3 Ways to Prevent Cybercriminals From Hijacking Your Holiday Mobile Sales

Mobile payments are on the rise among both small and large retailers for ease of use, convenience and faster checkout times. According to data from the ThreatMetrix Global Trust Intelligence Network, nearly one in four transactions on Black Friday and Cyber Monday originated from mobile devices.

As the popularity of mobile payments increases, so does the risk of cybercrime and malware. Mobile malware is expected to more than quadruple in the next year, with an estimated 89,556 new strains of mobile malware by the end of 2013 and an estimated 403,002 new strains in 2014.

With the holiday shopping season in full swing and the number of mobile transactions at an all-time high, retailers must be proactive about mobile security or face significant revenue loss, backlash from customers and degradation in brand trust. Here are three ways to make your mobile transactions more secure:

1. Be aware of risks and common attacks. Fraudsters are constantly finding new ways to circumvent existing security measures in order to steal personal information and engage in malicious activities, such as account takeover, payment fraud and identity spoofing.

To prevent mobile cybercrime, retailers must first understand the top threats and tactics cybercriminals use to target consumers. This holiday season, the three most prominent mobile threats include the following:

• API reverse engineering: After a new user account is created on a mobile device, hackers can backtrack through the app to collect the user's log-in credentials. This is especially harmful if a consumer uses the same log-in information and password across multiple sites and apps.
• App replacement: Fraudsters steal users’ account information by replacing legitimate apps with a modified version that tracks and records user data and activity. With this information, criminals can use or sell customer data for a profit.
• SMS malware: Although many consumers overlook the security threats SMS messages pose, cybercriminals can leverage premium service text messages to distribute malware through spam.

Consumers can protect themselves from these threats by only downloading apps from well-known, credible sources — and they should be aware of what they share within an app. It's a red flag when an app is requesting an uncommon amount of personal information or authorizations, such as permission to send text messages or block calls.

Consumers should also create different logins and passwords for each account, and avoid using obvious phrases or information as passwords.

2. Take a tailored approach to mobile security. Many retailers treat mobile devices as mini desktops and simply standardize security measures for both. Unfortunately, this is a flawed and potentially detrimental approach.

Just as a mobile website shouldn't be an exact replica of the desktop experience, mobile security requires its own set of specialized tactics. This includes implementing advanced device identification tools and ensuring back-end mobile app development processes never jeopardize security for speed-to-market. An effective security strategy will address the risks associated with mobile transactions without compromising user experience.

3. Employ a comprehensive cybersecurity solution. The majority of attacks happen without consumers’ knowledge, which makes it critical for retailers to employ a sophisticated cybersecurity solution that offers comprehensive detection of suspicious and potentially fraudulent activity.

An effective cybersecurity solution should leverage a global repository of fraud data to differentiate between authentic and suspicious mobile transactions and activity. It should also incorporate real-time analytics to evaluate the validity of logins, payments, new account registrations and remote access attempts.

With mobile transactions on the rise this holiday shopping season, retailers must keep security top of mind. By understanding the unique threats cybercrime poses to mobile users and leveraging cutting-edge security technology, retailers can develop a comprehensive mobile strategy that doesn't compromise usability for security or vice versa.

Andreas Baumhof is the chief technology officer of ThreatMetrix, a provider of integrated cybercrime prevention solutions. Andreas can be reached at abaumhof@threatmetrix.com.