The retail industry faces significant challenges in overcoming mobile advertisement fraud and malware. The solution may lie in app defense platforms that help developers build more security around a brand’s mobile app and enhance its security posture.
Appdome’s Mobile App Security Evangelist, Jan Systman, explained that Appdome offers an automation platform to help them do this, as well as implement mobile security features without them having to write code. In essence, it is a software-as-a-service (SaaS) that is used collaboratively by security teams and mobile app teams to automate the security for apps.
It is also a unified platform from which companies and brands can secure users in a holistic manner from cyberthreats, fraud, malware, and bots as well as enforce geo-location compliance. Here, Jan referred to Taylor Swift concert tickets to illustrate how these can be sold to only Singaporeans because the compliance feature ensures customers from other countries would not be able to ‘take away the opportunity’ presented to the local-only audience.
“So, you can restrict geographic locations in your mobile app,” he said while pointing out that this also throws up a hurdle for automated bots that buy these tickets at scale only to sell at inflated prices at the last minute.
Besides the brand having suffered a blow reputation-wise, ‘theft’ would have happened twice in this instance, first against the brand and then against the consumers.
Fighting automation with automation
Alan Bavosa, VP of Security Products, explained that the anti-bot feature of their unified platform solution actually uses “many different methods inside the mobile app to determine legitimate traffic from malicious bots.”
Protection is not a one-trick pony, and the highly transactional retail space has a variety of fraud risks coming from all corners, to consider protection from. A unified platform that is also automated offers visibility and convenience that brands can and should start to welcome into their arsenal of tools for not just security but also the customer experience.
What we’ve seen with brands is that they may start out manually building 17 different security features. But over time, that dwindles down because it is difficult or time-consuming to maintain, or it negatively impacts the user experience… developers basically make a choice and (decide) to no longer put security in the app.
In fact, the automated nature of their platform is why Appdome customers are able to deliver rapid protection and iterate mobilea apps rapidly as well. “It automates the implementation of security, anti-fraud, anti-malware, anti-bot, geo-compliance, and so on, while supporting all the many different frameworks the mobile app is built in,” Alan said.
All this can happen without developers needing to write new code, or change existing code. This is a valuable capability that can keep an organization’s scarcest resources – mobile developers – focused on their main task, instead of manually implementing security.
Best of all, Appdome as one tool in a developer’s toolkit in their tool chain, can help them deliver apps at scale and at a rapid pace.
Jan explained, Developers who touch the app to update it can inadvertently impact its security because of the manual process of re-implementing security that needs to come with it. With the various frameworks to contend with, as well as constantly evolving threats to build protection against, an automated approach seems to be the best approach.
He added, “What we’ve seen with brands is that they may start out manually building 17 different security features. But over time, that dwindles down because it is difficult or time-consuming to maintain, or it negatively impacts the user experience… developers basically make a choice and (decide) to no longer put security in the app.”
Implications and next steps
Retail is particularly vulnerable to fraud. Each brand in this industry has multiple channels that are customer-facing and transactional-based, making them highly attractive for fraudsters to ‘target’.
“Ad fraud is a multi-billion dollar business with tens of billions of dollars at stake, and Appdome has recognized that hackers are increasingly targeting the mobile app because it is currently the weakest link to them.”
The Four Main Types of Mobile Advertisement Fraud
These are usually used in combination and would lead up to the ‘final’ step which is the attribution fraud.
“That’s where the spend is going toward and as brands pour budgets to it and customers are flocking towards mobile apps, required protections are not.” Instead, budgets are focused on web-based apps according to Alan.
The threat landscape is constantly changing and security updates are constant and tracked to be able to protect against evolving attacks.
Jan shared, “Malicious actors will use a combination of threat factors to defraud a brand, then they will try to use bots from a third-party location to attack a specific vulnerability they identified in the app. So, you need to build very, very strong protection against all different types of attacks to your app.
“And on top of that, brands have to do it in such a way that it does not negatively impact the experience of the consumer,” Jan concluded.
A unified and automated approach that addresses fraud risk holistically, could be that invaluable tool for brands that prize consumer experience as well as their own peace of mind