Fraud attacks involving rogue mobile applications jumped nearly 300% in the first quarter from the preceding quarter, and fraudulent card-not-present transactions rose 17%, fraud-control services provider RSA Security says in a new report.
Bedford, Mass.-based RSA says it flagged 41,313 attacks from rogue apps compared with 10,390 in 2018’s fourth quarter. Heidi Bleau, manager at RSA Fraud & Risk Intelligence Solutions unit, tells Digital Transactions News that such apps spoof all types of brands, including financial ones.
“Fraudsters continue to expand the number of stores where they place their rogue apps as well as the number of apps in general,” Bleau says by email. “It’s one of the fastest-growing attack vectors. It is an unintended risk of expanding to the mobile channel that very few organizations are aware of.”
In a March report, RSA highlighted a recent version of malicious mobile software dubbed BankBot Anubis II. “BankBot first appeared in early 2017 and is one of many mobile-malware variants that has continued to make its way into popular app stores disguised as anything from a legitimate banking or shopping app to weather apps,” that report says. “BankBot Anubis malware provides an attacker full control over the infected device to spy on victims, steal their sensitive information, encrypt the device file system and demand ransom for its decryption.”
RSA obtained data for the report released Wednesday from transactions and confirmed fraud among the more than 3,000 organizations globally that use its risk-based authentication services to prevent fraud and unauthorized account access across online and mobile channels. Clients include financial firms, retailers, insurers, health-care providers, and government.
The report notes how the mobile channel is playing a key role in the growth of online fraud. Not only did CNP fraud rise by 17% from the fourth quarter to this year’s first, but 56% of the fraudulent transactions originated from mobile devices.
Regarding higher online fraud in general, Bleau says the first-quarter increase “can most likely be attributed to fraud transactions that occurred during the holiday-shopping season. It can take weeks or months for fraud transactions to be fully investigated between a retailer and financial institution.”
Some 680,000 CNP transactions among a subset of clients were flagged as fraudulent in the first quarter, an RSA spokesperson says, declining to give further details. The average value of a fraudulent U.S. CNP transaction was $403, nearly double the $213 average value of a legitimate CNP purchase, according to RSA.
Meanwhile, RSA said it recovered 14.2 million unique, compromised payment card numbers in the first quarter, up 33% from the fourth quarter. Bleau says RSA found them in fraudster-controlled sites on the Dark Web.
“We only monitor on behalf of our customers,” she says. “There are likely tens of millions of other cards in the Dark Web for sale that go undetected.”
Bleau adds that various forces are driving the increase in stolen card credentials for sale. “One of the major reasons is that card-not-present fraud is growing as card-present fraud is becoming more difficult due to EMV chip cards,” she says. EMV chip cards are much harder to counterfeit than the magnetic-stripe cards they’ve replaced, which has caused fraudsters to concentrate more on online criminal opportunities in the past few years.