices that were not “known” or “trusted” by thefraud platform.

The new hideout: social media

Credit unions and other organizations that rely on mobile haveto get more comfortable with the inner workings of social media andmonitor it for fraud threats targeting their businesses, itadded.

|

“There is a thriving fraud business happening on most majorsocial media sites that is going completely unnoticed,” itsaid.

|

“There are several reasons fraudsters, like legitimate users,are attracted to social media platforms as 'control stations' fortheir social lives and even their businesses,” RSA warned. “Themass communicative properties of these networking programs bridgephysical divides and distances to allow seamless sharing of ideasand information. On top of that, many platforms provide additionalbenefits to users looking to maintain an exclusive space for aspecific purpose that remains unknown to those not trusted enoughto be part of the circle.”

|

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.