Cybercrime in Latin America on the Rise
Posted March 27, 2019
The digital economy is alive and well in Latin America. But it’s also increasingly a target—especially when it comes to online and mobile cyberattacks against banking, eCommerce, and media.
According to our new H2 2018 Cybercrime Report, fraudsters are exploiting the ever-increasing availability of stolen identity credentials for monetary gain, as consumers throughout this region continue to embrace businesses operating in digital channels. As a result, LATAM is becoming a hotbed for identity fraud.
Across industries, 1 in every 5 new account creations is now fraudulent, compared to a global average of 12.2%. The risk associated with payments fraud is even higher, accounting for 57% of all cyberattacks. That’s a growth rate of 18% since 2017. In mobile channels, attack rates are up as much as 52%.
With total cybercrime losses in LATAM now as high as $90 billion per year, threats are rapidly multiplying—propelled by a digital revolution that shows no signs of slowing down.
As mature markets in the US and Western Europe grow at a more measured pace, Latin America’s diverse mix of growing economies is enjoying a digital boom. Spanning 26 countries, LATAM accounts for 10% of the world’s population and 8% of the world’s GDP. As TechCrunch reports, that’s two times the GDP of India, and half that of China.
What’s more, the region has some 375 million Internet users, along with 250 million smartphone subscribers, eclipsing that of the US—with plenty more growth to be had. In fact, Brazil by itself has the fourth largest base of Internet users in the world, and 87 million mobile users of its own.
Digital business in the region is growing just as fast. Retail eCommerce in the region hit $53 billion in 2018, led by Argentina’s MercadoLibre and Brazil’s B2W. And with 12% growth in mobile payments in just the last six months of 2018, the region has seen an influx of mobile-first banking and payments fintechs. In turn, the explosion in mobile banking options is helping to drive financial inclusion for the 70% of consumers in the region who do not have a bank account.
Unfortunately, cybercriminals see plenty of opportunity, too.
The fact is, LATAM is now front and center in the fight against fraud. Thanks to the global circulation of stolen identity credentials into this region, cybercriminal activity is rising fast—especially the use of stolen and forged identities to create fake user accounts.
In retail eCommerce, for instance, nearly 1 in 3 new account creations is fraudulent. And while attacks on mobile payments in the region have grown just 3% overall, they’ve surged 11% in Brazil, suggesting fraudsters may see the emerging mobile market in eCommerce as a growing target.
Financial services transactions are the most likely to be attacked in this region. During H2 2018, the attack rate on new bank account creations shot up 105%, rising to 118% for mobile. Meanwhile, the attack rate on account logins has increased 172%, and 118% for mobile-only logins.
Fraudsters clearly understand the growing importance of the mobile channel to consumers throughout the region. Across all industries and use cases, attacks on mobile transactions now rank among the highest anywhere, at 8.9%.
Brazil Now the #4 Top Originator of Attacks
Globally, cybercrime continues to be a growth industry unto itself, with increasingly well-organized operations and regional outposts in emerging economies.
While the US, UK and other European nations have long been the points of origin for most of the world’s cyberattacks, the last two years have seen a noticeable shift toward growth economies. That includes Brazil, which now ranks #4 in countries-of-origin for attacks—behind only the US, Canada and Germany.
As with their counterparts in other countries, fraudsters in Brazil tend to target businesses domestically, as well as in neighboring nations. But increasingly, they’re going further afield. In fact, the top outside attack destinations for Brazil-based cybercriminals are the US, Argentina, the UK, and Colombia.
Approaches: Increasingly Automated—and Outrageous
While the region’s cyberthieves launch their fair share of human-initiated attacks, Brazil has emerged as a top originator for bot attacks, mostly targeting eCommerce. These high-volume, automated assaults attempt to use stolen identity credentials to break into user accounts.
And while social media platforms and content streaming services have long been used to pre-test these credentials, fraudsters appear to be moving on to other, more vulnerable targets. During the latter half of 2018, ThreatMetrix identified a large number of attacks targeting several global charities. These attacks were emanating from Brazil, Mexico and the Dominican Republic.
The fact is, cybercriminals often target charities in the knowledge that such organizations typically have modest security requirements and offer a perfect testbed for validating stolen credit card information before making bigger purchases or payments elsewhere.
Identity: More Important Than Ever
As it stands now, the proliferation of stolen identity credentials will continue to fuel a growing number of cyberattacks throughout Latin America. Yet today, it’s unclear how many organizations have adopted the kind of modern, digital identity-based user verification and assessment technologies needed to detect the use of these credentials and block attacks in real time.
Whatever their number, here’s hoping more organizations join their ranks. With this region’s digital economy only gaining speed, it’s safe to say we’d all like to hit the brakes on cybercriminals.
To learn more about cybercrime trends in Latin America and around the world, download a copy of the H2 2018 Cybercrime Report from ThreatMetrix.