“ThreatMetrix Cybercrime Report: Q1 2015” Out. Has Cybercrime Surging in Wake of Data Breaches.
Posted May 6, 2015
Analyzing More than 6 Billion Transactions Over Q4 2014 and Q1 2015, ThreatMetrix’s Digital Identity Network Shows Cybercrime Up
From Q4 2014 through Q1 2015, the ThreatMetrix® Digital Identity Network analyzed more than 6 billion transactions in real time. Almost a third had originated from mobile devices. Protecting more than 250 million active user accounts across 3,000 customers and 15,000 websites, the ThreatMetrix Digital Identity Network is able to analyze customer transactions across industries and provide an insight into legitimate end-customers’ “digital identities” — even as they move between applications, devices and networks. In addition, it highlights representative key market trends.
Just out: the “ThreatMetrix Cybercrime Report: Q1 2015”
The report is based on cyberattacks that the ThreatMetrix Digital Identity Network detected and interdicted. Among them were fraudulent online payments, logins and new account registrations.
Report shows attacks on business trending upward with more cloaking
Using improved cybercrimeware and data stolen during breaches, cybercriminals are attacking businesses as never before. And, the ThreatMetrix Digital Identity Network is seeing more and more cloaked traffic, i.e., traffic with users’ identity masked. This is especially true for new account creations where criminals use stolen identities. With more mobile users doing transactions on their devices, device spoofing is becoming the most popular attack vector.
Strong growth in online and mobile commerce along with fraud
The report highlights the trends in the 2014 holiday shopping season. This was a period of record online transactions and an unprecedented number of attacks directly associated with data breaches. Impersonation/spooﬁng attacks are now the most common threat.
ThreatMetrix® identified more than 11.4 million fraud attempts during peak holiday shopping and the “ThreatMetrix Cybercrime Report: Q1 2015” is the first of its kind to analyze how stolen and compromised identities are used for cybercrime.
Trust: essential for customer loyalty
e-Commerce merchants had a spike in account login transactions as customers revisited retailers to check out products and deals and to make purchases. While new account creation rates were lower than other transaction types, they were twice as likely to be fraudulent, the result of stolen identities in the wild from massive breaches.
e-Commerce transaction percentages and risks:
- One percent of transactions were account creation, with 6.7 percent high risk
- 80 percent of transactions were account logins, with 2 percent high risk
- 19 percent of transactions were payments, with 2.6 percent high risk
Vanita Pandey, ThreatMetrix senior director, strategy and product marketing, on account takeover and identity spoofing
“In the wake of recent data breaches, customers’ digital debris is floating in the cyberworld for fraudsters to compromise, making accurate insight into digital identities of the utmost importance for businesses, especially in the e-commerce industry.
“ThreatMetrix data shows an upswing in account takeover and identity spoofing attacks following recent massive data breaches. While guest checkouts previously represented the highest risk, due to the breadth of digital debris at cybercriminals’ fingertips, fraudsters are much more likely to use a stolen username and password combination than to use compromised credit card information, which has a shorter life span. As the volume of e-commerce transactions increase, it gives cybercriminals more places to poke and exploit. Retailers need to leverage a digital identity network to get a comprehensive view of customers to accurately differentiate between trusted and fraudulent transactions.”
Cybercrime surges across all transaction types in the financial services industry
In addition to e-commerce, the “ThreatMetrix Cybercrime Report: Q1 2015” examines financial services transactions and authentication attempts. While online banking authentication transactions continue to dominate the financial services industry, payment transactions increased during this period. This was driven by the increasing adoption of alternate payment methods and bankcard authentication solutions, and an increase in online money gifting during the holiday season. The impact of breaches and consumer credentials in the wild is more evident in the financial services industry, with a substantial increase in fraud rates across all transaction types.
Financial services transactions consist of the following percentages and risks:
- One percent of transactions were account creation, with 2 percent high risk
- 76 percent of transactions were account logins, with 2.6 percent high risk
- 23 percent of transactions were payments, with 3.2 percent high risk
Pandey on cybercriminals’ growing sophistication
“On the backs of major data breaches, we’re seeing a trend in cybercriminals using more sophisticated, automated crimeware tools that are deliberately targeting first generation device identification and authentication solutions used by most financial institutions.
