Digital Transactions Authoritative, insightful and timely information for payments professionals
In the race to attract and retain today’s always-on, mobile-savvy consumer, most companies are developing their own e-commerce apps at a fast and furious pace. But small glitches, and even major mishaps, can occur when app testing is rushed or overlooked altogether, leading to unhappy consumers, lost sales, and a higher risk of the potential for e-commerce fraud.
The rush to launch apps often leads to shortcuts or, worse yet, no testing at all. And when consumers download and use untested apps, they unknowingly open themselves, and the companies providing the apps, to cyber-attacks and payment fraud. According to a 2018 article from The Verge, Google actually removed more than 700,000 bad Android apps from the Google Play Store in 2017 to prevent Android users from downloading them.
However, by understanding three common types of fraud and how app testing can help prevent them, you can better safeguard your business or financial institution and its customers from the dangers that lurk in the underbelly of the app world.
One of the more creative techniques cybercriminals use to target consumers is to modify and repackage genuine mobile apps by inserting or deleting files. This is known as app cloning. For instance, consumers download an app from Google Play or the App Store because it looks real, but they inadvertently end up installing an imposter app with malware. This opens the door for criminals to gain personal information and grants them the ability to siphon money from the consumer.
To prevent app cloning, it’s imperative to test your app against imposter fraud, as well as build in extra levels of security, such as two-factor authentication, in the login process. Teams testing apps should perform due diligence to confirm that no clones exist and continue making regular sweeps of online app stores to ensure imposters don’t suddenly appear.
A second common form of attack is through distributed denial of service (DDoS), in which a hacker attempts to maliciously disrupt normal Web-site or app traffic. This sneak attack causes hardware and software failure to disrupt normal processes. When successful, hackers force IT teams to focus on quickly getting the infected system up and running again while they worm their way in to further compromise the system and gain protected information.
To prevent this type of performance interference, companies must test the speed of typical app transactions. Once a baseline is established, teams should load test and benchmark results across the servers to understand intake capabilities. Later, if a surge occurs, pre-set parameters can act as indicators that if an abnormal uptick in traffic occurs, this could be a signal of an attempted attack.
Finally, a third method of cyber-assault is phishing, a variant of social engineering used by hackers to steal online bank, credit card, and other personal login information. They do this by sending infected e-mails and Web pages to consumers that appear to be legitimate communications from a consumer’s bank or credit card company. Phishing also has major implications for mobile apps that quality-assessment (QA) teams should be aware of during testing.
QA teams also need to know what other types of apps users are downloading. For instance, if a user downloads a malicious app to his or her device, the performance of all apps on the device may be impacted. Even though your app may be safe, app cloning and phishing from other sources will impact your app’s performance.
To prevent phishing, companies must know their consumers and test all the apps they download, since fraudsters can sneak in through third-party apps. Companies and financial institutions can gather consumer app-usage information by conducting focus groups, sending surveys, and purchasing this data.
Although the race to launch branded apps is on, companies often fail to properly test them because it’s not viewed as a priority. However, if you wait to test until after being hacked, the damage will already be done – to your brand and your customers, too. By understanding these three common methods of app attack—the trifecta of trouble—you can ensure measures are in place to keep both company and consumer information safe.
—Angela Culver is chief marketing officer at Mobile Labs, Atlanta.
