Payments Next Big Cyber Threat

Thirty-two percent of merchants see mobile as riskier than standard e-commerce, up from 24 percent last year, recent statistics show. As retail foot traffic steadily declines and more consumers opt to make purchases via mobile device, online fraud is quickly becoming a standard practice – and presumably one to fear. Businesses therefore need to be able to detect and prevent such attacks on native mobile apps, which rarely have the infrastructure to enable proper security measures. A recent ThreatMetrix white paper highlights mobile app fraud methodologies and detection techniques to keep app users’ trust and businesses’ ROI high.

When transactions are made via consumers’ desktop browsers or default browsers on a mobile device, “fraud prevention systems perform advanced profiling of the device, uniquely identify it, and establish a trust score that identifies the level of fraud risk,” according to the white paper.

However, that’s not necessarily the case for native mobile apps, which are downloaded to a phone or tablet and are designed for a specific website. These apps are more “lightweight” – that is, they do not have the ability to identify fraud threats or attacks. They must therefore be upgraded and enhanced with what they need to fight fraud and preserve user trust – but that task can be quite complex. To help fix this issue and give mobile app developers the power to easily integrate fraud tools, ThreatMetrix offers a software development kit (SDK) called TrustDefender Mobile.

HOW TRUSTDEFENDER MOBILE WORKS

TrustDefender Mobile works to detect and prevent fraud at login, payment, and account registration. It works by embedding a code within the app, uniquely identifying the app, and gathering data to indicate if the device is configured normally. The SDK carries out the following to profile a device:

1) Persistent Device Identification: Identifying individual mobile devices for iOS and Android platforms

2) Location Services: Gathering latitude and longitude information from GPS hardware, comparing IP address with physical location to detect proxies and VPNs

2) iOS Jailbreak and Android Rooted Devices: Detecting when security controls on devices have been thwarted

4) Anomaly Detection: Detecting device tampering and mimicking

5) Packet Fingerprinting: Detecting device and data spoofing by an analysis of the network traffic packet signatures from the device

HOW THESE TECHNOGOLIES AND FEATURES ARE UNIQUE

Dynamic Configuration and Updates: Businesses have no need to re-release an app or force updates to change configurations – fraudsters are always finding new ways around these changes. ThreatMetrix conducts its own dynamic configuration and updates to access new threat data.

Advanced and Persistent Device Identification: TrustDefender Mobile identifies individual smart phones, tablets, and other devices, even when fraudsters have intentionally altered device identities.

Global Trust Intelligence Network: TrustDefender Mobile is a fully-integrated component of the TrustDefender Cybercrime Protection Platform, “the world’s largest and most comprehensive fraud intelligence network.”

Trust Tags: These provide sophisticated intelligence to help organizations find hackers and fraudsters, and are stored within the Global Trust Intelligence Network. They can be applied to users, devices, email addresses, login IDs, and more.

Easy Integration: TrustDefender Mobile can be integrated into mobile apps in a day or less, and is compatible with existing tags, policies, and rules – not changes must be made to organizations’ configurations.

To find out how business owners can use ThreatMetrix’s solution to help reduce fraud-driven losses, increase revenue, and make mobile apps safer and more accessible for users, download the whitepaper “Preventing Fraud from Mobile Apps” by clicking the button below.