Mobile traffic is growing and so are the attacks targeting smartphones.
Based on the 2016 Adobe Digital Insights Holiday Recap report, last year Cyber Monday generated $3.5 billion dollars in the US, most of which came from desktop transactions. The online traffic also increased by 155%, making it the biggest day in the history of US eCommerce.
The mobile channel is also gaining momentum at a similar pace. Last year 41% of all Cyber Monday traffic came from smartphones, the highest percentage ever, and this mobile traffic kept growing in the following days. The report also shows that people are using mobile phones not just to browse products but to checkout and transact as well; 21% of overall sales were from mobile devices.
In an attempt to continue this trend, mobile apps (such as from Amazon or eBay) and mobile-friendly payment options have been made available to make the checkout process smoother. But of course, more payment channels and transaction options mean more opportunities to commit online fraud. For some companies, mobile traffic has been an afterthought and hackers have taken advantage of that.
McAfee labs detected 1.5 million new incidents of mobile malware in the first quarter of 2017 alone. Malware is commonly hidden inside apps that users download from the internet and, once installed, the hacker can control the device and use it as part of a bot attack. In the first quarter of 2017, 13% of smartphones were infected with some form of malware – Mirai was at the top of the most used malware. Our NuData analysts have also found that 11.18% of our high-risk traffic comes from mobile phones, and it tends to increase towards the holidays.
It is expected that eCommerce companies will see a spike in mobile traffic during Cyber Monday. The masses of legitimate online users will be the perfect hiding spot for hackers, who have been patiently waiting to deploy all their tricks, and profit at your expense. Or at your customer’s expense, which, after they find the fraudulent purchase and request a chargeback, will become your expense.
Hackers are – sometimes – easy to spot; they will use the correct account credentials but will make a purchase from a different part of the world, or ship the goods to a new address, for instance. These are signs of potential account takeover but on high-traffic days they go unnoticed.
Merchants need to be extra vigilant about anomalous transactions that come from mobile devices as these can be infected with malware and thus be part of a bigger bot attack.
We know how important it is to maintain the growing mobile conversion rate, which is already at a historic high of 1.65%, based on the Adobe report.
To keep this rate growing without opening the door to fraud, it is important to have a multi-layered integrated defense that includes passive behavioral biometrics. This gives vendors an accurate picture of who the person behind the device is. Even if the personal information entered on the phone by a hacker or bot is correct, behavioral biometric layers can accurately determine if your buyer is legitimate or not.
Black Friday and Cyber Monday weekend are set to be one of the biggest weekends of the year for eCommerce companies. Make sure you include the mobile channel in your cybersecurity strategy so you don’t lose your profit to chargebacks or worse get a Cyber Monday gift of brand damage and the loss of lifetime customers.
Related to this post: Five Tips for National Cyber Security Awareness Month
Want to learn more about biometric authentication? Download our co-sponsored Aite Group report, Biometrics: The Time Has Come.
Want to read more posts like this? See our full blog here.