Today’s world is inundated with digital systems and platforms, especially since the COVID-19 pandemic facilitated the mass movement towards predominately online services. Payment applications specifically have risen in popularity, revolutionising transactions by offering convenience, speed and ease.
While the benefits of these platforms are innumerable, they are not without their vulnerabilities. One of the most pressing threats to the integrity of these systems is system or platform-based fraud. This type of fraud targets the underlying infrastructure of payment apps, exploiting weaknesses with the aim of infiltrating the account to access sensitive information for financial gain.
According to PwC’s Global Economic Crime and Fraud Survey 2022, platform-based fraud has gone largely unrecognised for years, but now appears more malicious than ever and is only now gaining proper visibility. It’s important to note that this type of fraud can take place across any number of platforms, with deceits continuously growing in sophistication. Nevertheless, the most common motive in platform-based fraud is financial gain, which is why nearly 60% of all incidents occur on financial platforms, according to PwC.
Common Types of System or Platform-Based Fraud
Payment Gateway Attacks
Payment gateways serve a crucial role in online transactions as the intermediaries between a merchant’s website and the financial institutions that process payments. For this reason, payment gateways are attractive targets for cybercriminals. These attacks often exploit vulnerabilities in the payment processing system, allowing attackers to intercept sensitive information such as credit card details.
Bot attacks
A bot attack is a common cyberattack where automated programs or “bots” are used to perform actions that can harm a website or online service. These attacks can take various forms, but they generally involve large volumes of traffic generated by bots to overwhelm systems. In some cases, attackers use stolen usernames and passwords from one service to gain unauthorised access to accounts on another service. Bots also test stolen credit card information by small transactions across multiple sites to identify valid cards.
Bots are dangerous entities as they allow fraudsters to automate their fraudulent activities at scale by mimicking legitimate user behaviours, infecting computers and stealing sensitive information. Bots can damage a platform’s infrastructure and cause lasting financial and reputational damage.
API Exploits
Application Programming Interface (API) exploits are vulnerabilities in application programming that attackers manipulate to gain unauthorised access or control over systems and platforms. These exploits can lead to data breaches, sensitive information leakage, service disruption or unauthorised behaviours.
The impact of platform-based fraud
The effect of platform-based fraud can be devastating for both individuals and businesses. For consumers, falling victim to fraud can result in significant financial losses, identity theft and emotional distress. Businesses that fall prey to platform-based fraud can face legal consequences, reputational damage and customer and financial loss.
Mitigation strategies
Platform-based attacks represent a significant threat to online services, leveraging automated programs to exploit vulnerabilities and disrupt operations. To effectively mitigate the risks associated with this category of fraud, organisations and individuals should adopt a number of precautionary actions.
For individuals
-
Stay sceptical: Stay wary of unsolicited communications, especially if they urge you to divulge sensitive information.
-
Use strong passwords: Employ unique and complex passwords that you regularly change. This makes it more difficult for bots to infiltrate your accounts.
-
Enable two-factor authentication (2FA): Activate 2FA on accounts whenever possible, for an extra layer of security.
-
Stay aware: Educate yourself on any new and emerging threats as cyber tactics evolve quickly.
For businesses
-
Invest in bot detection tools: Implement advanced technologies to identify and block suspicious bot traffic.
-
Set up CAPTCHA challenges: CAPTCHA challenges are tests that help identify whether the user is human to ward off bot infiltrations. CAPTCHA is an effective anti-spam tool that helps protect user privacy.
-
Set limits: Restrict the number of requests from a single IP address. This action helps reduce the likelihood of misuse or system overwhelm.
-
Stay aware: Staying up-to-date with emerging threats is a vital aspect to preserving platform safety, regardless of whether you are a user or business owner.
-
Hire a platform risk management: PwC recommends implementing a C-suite level executive to stay accountable and react proactively to emerging threats.
-
Regular security audits: Conduct frequent audits to ensure optimal cyber safety across the board and adapt defences against new threats.
-
Behavioural analysis: Monitor user behaviour to distinguish between legitimate and fake users.
To conclude
While platform-based fraud is not new, the popularity of platforms and the speed of payments has grown to such an extent that the risk of fraud has increased significantly. To make matters worse, according to PwC’s report, few platform users have a solid understanding of the risks involved. In fact, PwC claims that their surveys show that “too many business leaders, both providers and users, aren’t fully aware of their exposure”.
At MyGuava, your safety and security are our top priority, which is why we employ the latest in security processes and aim to alert and educate both our users and staff on best-emerging threats and best practices.
