Mobile Application and Microtransaction Fraud: What It Is, How to Prevent It
The exponential growth in digital commerce has made it easier and more convenient than ever for consumers to engage with brands.
One way they’re doing this is through mobile applications. While GenZ and millennials are already sold on mobile for their digital commerce, GenX and Baby Boomers are using it more. In our Consumer Behavior Analysis Report, 23% of respondents aged 55 and older reported using mobile devices and apps for their online shopping.
However, the explosion in mobile apps has been accompanied by increased fraud, a sky-high cart abandonment rate, and above-average false decline rates. Additionally, in-app purchase options or microtransactions (commonly seen in gaming apps) offer a wealth of opportunity for fraudsters to create fake accounts and scam valid users.
So, what should ecommerce merchants and gaming companies focus on to reduce losses related to chargebacks, unfinished purchases, and customer dissatisfaction? First, they need to understand how digital commerce and fraudulent trends on these platforms is much different and more complex. They could also benefit from knowing how to implement fraud protection strategies that won’t turn away customers.
Here is what you need to know about mobile applications and microtransactions.
Mobile Applications and Fraud
Back when consumers could only shop on their desktops, the only interface to worry about was a merchant’s web page. Fraud prevention has never been easy, but at least the variables were a bit more limited and somewhat predictable.
In the mobile environment, consumers may still interface with a website using a PWA or progressive web application. But, more often than not, shoppers are connecting through proprietary mobile applications that aren’t necessarily as secure. Fraudsters can wreak havoc by leveraging the trust that generally comes from downloading a mobile application.
Types of Mobile Application Fraud
Aside from traditional payment fraud, there are other types of mobile application fraud:
- Click Injection: Limited to Android systems, this happens when a fraudster injects a trojan virus in one mobile application and it activates in another, giving them unfettered access to customer information.
- In-App Purchase Fraud: This takes place when a fraudster uses stolen credit card information to create an account, after which they level up, loading the account with in-game currency and digital goods. Then, they sell the account online. And the app developer only finds out once the legitimate card holder files a chargeback.
- Device Fraud: This happens as a result of fraudsters using outdated mobile devices to download mobile applications and click enough ads or reviews to make the app seem safe. Consumers then download the app and become victims of fraudulent activities.
- Mobile Payment App Fraud: This happens when a fraudster poses as a company doing some sort of special sweepstakes. Consumers buy chances through non-traceable accounts and end up losing their money.
How to Prevent Mobile Application Fraud
Preventing mobile application fraud is often a team effort, with consumers needing to jump through an extra hoop (or two). The key is to make the mobile app purchasing process as easy as possible while still preventing chargebacks or false declines. Here are some tools you can use.
First and foremost, require consumers to confirm their identity using multifactor authentication. Given how careless people can be when creating passwords, this is especially important. Identify verification is the source of one of the most common types of fraud – CNP or card-not-present fraud. By making purchases contingent on re-entering codes sent via email or SMS, you can stop many fraudsters in their tracks.
AVS and CVV Matching
Another tactic to prevent mobile application fraud is to require AVS and CVV matching.
Keep in mind that this cannot be the only tactic used or you run the risk of generating false declines. Why? Because the likelihood that consumers will mistakenly type the wrong numbers or letters when using their mobile devices is high.
However, when this tactic is used in combination with authentication and other measures, and when users are given an opportunity to retype correctly, merchants and their fraud protection partners can more easily sort out the valid transactions from the fraudulent ones.
AI and Advanced Technology
Today’s fraud prevention and detection providers have a wealth of tools to help merchants identify and evaluate potential fraudulent transactions. Rules-based, AI-driven fraud detection logic can examine geolocation, past user behavior, unique device identification numbers, transaction origin, and other analytics to distinguish between valid and fraudulent transactions.
Another fairly new and related type of fraud that has emerged in the mobile environment involves microtransactions, usually conducted on gaming apps.
Microtransactions and Fraud
Microtransactions involve consumers paying real currency for items or upgrades within any type of mobile application. These in-app purchases have proven to be very profitable for app developers. Whether users are purchasing virtual goods, downloading songs, or upgrading a character’s weapons in an online game, microtransactions generate a massive amount of income: Estimates value their worth at more than $50 billion.
