đź“Ś Get the latest strategies to protect your revenue in your inbox

What are illegal mobile top-ups and how to combat them?
6 mins

What are illegal mobile top-ups and how to combat them?

Table of Contents:

    The concept of a mobile top-up is simple enough. It incentivizes users to keep using your product by removing the friction of constantly pulling out a credit card when a customer wants to make a transaction. Instead, their account will be pre-loaded with funds to deploy for use at any moment. 

    Mobile top-up is a very popular feature for data service providers, gaming and entertainment companies, and retail stores.

    That said, bad actors can leverage this feature to fraudulently increase the credits in their accounts. 

    In this guide, we’ll show how you, as a business, can combat them.


    • What is a mobile top-up?
    • Common vulnerabilities in mobile top-ups
    • Impact of illegal mobile top-ups
    • Five mitigation strategies for when illegal top-ups have targeted your app
    • How anti-piracy software can protect your mobile app from illegal top-ups

    What is a mobile top-up?

    A mobile top-up is the process of adding credits to an account through your mobile phone. Initially, the term was first used to describe the process of adding more minutes, texts, and data to your prepaid mobile phone plan. 

    Much like topping off your gas tank when it’s running low, mobile top-ups specifically refer to the process of keeping your phone usable until the next business cycle. 

    But the term has since outgrown its initial definition. 

    Today, top-ups cover everything that involves increasing the credits in your account. From telecommunications and gaming to ecommerce and utilities, a variety of industries have begun to leverage mobile top-ups to enhance customer convenience, incentivize transactions and spending, and expand their payment options. 

    Common vulnerabilities in mobile apps that can be exploited for illegal top-ups

    Bad actors have leveraged and exploited the vulnerabilities in some top-up systems to illegally add credit to their accounts. This can be done through credit cards, hacking insecure application interfaces, or circumventing payment integration flaws. 

    Hacking the application programming interface (API) can be a gateway for hackers to top up their accounts.

    Occasionally, bad actors also use regional/geographical pricing to get credits at cheaper prices. Using VPNs, they can spoof their location to a different country and purchase gift cards at 10-20% cheaper than they would have paid. 

    Some third-party top-up organizations are established specifically for this purpose. They exist to defraud applications and charge customers a premium to receive discounted credits to their accounts. 

    A common practice for these organizations is to use a credit card to top up the customer until a certain amount is topped up, then report it to the bank as a chargeback or stolen. They then wait 90 working days after a bank issues a new credit card to use it again. 

    Fraudulent top-ups could also take shape in hackers gaining access to a user’s account, automatically topping up using a credit card on file, and withdrawing the funds into their account.

    Impact of illegal mobile top-ups

    This type of fraud has negatively impacted the reputations of many good businesses. It’s negatively impacted business revenues and positively contributed to over $58bn in revenues globally lost every year to fraud and lack of effective revenue protection

    More specifically, illegal mobile top-ups can impact businesses in the following ways:

    Damage to brand reputation and consumer trust

    Brand reputation is one of any company’s most valuable assets; it’s a subjective asset that’s difficult to quantify. It takes years of consistency and work to build, but it can be tarnished instantly. 

    When companies become the target of illegal top-up activities and fraud, their program’s security is questioned, raising eyebrows regarding the company’s ability to safeguard and protect customer information. 

    Security breaches create negative publicity and a loss of consumer confidence –  because if a third-party organization has the resources to add money into their account, what prevents them from taking money from others?

    Competitors may even capitalize on these incidents to promote their services, claiming that they are more secure than others. 

    For existing users, the discovery that others are gaining unfair advantages through illegal top-ups can lead to frustration and a sense of injustice, especially in competitive or community-driven mobile games.

    Financial losses

    When credits are illegally topped up, the company gains the revenue that would have legitimately been earned otherwise. 

    For example, if a customer wanted to purchase $100 worth of credits but went through a third-party organization that only charged him $90 at an 11% profit, the organization would have only realistically made $80 off the purchase, if any at all. 

    Don’t forget that should fraud happen, following up on such attacks often requires additional resources, be it in time or money. Whether through investigation, meeting with a cybersecurity team to strengthen app security, or public relations efforts to save face, increased operational costs are incurred as a direct result of these actions. 

    Should these vulnerabilities be exploited through data breaches and hacks, legal fees and monetary compensation may come into play. Yahoo’s data breach, for example, cost the organization a $117.5 million settlement for 194 million people. 

    Operational disruptions

    Finally, illegal top-ups can disrupt the operational flows of an organization through service disruption, resource diversion, or downtime for long-term security overhauls.

    Responding to and rectifying the consequences of illegal top-ups means that critical resources must be diverted to address the issue. 

    4 mitigation strategies for when illegal top-ups have targeted your app

    Whether you’re looking to reduce the risk of attack in the future or want to take immediate action on your current situation, we’ve laid out specific action steps for you to follow. 

    Immediate actions

    Here’s a list of immediate actions a business can take if illegal top-ups have targeted them:

    1. Investigate

    Quickly identify the source and nature of the breach. Whether it’s analyzing transaction logs, checking for unauthorized access, or auditing payment processes, take a deep dive into what’s going on and check out all possibilities. 

    This important step should be noticed and timely. Take the time to be thorough in your investigation and leave no stone unturned. 

    2. Contain

    Once you’ve determined the root cause, take immediate and swift action to stop the illegal activity. Whether it’s temporarily suspending the affected service or blocking a suspicious account, don’t be afraid to contain the issue and cut the problem off at its core. 

    In many of these cases, the breach involves financial fraud, so notifying the relevant authorities and reporting this to law enforcement is a necessary step. Start documenting the events as soon as possible and create a detailed account from how you first found out about the fraud to the present.

    3. Inform users

    It’s best practice to be as transparent with your users as possible. Inform those who may have been affected by the illegal top-up, including those who benefitted from them, and have a ready statement on what they can expect from your company in the following days.

    4. Strengthen measures

    Finally, learn from your mistakes and implement stronger security protocols based on the nature of the breach and the areas it affected. 

    Prevention Tips

    Having a set protocol for illegal top-ups and fraudulent activity is great, but it’s always better to be proactive rather than reactive. 

    If you or your developers have detected illegal mobile app top-ups, here are some things you can do to reduce the risks of these events continuing in the future.

    1. User education

    Some users may not be aware that what they’re doing is wrong. Using a VPN for cheaper credits may seem like an intelligent workaround that usually wouldn’t require heavy attention. Even if you purchase from the game company directly through another region, there’s no guarantee of no punishment. 

    In that case, it’s up to the organization to raise awareness amongst users regarding acceptable methods of making a mobile top-up. Communicate and set expectations for what is and isn’t acceptable for account purchases.

    2. Collaboration with payment gateways

    Illegal top-ups and chargebacks affect payment gateways as much as the business. Work collaboratively with payment providers to identify the routines and tell signs of bad actors looking to exploit the system. 

    3. Regular security audits

    Regular security audits for your application’s financial transactions ensure that vulnerabilities are identified and addressed. Businesses often hire cybersecurity teams and use real-time tools to monitor and alert their systems of any unusual activities that could be signs of a breach. 

    How anti-piracy software can protect your mobile app from illegal top-ups

    While Red Points’ Anti-Piracy Solution was primarily designed to prevent piracy and protect intellectual property, features like automated monitoring, rapid infringement identification, and app store protection could indirectly support mobile app security against vulnerabilities that illegal top-up service providers might provide.

    Here’s a more in-depth breakdown of our core functionalities:

    • Automated monitoring: Our automated monitoring features and rapid infringement identification can quickly identify unauthorized usage and reproduction of your assets.
    • Enforce and de-index: Our automatic enforce and de-index features can allow automation rules and delisting for any coupon codes for top-ups that should only be available to a select few.
    • Customized reporting: See the impact of our efforts with customized reports and real-time dashboards that present the detailed results of your anti-piracy coverage.

    By handling these resources for you, you can focus on the fight against illegal top-ups and strengthen the verification systems within your application. 

    What’s next

    Illegal top-ups contribute to global revenue losses to the tune of $58bn dollars yearly from fraud. Shoring up your vulnerabilities and ensuring that malicious actors aren’t exploiting your systems means that your company can focus on providing the best service to the customer. It protects the brand reputation that you’ve spent years building.  If you’re looking for the best way to protect your content from illegal top-ups, book a meeting with our team here at Red Points.


    You may like...

    Easy steps for businesses to protect their mobile finance apps
    How to spot fake apps
    How to report an illegal app
    How to stop software piracy
    Mobile app fraud: A comprehensive guide to protecting your revenue and reputation
    All you need to know about gaming piracy
    What is game cracking and how can brands prevent it?
    What is mod APK and how can you prevent it
    What is piracy in mobile gaming and how can you prevent it?