September 19, 2017
September 18, 2017
September 15, 2017
Posted August 5, 2016
As the ThreatMetrix Cybercrime Report Q2 2016 shows increasing attacks globally, how do we re-build trust online?
As those of you who follow ThreatMetrix will know, we like to keep everyone updated on the latest and greatest trends we see from our Network through the ever-popular quarterly Cybercrime Report. One of the key themes to emerge from our latest instalment is that of trust – a subject very close to our hearts…
In life, trust is at the heart of our most important relationships. When it comes to the online world of non-face-to-face interactions, it’s no different. Yet it’s getting increasingly difficult for businesses to distinguish trusted customers from those seeking to impersonate them. ThreatMetrix alone stopped 112 million fraud attempts between April and June 2016 – a 50% increase than the same period a year ago. These numbers shows the scale of nefarious online activity that digital businesses have to contend with.
Websites such as peer-to-peer and reviews sites are even more reliant on trust – their whole business model depends on it. But here we’ve seen an uptick in fraud, which if left unchecked threatens to undermine the entire industry.
Fraud keeps rising
Fraudsters today are more sophisticated and determined than they’ve ever been. They employ a range of cloaking mechanisms to stay hidden from traditional fraud detection tools. And thanks to a continued flood of high profile data breaches, they have all the personal details they need to successfully impersonate their victims online. In fact, they can often answer step-up authentication questions more accurately than the real consumer.
Then there’s the rising threat posed by botnets – networks of compromised computers designed to evade rate and security control measures and mimic trusted customer behaviour and login patterns. The fraudsters are learning all the time, tweaking their attacks to circumvent security controls, and in some cases launching distributed attacks to take out targeted firms’ servers completely. The number of bots per quarter seen by ThreatMetrix has risen from 120 million in Q3 2015 to 463 million in Q2 this year – a 50% rise in just three months. And this relentless increase in automated attacks shows no signs in slowing down.
Another alarming trend that the latest Cybercrime Report has revealed is that now one in ten new account registrations are now being rejected as fraudulent. This highlights the relentless use of stolen credentials, with fraudsters in some cases targeting alternative payment platforms and e-lenders in order to sign up for loans using stolen identities.
P2P sites under attack
An area particularly badly hit by the fraudulent new account applications is that of peer-to-peer services and review sites, which were being targeted going into the summer holiday season. Whilst this sort of fraud doesn’t necessarily result in the immediate financial losses associated with attacks on eCommerce payments or financial institutions, these websites are prime example of digital services that are completely dependent on facilitating trust online. When a review site becomes deluged with false reviews, or a user’s annual holiday is put at risk by a fake listing on a P2P property rental site, the vital online bond of trust between customer and website is at risk of being permanently severed. This in turn can have serious implications for the reputation of that site and long-term revenue of the business.
Organisations now have at their disposal the means to assess transactions based on the trustworthiness of the user. ThreatMetrix found that in the financial services sector there was a whopping 9x reduction in transactions flagged as high-risk when a company actively tracks trust of a user, rather than just looking out for fraudulent activity. This trust is established dynamically based on the complex associations between identity credentials, location, threat detection and the devices used.
The drop in the number of transactions flagged to fraud teams, based on a better recognition rate of returning users, leads to significant savings in operational costs by focusing the manual reviews on true high-risk transactions. In addition, actively tracking trust with the positive identification of returning customers means digital channels are able to offer a friction-free online experience to trusted users. Rather than putting in place onerous security controls and step-up challenges to make users prove they are legitimate, todays’ digital businesses need to be welcoming back returning customers with open arms.
But this will only work as part of a digital identity system which creates a unique single view of each customer across various industries, channels and interactions online. That data needs to be compiled and then analysed in real-time to recognise if a user can be trusted or not. And the more data that’s used to compile these digital identities the better. For example, in Q2 we found a 55% increase in the number of transactions rated as “trusted” when device-only data was complemented by other types of digital identity data.
As the bad guys continue to innovate their way past traditional fraud prevention systems, we need to hit back with a next-generation response to re-establish trust online.