A Problem Shared: How to Stop the UK’s Rising Cyber Fraud Levels
Posted June 2, 2015
Identity fraud in the UK rose by 5% from 2013 to 2014 and was once again dominated by online criminals, according to the latest stats from non-profit fraud prevention service Cifas. While far from comprehensive, the Fraudscape report is yet another important indicator of the continuing agility, ingenuity and persistence of cyber scammers.
We believe, like Cifas, that the best way of tackling such a foe is by sharing key intelligence and information across sectors, to make sure there’s nowhere for the bad guys to hide.
Up and at ‘em
The inescapable conclusion from this report is that ID fraud is on the up. It occupies the largest chunk of any type of fraud (41%), with nearly 114,000 cases reported last year. And in the first quarter of 2015, the rise was even greater when compared to the same period in 2014 – with the number of recorded victims up 31% to 32,058 cases. Online accounted for more than 80% as cyber scammers continued to hide under the cloak of anonymity provided by the internet.
But if you think that’s bad, it’s not the whole story. The truth is that, although Cifas provides a valuable service, its insight is limited. Its stats are drawn from just 245 members of the body in the UK who have spotted and reported an incident. By contrast, the ThreatMetrix Cybercrime Report: Q1 2015 included all the fraud incidents that our ThreatMetrix® Global Trust Intelligence Network blocked. That fraud engine analysed over six billion transactions over the past two quarters related across nearly 4,000 customers.
As a result, we identified more than 11.4 million fraud incidents in November and December last year.
But Cifas does make a good point of noting the ongoing evolution of identity fraud, claiming that “enhanced security procedures” had managed to cause a 38% reduction in what it calls “facility takeover fraud” from 2013 to 2014. By contrast, account creation fraud is increasingly popular. Cifas claimed 41% of identity theft cases in 2014 were related to cyber criminals creating new credit card accounts, and 27% was linked to them doing the same with new bank accounts.
This chimes somewhat with our Q1 report. Account takeover fraud is still popular among cyber scammers, especially in industries like media, where we found 6.2% of log-ins were high risk. However, account creation fraud is certainly the most popular across all industries. Some 4% of account creation transactions we monitored were flagged as “high risk” – more than that for payments and log-ins.
Share and share alike
Account creation fraud is popular because in many situations it’s a more effective and lucrative way for the scammers to make money. To help them in this endeavour they’re increasingly turning to sophisticated crimeware to hide their true identity. Readily available on underground forums, this has democratised the means to launch convincing fraud campaigns, using VPNs and proxy servers as effective cloaking tools. Also available on the darknet is personally identifiable information – everything a fraudster could need to impersonate you online when setting up a new account.
So what can organisations do to fight back? Getting more comfortable with information sharing would be a good start.
As Cifas notes, 63% of the fraud it detected last year was done so by matching data across sectors. This is one of the main principles that under pins our ThreatMetrix Global Trust Intelligence Network. It’s not just the anti-fraud algorithms which make it so accurate – combining anonymised device, behavioural and identity metrics to work out whether a transaction is legitimate or not. It’s the sheer weight of numbers on our side – 4,000 customers and one billion monthly transactions – which help us pick out patterns across industries and regions.
The result is friction-free fraud prevention that has already reduced fraud in customer organisations by up to 90%.