“Fraudsters are shifting from exploiting hardware and software to exploiting people – taking bits and pieces of their digital identities that have been compromised through breaches, and attempting to make transactions disguised as those individuals. As cybercriminals move to exploit financial institutions, those businesses need a more sophisticated view of their users. They need to look at their customers’ behaviors, devices and identities as a whole – the ultimate behavioral biometric.”
Preparing for new challenges means global shared intelligence
In both the e-commerce and financial services industries, businesses must prepare for the growth of new in-store technologies such as Europay-MasterCard-Visa (EMV) and Apple Pay with the wide adoption of the Apple Watch and other connected devices (IoT). As these technologies cut down point-of-sale fraud, attacks will move to the online channel. Global shared intelligence will be crucial as businesses prepare for the 2015 holiday season.
Media industry continues to see highest percentage of high-risk transactions
Analysis of transactions from social media, content streaming and online dating websites, shows a strong growth in payment transactions through media organizations while overall fraud levels continue to be higher than other industries. Illegal access to content outside of approved geographies, combined with spamming and fraudulent bot-driven account creation, represent the key drivers of fraud in the media space.
Broken down, media consists of the following percentages and risks:
- 22 percent of transactions were account creation, with 3.8 percent high risk
- 26 percent of transactions were account logins, with 6.2 percent high risk
- 52 percent of transactions were payments, with 4 percent high risk
Pandey on fraud the media industry
“From a fraudster’s perspective, social media is the gas station of the connected world. It provides a quick and easy way to assess the validity of a stolen credit card or credentials. The media industry has the highest incidence rate of high-risk transactions due to the low authentication threshold – often only consisting of a username and password combination. These identities are easily compromised, especially following a significant number of data breaches, as many people use the same login credentials across websites.”
Use of more mobile devices means more mobile attacks
More and more consumers are using mobile phones, tablets and connected devices (such as the Apple Watch) to access content, make purchases, conduct banking transactions and pay bills.
ThreatMetrix, which analyzes mobile transactions from more than 200 countries and territories across the globe, finds consumers from emerging economies conducting a much higher percentage of transactions using mobile devices. The report found that growth in mobile brought more mobile attacks, with spoofing being most prevalent. However, the attack volumes are still lower than desktop because mobile devices are not conducive to massive fraud attacks.
Pandey on mobile
“While desktop fraud still dominates, as mobile usage continues to grow, especially in emerging markets, the channel will eventually see new, sophisticated criminals targeting mobile transactions. With businesses focused on lowering consumer friction on mobile, fraudsters are increasingly targeting mobile platforms and devices to spoof identities. Businesses need to be prepared for an uptick in spoofing attacks as mobile continues to grow.”
Device spoofing remains top attack vector
Based on activity across industries for both mobile and desktop, the report also identified top attacks by transaction type. It found that spoofing, such as IP address, geolocation, identity and device spoofing is the most common attack type across all transaction attempts. More than 6 percent of attacks are from spoofed devices.
Cybercriminals are well funded and sophisticated and share information
Cybercrime continues to be a well-funded, organized business with sophisticated technology and strong knowledge sharing across organized crime rings, nation states, and decentralized cybergangs. Recent massive data breaches have resulted in an increase in attacks targeted towards businesses across all regions and industries. Cybercriminals continue to share information as well as develop tools that will help bypass the first generation fraud prevention solutions.
Using shared intelligence to fight crime: the ThreatMetrix Digital Identity Network
The only effective solution for businesses is to share information about fraud trends across their customer bases to stop cybercriminals in their tracks. ThreatMetrix delivers advanced fraud protection, frictionless authentication, and customer protection through a real-time collective response using intelligence gathered from billions of transactions in the ThreatMetrix Digital Identity Network.
To learn more, download the “ThreatMetrix Cybercrime Report: Q1 2015” eBook