February 20, 2018
February 16, 2018
February 15, 2018
Posted October 24, 2017
Despite being less digitally active than Germany and the United Kingdom, France is experiencing more cyberfraud than its two neighbors. Even though France accounted for 96 percent less transactions than the UK this past quarter, it still suffered 10 percent more fraud, according to data from ThreatMetrix.
This gap between neighbors has grown since 2015, as the UK’s fraud rate fell while France’s grew. Surprising at first, these results make more sense when looking at three factors: users and their behavior on the web, the devices used and the services being accessed.
Having some first-hand knowledge of the French millennial community, I have a pretty strong handle on the reasons behind these fraud trends. The problem appears to lie in how French citizens protect their data on social media.
Understanding the context of cybercrime in France requires taking a look at consumer behavior: what services they use, what are the most popular channels and how they use them.
Last quarter, eCommerce, whose traffic predominately comes from the desktop, represented 75 percent of web transactions in France with a fraud rate of 12.7 percent. Comparatively, the media industry in France has fewer transactions compared to other countries, but has the highest fraud rate (33.7 percent), with mobile accounting for 41 percent of transactions.
At first glance, it would appear that the problem resides in the usage of mobile or the nature of media services. However, the mobile channel might not be the problem as eCommerce has a high fraud rate despite having most of its transactions coming from desktops.
Data from ThreatMetrix shows that, in the UK, 64 percent of web transactions are mobile but the country has 11.2 percent less fraud than France. Furthermore, the media industry in the UK has the lowest fraud rate of all key industries.
So, it would appear as if there is something going on with media and mobile attributes specific to France.
ThreatMetrix observations on cybercrime in the media market in France are confirmed by the CNIL, the French Data Protection Authority. According to the institution, hackers mostly target social media accounts (64 percent) rather than bank accounts (16 percent) to use stolen identity data.
What about mobile? Are mobile transactions in France riskier than those from the desktop? During the past three years, mobile transactions grew by 10 percent while the associated fraud also grew.
So, media is a key industry target and mobile devices are key targets of fraudsters in France. But, it would seem unwise to blame this problem on media services since these organizations do a good job of protecting their users in other regions of the world.
Could the problem be as simple as user behavior? How do French users protect their accounts?
According to the CNIL, French users are displaying careless behaviors on the web. Firstly, users tend to choose obvious and unsafe passwords. As an example, more than half of passwords are a logical suite of numbers, such as “4444”, “7777777” or “123456”, or simple, word-based passwords, such as “qwerty”, “azerty” or “motdepasse” (password in French).
Using a weak password is obviously unsafe, but that’s not the full story. Many French users admit to openly sharing their passwords in a public setting, either orally or by failing to adequately hide their screen from those nearby. Finally, many users admit to not using or properly maintaining threat detection or protection tools on their devices.
But that still doesn’t explain why media is a key target in France. To understand that, we need to identify who uses these services. According to the “blog du moderator,” a key information source for digital professionals in France, the major media sites used in France are Facebook and YouTube, with the average user age being 22.
Media users in France consist mostly of millennials and those of generation Z – two generations that are comfortable with new technologies. This comfort can lead to some careless online behavior when it comes to sharing valuable personal information online. Furthermore, many of these users choose not to invest in effective antivirus software to protect their device, yet still stream and download web content and visit unsafe websites.
All of this makes France a paradise for fraudsters, giving them ample opportunity to spread malware, launch phishing attacks and pull off other nefarious schemes.
The solution to these issues would be to teach users about fraud. Official French institutions, such as the CNIL or the ANSSI (National Information Systems Security Agency), are betting on this method.
Unfortunately, many online behaviors are entrenched, and users can be very stubborn. Yet, web services companies obviously cannot wait for their users to become responsible, and therefore must take appropriate action. And forcing users to create elaborate passwords or complete complex authentication steps creates friction that is unacceptable to today’s digital consumer.
Businesses can succeed by understanding the true digital identity of their connecting users. This would enable organizations to leverage their customers’ information (device, accounts, locations and behavior) and combine it with suspicious behaviors to detect fraud before validating any transaction.
This might just be the solution companies in France need to protect their businesses from cybercrime and to protect their customers from themselves.