Online transactions on mobile devices are outpacing those on desktop devices, and fraudsters have taken notice. In fact, iovation recently released research that in the first half of 2019 iovation saw 49% of all risky transactions come from mobile devices, up from 30% in 2018.

To conceal any suspicious activities, cybercriminals have increasingly leveraged mobile emulators to mimic the devices and behaviors of good customers. By using mobile emulators, cybercriminals make it appear as if they are using mobile devices when in fact they aren’t. Furthermore, most legitimate purchases in fact come from mobile devices (61% in the first half of 2019 according to our research).

We’ve just released new capabilities to identify more nuanced device characteristics and behaviors that we can use to better assess whether a device is in fact an emulator. More accurate emulator detection greatly reduces the risk of incorrectly flagging transactions as originating with emulators when they in fact come from good customers using legitimate devices. This means that you can make life easier for your customers while reducing your own risk.

Emulators and Fraud

So, what are mobile emulators and why should they concern you? Emulators are virtualization tools that run on desktop computers. They mimic different types of devices, including Android and iOS devices. They help fraudsters bypass simple device recognition technologies by spoofing a wide range of system and hardware characteristics. Desktop emulators are often used to run scripted attacks such as credential stuffing; increased attempts to log into an account using rotating credential sets is a key clue that an emulator attack is underway. Emulators have valid uses, such as testing apps and websites, however they are not commonly used. Our customers reliably find that heavy emulator activity corresponds to fraud attacks on particular services. On its own, an emulator may not signal bad intentions, but in combination with other factors it is a worthwhile indicator of fraud.

How We Catch Emulators

To assess whether a mobile device is in fact an emulator, we look for telltale signs. There are a number of specific hardware and system variables that we consistently find when we collect device data from emulators. Based on these factors we can determine that an emulator is in use; you can confidently turn away these devices without worrying about getting in your legitimate customers’ way.

Fraudsters are constantly evolving their tactics to look as normal as possible to avoid detection. As more business is transacted on mobile devices, fraudsters are increasingly using mobile emulators to look like your good customers. Our enhanced mobile emulator detection is one more way iovation customers are catching the nefarious tactics of fraudsters while minimizing the friction for good customers caused by false positives.

To find out more about mobile fraud and legitimate transactions trends, check out our infographic.

Mobile Infographic V6