A story in the news recently detailed how users of McDonald’s mobile app across Canada have been suffering from account takeovers via fraudsters based in Montreal, Quebec.
The fraudsters were able to breach personal data and in some cases, thousands of dollars worth of food was being charged to unwitting customers’ credit cards. These victims are left to take up the issue with their credit card provider and ultimately it’s likely McDonald’s who’ll lose out as chargebacks are filed.
This raises a question – as more businesses launch online or in-app purchasing – is this form of account takeover fraud going to become more popular?
The short answer is Yes.
It’s not just McDonald’s customers who have fallen victim to this fraud tactic. Other food providers’ apps and a broad range of other e-commerce businesses have been affected. In 2018, account takeovers resulted in $5.1Bn in losses for merchants, powered by huge data breaches in recent years.
Fortunately, GeoGuard has a viable solution to combat these types of takeovers, based on an analysis of the location data and the device’s characteristics. By recording where the customer was and what device they were using when they setup the account, and then by analyzing that data for any subsequent legitimate transactions, fraudulent orders can be detected in a matter of minutes. Orders and accounts can safely be frozen, and the damage heavily limited.
In the majority of cases, apps are already capturing the location data that’s required to effectively screen for account takeovers. Research by Symantec found that, of the top 100 apps, 45% ask for location services. Customers are typically prompted to allow location services for operational reasons – displaying nearby restaurants or coordinating delivery. However this type of location data itself is susceptible to fraud. With over half a decade of experience analyzing geolocation transactions, GeoGuard’s Real-Time and Historic Risk Engines are capable of detecting, identifying and analyzing all forms of spoofed location attempts.
GeoGuard is currently working with fraud prevention providers to integrate this advanced capability into their risk engines in a way that is frictionless to the legitimate end user. If you’d like to learn more, please contact us at firstname.lastname@example.org and we’d be happy to provide more details.