Types of Microtransaction Fraud
Nearly 700 million people play games online across the globe with players in the 18-25 age range spending 77% more time in games. This makes microtransaction fraud in gaming apps a huge payout opportunity for fraudsters. An Arkose Labs Q1 2020 Fraud and Abuse Report showed a 70% increase in fraudulent attacks in online games alone.
Fraudsters scam players in several ways:
iOS Payment System Attacks: A January 2021 study published in Neurocomputing journal explains that “iOS Apps have suffered the attack of fraudulent purchases. Attackers leverage the vulnerabilities in iOS payment system to purchase virtual goods at zero or low cost. More seriously, unscrupulous attackers solicit customers publicly and provide purchasing services, which has caused huge financial loss to business entities.”
Fake Bot Accounts: Fraudsters use bots to create fake accounts. They then apply machine logic to perform well in online games, racking up power and weapons. Those characters are then sold to gamers for large sums and big profits for the fraudsters.
Sweatshop Accounts: If you’ve seen the movie Ready Player One, you are likely familiar with “sixers,” the human workers who were forced to play video games to win challenges. This fraud tactic is similar. Fraudsters create virtual sweatshops with poorly-paid human gamers. They are required to play until they win challenges and amass power and weapons on their accounts … which are then sold to other gamers for high profits.
How to Prevent Microtransaction Fraud
Gaming platforms struggle to fight fraud without compromising user experience because extensive authentication steps can be off-putting for gamers with little to no patience for perceived bureaucracy. If gaming companies create too many hoops to jump through they risk losing of revenue and trust in the game itself.
For this reason, gaming companies will want to apply a sophisticated combination of automated fraud protection and manual review, so cutting-edge fraud technology can flag suspect accounts, passing them along to experienced manual reviewers for the expert analysis and detective work that only humans can do. (That’s how we do it at ClearSale, and is why many of the world’s leading tech companies trust us to protect their ecommerce transactions.)
Implementing these tactics minimizes the impact on real users and the risk of fraud decreases considerably.
Keeping Apps and Microtransactions Fraud-Free
Merchants must be proactive in transactional security, offering customers a multilayered approach that — at a minimum — improves payment security, offers customer identity verification procedures, and stops mobile overlay malware apps.
In addition to these measures, merchants and gaming companies can take additional steps to prevent opportunities for fraudsters.
Bring Data Policies and Procedures Up-to-Date
Compliance, customer privacy, and data security requirements need to change with employees working remotely. Your IT department likely no longer has a full read on the applications being accessed on company devices, which could be putting your systems and your applications at risk for hackers and fraudster intervention. Make sure to review all of your policies that impact company networks and technology to promote the safest environment for your employees and your customers.
Communicate With Customers
Let customers know that you are implementing new tactics to prevent and fight fraud to protect them as much as your organization. This will make it easier to roll out a new security measure that requires a few extra steps. Your customers are more likely to comply and think highly of your company if they know in advance that you have their best interests in mind.
Update/Implement an Omnichannel Fraud Strategy
Your fraud prevention and protection strategy should be a singular wheel with many spokes, which will allow all of your organization’s sales channels to benefit from learnings and trends. You won’t be looking for the same fraudulent practices in every channel or using the same tactics – but your goal of preventing fraud is consistent throughout and your strategy should reflect that.
Partner With a Fraud Prevention and Protection Provider
Mobile application and microtransaction fraud are just the tip of the iceberg as digital commerce matures. Partnering with a solution provider that has industry knowledge and a global view of fraud trends is one of the best ways to prevent fraud.
ClearSale has helped companies all over the world – including those with mobile applications and microtransactions – to prevent fraud and implement protection strategies. We stay up-to-date on all of the factors that impact fraud trends and how consumers feel about them. Our most recent Consumer Behavior Analysis Report is available to download and has a wealth of information to help you develop your fraud prevention and protection strategy. If you would like to know more about how we can help your organization, please reach out.