Johannesburg — A MOBILE payment cyber security specialist has lifted the lid on the business model underpinning the mobile fraud that cost the African continent over US$4 billion (R59,68 billion) last year.
According to Evina, the France-based firm, mobile payment fraud is characterised by illegal transactions conducted at e-commerce stores and completed by cybercriminals who commonly use malware to deprive the unknowing victim of funds via mobile wallets or direct carrier billing (DCB).
The company disclosed there were typically four steps followed by global organised crime when it comes to making money from defrauding cellular users.
The fraudulent customer journey begins when the mobile user downloads what resembles a legitimate app.
Fraudsters conceal malware in several common categories of apps such as wallpaper, flashlight and fitness tracker applications.
The malware takes control of the user's device.
Step two comprises complete control over the user's device, when the fraudster is able to surreptitiously provide consent to any number of checks.
A fraudulent publisher's website is soon visited to click on an advert for a real product. The advertiser is unaware of the fraudulent click.
On the third step, the ad redirects the fraudster to a real merchant's website where a product or service is purchased with the user's money, but without the user's explicit.
Lastly, the fraudster completes the purchase transaction by sending the user's money through a payment gateway.
David Lotfi, Chief Executive Officer of Evina, said mobile transactions had surged in response to the coronavirus (COVID-19) and its associated lockdowns.
"Mobile fraud attempts, too, have grown exponentially, which makes it an even greater priority for MNOs, merchants and payment gateways to protect their business growth and users by partnering with the right mobile anti-fraud specialists."
The Paris-headquartered Evina has operations in 15 African countries, the Middle East and Europe.