November 14, 2017
Will Online Fraud Give Firms a Torrid Time in 2016?
Posted February 10, 2016
The ‘digital first’ economy went from strength to strength in 2015, helping transform the way we all do business. But latest analysis of fraud attacks shows that alongside these huge benefits, more and more firms have ended up losing money and customer trust thanks to cybercriminals. The truth is that the bad guys have become very good at hiding under a digital cloak of anonymity. And not enough firms have developed the right tools to unmask them.
ThreatMetrix stopped over 21 million fraud attacks against financial services customers in Q4, a 40% increase on the previous year. And we blocked even more attacks against online retailers – around 58 million – as holiday season fraud attempts spiked. The fraudsters are combining breached data and automated botnet technology to worryingly good effect. As our latest quarterly ThreatMetrix Cybercrime Report shows, firms that don’t adopt a next generation approach to fraud prevention could be in line to lose billions this coming year.
New year, new threats
Digitization is bringing huge benefits to all sorts of businesses all over the world. In fact, it’s more than likely that your organisation has become more agile, responsive and consumer-centric as a result. But as more consumers move online, so do the cybercriminals. What’s more, increasing numbers now expect to be able to interact with online businesses seamlessly via any connected device. Mobile-based commerce represented a third (34%) of transactions in 2015 – a 200% increase over 2014. Again this can give fraudsters new opportunities to exploit.
What was most notable about the last quarter was the volume of highly organised multi-channel attacks against financial institutions and online lenders. Botnets represent a growing threat – not just to this sector but all businesses. By using these networks of compromised computers, cybercriminals can inundate online systems with fraudulent transactions – bypassing traditional defenses by mimicking trusted user behavior. ThreatMetrix detected 230 million bot attacks during the quarter as fraudsters looked to launch huge identity verification attacks designed to try and access customer accounts.
Adding to the challenge for fraud managers is the huge volume of breached identities readily available for the bad guys to pick up off the dark web and use in their scams. Device and identity spoofing tools make it even more difficult to tell the cybercriminal from the trusted user.
As always, this latest ThreatMetrix Cybercrime Report is based on actual cybercrime attacks detected by the ThreatMetrix Digital Identity Network during real time analysis of fraudulent online payments, logins and new account applications. We stopped 100 million attacks in Q4, an 80% increase over Q4 2014. However, even though we analysed over 15 billion transactions last year, this figure is still likely to represent just the tip of the iceberg when it comes to online fraud.
So what’s to be done?
We can see that the scammers are increasingly looking to pick up and stitch together identity information to use in account creation fraud, rather than attempt individual transaction attacks. This is because they’ve a better chance of flying under the radar of static identity assessment tools. To combat this and the use of bots, device spoofing and other advanced tools and techniques, organisations must also look to new approaches.
The only way to stay on top of the growing menace of online fraud is through platforms like the Digital Identity Network. It analyses the connections between device, location and anonymised personal information as users transact to build up a unique trusted digital identity that fraudsters can’t replicate. With this information, organisations can have their cake and eat it – tapping into the online business revolution whilst reducing fraud, improving customer engagement and minimizing friction.