Payments officials have sensed it for some time, and now the numbers confirm it: Fraud attacks via mobile devices worldwide soared 24% in the first half of this year compared to the same period in 2017, totaling 150 million. In the United States alone, the increase was much worse, fully 44%, according to the Q2 Cybercrime Report released Wednesday by San Jose, Calif.-based ThreatMetrix, a unit of LexisNexis Risk Solutions.
What’s more, bot attacks proliferated in the first half of the year, according to the report, which analyzes data from the company’s Digital Identity Network. These are bits of code that swarm the Internet looking for real customer accounts they can log into with the aid of pilfered credentials. Large retailers are a favorite target, according to the report. Bot attacks totaled 2.6 billion in the first half of the year, with the number jumping 60% in the second quarter from 1 billion in the first.
Here, too, the mobile channel plays a role. Of 1.6 billion bot attacks detected by the network in the second quarter, 70 million came from mobile devices, the report says. Some 170 million originated from mobile devices in the first half.
The rising prominence of mobile is such that smart phones and tablets now account for 58% of all traffic monitored by the network. “Traffic” in this sense includes logins, account creations, and payments. Mobile technology has also become a key means by which sites identify users.
“Mobile is quickly becoming the predominant way people access online goods and services, and as a result organizations need to anticipate that the barrage of mobile attacks will only increase,” warned Alisdair Faulkner, chief identity officer at LexisNexis Risk Solutions, in a statement.
Despite the jump in mobile fraud attacks, though, desktop commerce still generates two-thirds of all detected attacks, the report says. “The good news is that as mobile usage continues to increase, so too does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy,” Faulkner said. “The key point of vulnerability, however, is at the app registration and account creation stage.”
Heightened concerns about mobile fraud led this week to a new standard from the Accredited Standards Committee X9, an Annapolis, Md.-based non-profit that specializes in technical standards for the financial-services industry, governing mobile commerce. The standard applies to device manufacturers, app developers, and financial-services providers.
All told, ThreatMetrix’s network examined 8.3 billion transactions in the second quarter, stopping 151 million attacks, the company says.