The current pandemic has brought forth more sophisticated scammers like never before. Fraudsters, taking advantage of the pervasive fear and uncertainty among the population have devised many fraudulent schemes, including: masquerading as people in need, businesses peddling personal protection devices, and government leaders pledging to provide stimulus funds.
According to an AARP report, people in the U.S. have lost an approximate $13.4 million due to COVID-19-linked payment app scams since April of this year.
How Fraud Is Infiltrating Payment Apps
One of the most widespread fraudulent attacks payment app users face is account takeovers. How it works is that a scammer takes control of a customer’s account in order to use them to acquire credit card information or outright steal funds. Although these criminals utilize a variety of schemes such as “brute force botnet attacks” and phishing, another frequent method used is purchasing stolen information in bulk via the dark web.
Digital Shadows, a security firm, performed an audit recently and found a staggering total of 15 billion login pairs (usernames and passwords) from 100,000 breaches of security. Add to that the frequency in which consumers use the same usernames and passwords across multiple accounts, and this information can be multiplied many times over in more accounts.
Other scammers have figured out a way to trick payment app users to pay them directly, impersonating friends and entrusted authorities.
On a 2020 Javelin ID Fraud Study, it was found that since 2016, the number of fraud victims tied to P2P payments has increased to 733 percent. This was mostly pushed by P2P’s quick adoption and the capability of fraudsters to seize weak links within the “real-time” P2P payments.
The total cost of ID fraud has risen by $2.2 billion, reaching $16.9 billion in total back in 2019.
How Apps Can Strike Back
The best way to fight back these attacks is by detecting account takeover in its early stages of the criminal activity cycle. It should also begin by validating and authenticating a person’s identity throughout various points of the interaction.
An effective tool that apps can utilize to prevent account takeovers is MFA. It requires app users to enter “secondary validation measures”. This can be in the form of biometric fingerprint scans or emailed security codes. It is all in addition to the traditional password. An authentication method such as this halts criminals, in that, passwords once stolen will be useless on their own.
Payment app users, however, are not off the hook. More ownership of security must take place. The very first strategy that payment app users must implement is improving their “poor password hygiene”. FICO conducted a recent study that showed 37% of bank customers are using separate passwords for different accounts. This poses a tremendous security risk as any data breach using one account can open the door to access other accounts with that same password.
Finally, app users must be cautious about transferring money to strangers and report any suspicious activity to the security team for that app.
Although current times are indeed difficult, one must remain vigilant when conducting any financial transaction online. App users must be more proactive about protecting their accounts. App developers really need to step it up and beef up their security strategies in order to better serve the customers, now and in the future.