Digital Identity is Key as APAC Battles Evolving Cybercrime Trends
Posted March 22, 2019
MIT, the University of Washington, and two dozen other universities in the US, Canada, Southeast Asia, Beijing and around the world are reeling from recent cybercriminal attacks designed to steal research about maritime technology being developed for military use, according to the Wall Street Journal.
Citing defense officials, the WSJ reports these attacks didn’t just include institutions within the APAC region. They also originated here. And the same hacking group believed to be at the center of the scheme has been linked to other attacks that involved breaches at US Navy contractors that may have resulted in the theft of sensitive military information such as submarine missile plans and data.
Whatever the case, the incident puts a spotlight on rapidly evolving cybercrime trends in the greater APAC region—both as a target and originator of increasingly aggressive cyberattacks worldwide. For businesses and public organizations throughout the region, there are signs that digital identity may be critical to addressing them.
A Region at an Inflection Point
With mobile penetration maturing in many regions, APAC reigns supreme as the growth engine for mobile adoption and shows no signs of slowing down.
According to Forrester, the number of mobile subscribers hit 1 billion in 2014, and thanks in part to meteoric growth in China (105% year-on-year), that number is expected to hit 2 billion by the end of this year. Mobile is seen as key to financial inclusion for un- and under-banked populations in the region. And 60% consumers see mobile as their most important shopping tool, according to Forbes.
However, as the digital economy expands here, the dynamics of this diverse mix of cultures and economies is creating an ideal breeding ground for cybercrime both foreign and domestic. Among the current trends our experts are watching:
ATM ‘Cash Out’ Attacks Expected to Climb
Despite the fact that mobile payments users are growing, the region, at least for now, is still dominated by cash. In fact, APAC is home to half of all ATM machines, according to CDO trends. And they’ve increasingly been a major focus of cybercriminal attacks. It was just two years ago when a group of hackers in Japan got away with US$13 million from 14,000 ATMs in just three hours. In many cases, this involves fake card slots connected to card readers, or malware attacks on ATMs themselves. But as stolen identity credentials continue to flood this and other regions, look for increased account takeover (ATO) attacks in which fraudsters simply log into a customer’s bank account, transfer funds, or register their own mobile devices and initiate cardless cash withdrawals at ATMs.
APAC Cybercriminals Automating and Going Global
Intellectual property and state secrets are hardly the only games in town for APAC’s homegrown cybercriminals. Recent attacks on the region’s healthcare organizations have generated numerous headlines, leading to an average US$23.3 million in losses, for instance But it’s retail ecommerce that appears to be a special focus for cybercrime rings. Indeed, the sector was a global target for 2.1 billion automated bot attacks in just the second half of 2018. Today, top bot originators include Malaysia, Indonesia, Vietnam, Japan and South Korea. The risk from these places appears to be growing year-on-year, perhaps indicating the fact that cybercrime is developing into an industry in its own right, serving smaller growth economies with stolen identity credentials and the tools and technologies to monetize them at a global scale. For more details about this read the recent Q&A with Rebekah Moody, Director of Fraud and Identity at ThreatMetrix.
The Identity Imperative
With these and so many other forms of cybercrime, stolen identity credentials are key drivers. Without a way to verify and assess the individual on the other end of a transaction, businesses will find themselves under pressure to implement stronger fraud prevention strategies.
But more times than not, that can create the kind of friction that turns off increasingly empowered consumers with an exploding number of alternatives to choose from. In fact, 50% of consumers will bail on a transaction after even just 10-seconds of additional friction.
As the threat from cybercrime continues to evolve in this region, look for forward thinking organizations to adopt a modern, digital identity-based approach to fraud prevention, identity assessment, and authentication. It’s likely that discerning organizations will seek out solutions that leverage AI, behavioral biometrics along with real-time and historical intelligence on how the customer’s legitimate identity information is being used in other interactions on other sites or apps, everywhere around the world.
Instead of tactically focusing on trying to ferret out “the bad,” this model shifts the emphasis to establishing the “the good” in terms of normative devices and behaviors informed by global-scale intel, so that anomalies become instantly evident.
Speed Without Sacrificing Security
Organizations that have adopted this approach report that they’re now able to achieve a 95.5% identity confirmation rate and efficiently mitigate fraud, without creating additional customer friction. In fact, the momentum behind this security model is so profound, it’s the specific focus of our upcoming Digital Identity Summit in Singapore, April 9-11.
With cybercrime now estimated to produce a staggering US$1.7 trillion in total economic losses in this region each year, let’s hope that whatever approach organizations take can help them continue their upward growth without sacrificing security.
Learn more and register for the upcoming APAC Digital Identity Summit 2019 in Singapore April 9-11 and learn from industry pioneers from Bangkok Bank, Home Credit, Infinitium, Kotak Bank, OCBC, Qudos Bank, Tabcorp, Standard Chartered Bank and Westpac about their cybercrime and fraud fighting journeys.