March 22, 2018
March 13, 2018
Posted August 30, 2017
According to the Q2 2017 Cybercrime Report from ThreatMetrix, cyberattacks hit an all-time high, at 144 million, from April through June of this year. That’s up 100 percent from 2015, putting worldwide losses from cybercrime on track to top $6 trillion by 2021.
Based on actual attacks detected by the ThreatMetrix Digital Identity Network, the report shines a spotlight on serious threats now aimed at some of the most vibrant new sectors of digital age business.
Indeed, if you want to see the future of fraud, just look in the palm of your hand.
Consumer demand for anytime, anywhere everything has driven a worldwide mobile revolution. Waiting for anything—movies, a bank loan or a quick ride downtown—simply will not stand. Today, the fastest brand almost always wins.
Enter a new breed of killer app-based entrants with names, such as Digit, Uber, Klarna, and Lemonade. Laser-focused on delivering convenience and frictionless user experiences to on-the-go consumers, these digital- and mobile-first innovators are disrupting entire industries.
Fraudsters have taken notice. As the ruthless opportunists they are, these thieves and organized crime rings are always on the prowl for new trends and technologies that can help them monetize billions of stolen identity credentials set loose through large-scale data breaches in recent years.
Their latest prey includes the trailblazing companies behind some of today’s hottest new business models. Among the rising threats:
According to the Q2 report, 54 percent of all transactions in the financial services industry now originate on mobile devices.
But it’s the dramatic surge in mobile account creations—up 141 percent year over year—that’s gaining widespread industry attention. Users are clearly embracing mobile as a full-service banking channel, rather than just a method for checking balances on the go.
That’s where the fraudsters come in.
Thanks to all those stolen identity credentials made available on the dark web—usernames, passwords, PIN codes and more—fraudsters are taking out loans, hijacking banking and e-commerce accounts and setting up fraudulent new ones. In fact, mobile account creation fraud is up 30 percent in just 90 days.
In particular, fraudsters are using stolen credentials to target new and emerging FinTech providers that can lack some of the hardened defenses deployed by more established institutions.
One the ploys gaining momentum is loan stacking, in which fraudsters use bot attacks to test stolen credentials and take out multiple loans in quick succession before the increased debt load can be reflected on credit reports, which would tip off e-lenders.
Meanwhile, other scammers use one fraudulent loan to pay off another, until they reach the maximum amount and default, creating a financial house of cards that can cause catastrophic damage long before begin discovered.
One digital-first sub-industry that’s also under heavy fire is the shopping loan providers who offer instant loans of up to $10,000 to unbanked or underbanked consumers so they can purchase items from online retailers.
With Millennials actively resisting credit cards, 47 percent say they’d prefer the option to use such loans to finance their own online purchases, propelling meteoric growth in this category.
But according to Q2 data, device and identity spoofing attacks are particularly prevalent in this space, as fraudsters seek to dupe unsuspecting businesses into believing they’re legitimate, trusted customers.
To top it all off, last quarter saw an all-new high in credential-testing bot attacks on these lenders, suggesting heightened risk ahead.
Among the most prominent disruptors in their space, ridesharing firms, such as Uber, Lyft, Sidecar, Ola (India) and Didi (China) are also under assault.
It’s no wonder. A truly mobile-first industry, ridesharing swelled 63 percent in 2016 by simplifying access to cheap and simple transportation for an on-the-go customer base. In the U.S. alone, ridesharing revenue is expected to double to more than $70 billion by 2021.
Not surprisingly, an increasing number of fraudsters use ridesharing apps to exploit stolen credentials in new ways. This includes taking trips using stolen credit cards, contributing to a 160-percent increase in the number of payment transactions rejected due to suspected fraud across all industries during the past year.
Some cyberthieves set up fraudulent driver accounts and proceed to take their victims for a proverbial ride, charging their credit cards fraudulently. Still others leverage ridesharing business models to create fake customer accounts and launder money through rides or even false insurance claims.
It’s about to get worse. This month, reports have surfaced that cybercriminal rings are deploying a new version of Faketoken malware to target ridesharing apps to steal banking credentials.
Stopping these and other threats gets harder by the day. Traditional authentication systems that rely on usernames and passwords are increasingly useless against thieves and cybercrime rings using stolen identity credentials.
To fight back, a growing number of businesses have been utilizing risk-based authentication (RBA).
Instead of relying solely on login credentials to verify users, RBA solutions analyze the context behind a login or transaction, providing a risk profile for each user and only requiring additional verification in high-risk situations. By leveraging digital identity intelligence, legitimate users are recognized in real time and rewarded with the fast, frictionless experience today’s mobile consumer demands. Fraudsters get blocked—even if they’re using legitimate credentials.
One leading FinTech company was able to accurately spot fraudsters using stolen and spoofed identities, dramatically reducing losses and safeguarding long-term revenue.
Of course, whether it’ll be enough to keep the digital frontier safe for innovative new business models remains to be seen.
To learn about the latest cybercrime trends and the impact on emerging digital business models, download the Q2 2017 Cybercrime Report.