Four mobile cybersecurity threats to watch in 2022

February 14, 2022

Mobiles have become an extension of our arms. We use them for anything, and everything — from checking our heart rate to making sure a photo frame hangs straight. Over six billion people worldwide use smartphones, including 85% of Americans. In the U.S., mobile e-commerce spending topped $47 billion.

In 2022, the online shopping industry — specifically mobile and social commerce — will continue to grow exponentially, and with it, fraud will follow. As more apps come to market with commerce capabilities, more functionalities will be introduced to make purchasing easier. And for fraudsters, this means more opportunities for abuse. The more services an app provides, the wider the attack surface and the harder it is to secure. Those looking to commit fraud are increasingly good at finding where the vulnerabilities lie and how to take advantage of them. And businesses continue to be behind the 8-ball when it comes to securing their assets fast enough.

We see four fraud trends that businesses need to be on the lookout for this year:

Mobile app fraud. Lots of it. Period. It’s easy to defraud an app especially given the low barriers to entry. In 2020, a massive fraud operation used a network of devices to drain millions from online bank accounts at record speed. A single emulator spoofed over 8,000 devices. These malicious tools are so readily available we expect to see many more instances this year. To combat it, mobile apps need to dial up their anti-fraud efforts. If they don’t, they run the risk of being defrauded across every service they offer.
Cross-border fraud. Cross-border e-commerce transactions spiked to obscene levels in 2021, with consumers under lockdown. But where there is smoke, there is usually fire. Spikes in sales led to spikes in fraud. In 2021, more than 60% of U.S. and U.K. businesses reported issues with cross-border fraud, and global card not present fraud tripled to over $32 billion in the last few years. As travel start to recover, fraudsters will take advantage of travel-starved individuals. Fake accounts, websites, and apps to trick people into purchasing travel packages that don’t exist will start to pop up. In addition, two years of travel restrictions have left some travel accounts dormant, and it’s been easier for fraudsters to break into them and drain loyalty points or stored value. Businesses need to pay close attention to new patterns of activity and secure their platforms.
Account Take Overs (ATO). Battling ATOs is a never-ending game of whack-a-mole. Years of massive data breaches have made it easy for fraudsters to acquire user credentials. Data leaks continue to be on the rise. Breaches in 2021 surpassed those in 2020 by almost 20%. As a result, ATO attempts will start to surge even higher in the coming months. It’s not just the number of accounts being breached; it’s how. Advances in deepfake technology have led to more effective social engineering scams. Cybercriminals are also using A.I. and machine learning to engineer attacks. They are often bad bots as they mimic actual user login behavior and attempt thousands of user login attempts in seconds.
KYU vs. KYC. One (KYC) is about validating a customer’s identity in the fight against fraud. It’s an important check to stop identity theft or other financial crimes. The other (KYU) is about establishing broader protocols about a user’s behavior. It requires a more comprehensive approach to digital identity users, such as their device, behavioral biometrics, account activity, and more. This allows businesses to understand user intentions and motivations across the user lifecycle and keep up with cybercriminals. Businesses that are forward-focused will start to focus on KYU as a way to learn more about their user, specifically when it comes to spotting fraud.

Fraud isn’t going to slow down this year. The opportunities for criminals are endless, and their techniques are getting more sophisticated. Businesses can no longer cut corners, and they must prioritize monitoring risk where customers are spending the most time — on mobile phones. To combat and avoid attacks, businesses need to be aware of the latest tricks of the trade and speed up their defenses. Specifically, they need to prepare apps and implement countermeasures sooner rather than later, such as starting to profile risk and secure every user checkpoint. In 2022, the digital landscape will sprout new opportunities for everyone — the good and the bad. Those who get ahead of it will be on the winning side of the year.

Justin Lie is the Founder and CEO of SHIELD. With over 20 years’ experience in the industry, he is one of the earliest pioneers of fraud prevention technology. While running a cross-border e-commerce business as a teenager, Lie created his own system to combat online fraudsters that were attacking his websites.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.