Risky mobile transactions have spiked this year as patch providers race to keep up

In the first half of 2019, nearly half of all transactions that a fraud detection firm flagged as "risky" occurred via mobile devices. Meanwhile, mobile security patches have spiked, too.
mobile security, transaction, financial, payment, credit card, fraud
(Getty Images)

It’s hardly news that scammers are taking money in various ways from unsuspecting smartphone users, but a new analysis of 30 billion online transactions shows that the fraudsters are adapting and innovating in ways that much of the public doesn’t understand.

One number tells the story: Iovation, a fraud detection firm acquired in 2018 by TransUnion, flags risky transactions worldwide and then looks more closely at how they happened. In recent years, about one-third of all flagged transactions involved mobile devices.

In the first half of 2019, that number jumped to 49%, according to findings released Tuesday.

Iovation defines “risky” based on the number of transactions in a given period of time from a device, geolocation anomalies, potential bot activity and other actions that typically result in fraud. The findings only provide the latest evidence that mobile devices, which will be the primary way most of the world will access the internet within a few years, are riddled with malicious software, dodgy apps and other technologies used to steal victims’ data.


While Iovation did not provide specific examples of fraud, researchers pointed to factors like the abuse of SIM cards, which can disguise a user’s true location, and the type of currency associated with a specific device as potential indicators that a phone may be used for nefarious purposes.

Meanwhile, mobile service providers are scrambling to keep up. Android and iOS vendors created 440 security patches over the first half of 2019, up 30% from the same time period last year, according to an analysis of 40 million devices conducted by the vendor Zimperium. Rogue Android apps were an especially toxic threat, with 45% of all attacks from mobile devices originating with a program that was not what it appeared, Zimperium found.

The issue is especially pressing in the developing world. Cameroon was the country that was most active on mobile, with 92% of the transactions there carried out via mobile devices, according to the report. The central African nation of Gabon ranked second, with 91% of transactions on mobile, followed by Cuba, with 88%.

These nations, where populations are coming online for the first time, are susceptible in part because so many people rely on Android devices, which are more affordable albeit generally less secure than Apple devices. Fraud from rogue mobile applications increased by 300% over the past year, according to a recent report from RSA Security. Scammers also are trying to get away with stealing more, RSA found, leveraging stolen usernames and password credentials to try stealing amounts that are nearly twice the size of legitimate transactions, on average.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts