Table of Contents:
Last updated on: January 9, 2024
The concept of a mobile top-up is simple enough. It incentivizes users to keep using your product by removing the friction of constantly pulling out a credit card when a customer wants to make a transaction. Instead, their account will be pre-loaded with funds to deploy for use at any moment.
Mobile top-up is a very popular feature for data service providers, gaming and entertainment companies, and retail stores.
That said, bad actors can leverage this feature to fraudulently increase the credits in their accounts.
In this guide, we’ll show how you, as a business, can combat them.
A mobile top-up is the process of adding credits to an account through your mobile phone. Initially, the term was first used to describe the process of adding more minutes, texts, and data to your prepaid mobile phone plan.
Much like topping off your gas tank when it’s running low, mobile top-ups specifically refer to the process of keeping your phone usable until the next business cycle.
But the term has since outgrown its initial definition.
Today, top-ups cover everything that involves increasing the credits in your account. From telecommunications and gaming to ecommerce and utilities, a variety of industries have begun to leverage mobile top-ups to enhance customer convenience, incentivize transactions and spending, and expand their payment options.
Bad actors have leveraged and exploited the vulnerabilities in some top-up systems to illegally add credit to their accounts. This can be done through credit cards, hacking insecure application interfaces, or circumventing payment integration flaws.
Hacking the application programming interface (API) can be a gateway for hackers to top up their accounts.
Occasionally, bad actors also use regional/geographical pricing to get credits at cheaper prices. Using VPNs, they can spoof their location to a different country and purchase gift cards at 10-20% cheaper than they would have paid.
Some third-party top-up organizations are established specifically for this purpose. They exist to defraud applications and charge customers a premium to receive discounted credits to their accounts.
A common practice for these organizations is to use a credit card to top up the customer until a certain amount is topped up, then report it to the bank as a chargeback or stolen. They then wait 90 working days after a bank issues a new credit card to use it again.
Fraudulent top-ups could also take shape in hackers gaining access to a user’s account, automatically topping up using a credit card on file, and withdrawing the funds into their account.
This type of fraud has negatively impacted the reputations of many good businesses. It’s negatively impacted business revenues and positively contributed to over $58bn in revenues globally lost every year to fraud and lack of effective revenue protection.
More specifically, illegal mobile top-ups can impact businesses in the following ways:
Brand reputation is one of any company’s most valuable assets; it’s a subjective asset that’s difficult to quantify. It takes years of consistency and work to build, but it can be tarnished instantly.
When companies become the target of illegal top-up activities and fraud, their program’s security is questioned, raising eyebrows regarding the company’s ability to safeguard and protect customer information.
Security breaches create negative publicity and a loss of consumer confidence – because if a third-party organization has the resources to add money into their account, what prevents them from taking money from others?
Competitors may even capitalize on these incidents to promote their services, claiming that they are more secure than others.
For existing users, the discovery that others are gaining unfair advantages through illegal top-ups can lead to frustration and a sense of injustice, especially in competitive or community-driven mobile games.
When credits are illegally topped up, the company gains the revenue that would have legitimately been earned otherwise.
For example, if a customer wanted to purchase $100 worth of credits but went through a third-party organization that only charged him $90 at an 11% profit, the organization would have only realistically made $80 off the purchase, if any at all.
Don’t forget that should fraud happen, following up on such attacks often requires additional resources, be it in time or money. Whether through investigation, meeting with a cybersecurity team to strengthen app security, or public relations efforts to save face, increased operational costs are incurred as a direct result of these actions.
Should these vulnerabilities be exploited through data breaches and hacks, legal fees and monetary compensation may come into play. Yahoo’s data breach, for example, cost the organization a $117.5 million settlement for 194 million people.
Finally, illegal top-ups can disrupt the operational flows of an organization through service disruption, resource diversion, or downtime for long-term security overhauls.
Responding to and rectifying the consequences of illegal top-ups means that critical resources must be diverted to address the issue.
Whether you’re looking to reduce the risk of attack in the future or want to take immediate action on your current situation, we’ve laid out specific action steps for you to follow.
Here’s a list of immediate actions a business can take if illegal top-ups have targeted them:
Quickly identify the source and nature of the breach. Whether it’s analyzing transaction logs, checking for unauthorized access, or auditing payment processes, take a deep dive into what’s going on and check out all possibilities.
This important step should be noticed and timely. Take the time to be thorough in your investigation and leave no stone unturned.
Once you’ve determined the root cause, take immediate and swift action to stop the illegal activity. Whether it’s temporarily suspending the affected service or blocking a suspicious account, don’t be afraid to contain the issue and cut the problem off at its core.
In many of these cases, the breach involves financial fraud, so notifying the relevant authorities and reporting this to law enforcement is a necessary step. Start documenting the events as soon as possible and create a detailed account from how you first found out about the fraud to the present.
3. Inform users
It’s best practice to be as transparent with your users as possible. Inform those who may have been affected by the illegal top-up, including those who benefitted from them, and have a ready statement on what they can expect from your company in the following days.
4. Strengthen measures
Finally, learn from your mistakes and implement stronger security protocols based on the nature of the breach and the areas it affected.
Having a set protocol for illegal top-ups and fraudulent activity is great, but it’s always better to be proactive rather than reactive.
If you or your developers have detected illegal mobile app top-ups, here are some things you can do to reduce the risks of these events continuing in the future.
1. User education
Some users may not be aware that what they’re doing is wrong. Using a VPN for cheaper credits may seem like an intelligent workaround that usually wouldn’t require heavy attention. Even if you purchase from the game company directly through another region, there’s no guarantee of no punishment.
In that case, it’s up to the organization to raise awareness amongst users regarding acceptable methods of making a mobile top-up. Communicate and set expectations for what is and isn’t acceptable for account purchases.
2. Collaboration with payment gateways
Illegal top-ups and chargebacks affect payment gateways as much as the business. Work collaboratively with payment providers to identify the routines and tell signs of bad actors looking to exploit the system.
3. Regular security audits
Regular security audits for your application’s financial transactions ensure that vulnerabilities are identified and addressed. Businesses often hire cybersecurity teams and use real-time tools to monitor and alert their systems of any unusual activities that could be signs of a breach.
While Red Points’ Anti-Piracy Solution was primarily designed to prevent piracy and protect intellectual property, features like automated monitoring, rapid infringement identification, and app store protection could indirectly support mobile app security against vulnerabilities that illegal top-up service providers might provide.
Here’s a more in-depth breakdown of our core functionalities:
By handling these resources for you, you can focus on the fight against illegal top-ups and strengthen the verification systems within your application.
Illegal top-ups contribute to global revenue losses to the tune of $58bn dollars yearly from fraud. Shoring up your vulnerabilities and ensuring that malicious actors aren’t exploiting your systems means that your company can focus on providing the best service to the customer. It protects the brand reputation that you’ve spent years building. If you’re looking for the best way to protect your content from illegal top-ups, book a meeting with our team here at Red Points.