December 5, 2018
November 29, 2018
Posted May 29, 2018
The fact that a new report finds the first quarter of 2018 saw 210 million cyberattacks worldwide—a 62% jump from the same period last year—may not be that surprising.
The fact that there was a record 1 billion bot attacks on top of that is, and it may signal the digital economy has entered a troubling new phase. For one sector in particular, the surge in bot attacks combined with other trends may be enough to set off alarm bells.
According to the Q1 2018 Cybercrime Report from ThreatMetrix, global cyberattack rates saw a predictable lull following the 2017 holiday shopping season. Yet while the average rate of attacks across industries drifted down by roughly 1.7 percent from Q4 highs, attacks against payment processors have actually gone up.
In fact, attack rates on this sector were nearly twice that of the cross-industry average for the quarter. So, what’s going on? Well, let’s just say you can blame it on Rio. Or Hanoi. Or maybe Kiev.
The truth is, advances in digital technology and shifting consumer behavior continue to transform the nature of anytime, anywhere digital commerce for people around the globe.
In particular, the proliferating use of smartphones and an expanding universe of payment options are providing faster, more convenient ways to pay for goods and services.
More than 51 percent of all transactions are now made via mobile devices—a 170 percent increase from Q1 2015. And with consumers looking for goods and services across a global pool of options, roughly half of all payment transactions are cross-border. Unfortunately, all this growth comes with a downside.
Today, fraudsters are capitalizing on the borderless nature of the Internet to monetize an endless stream of stolen identity credentials making its way to every corner of the planet.
While the US and UK continue to generate most of the world’s cyberattacks, new and emerging economies are quickly becoming hotbeds for fraudsters. In fact, Brazil, Vietnam and Russia currently rank among the top 5 originators for new attacks.
The largest attackers tend to target businesses within their own country. But they’re also making incursions into other countries within their region. Collectively, these and other cyberattacks are expected to generate more than $600 billion in losses worldwide this year.
While device spoofing remains the biggest threat for payment processors worldwide, massive armies of bots are clearly gaining traction.
As stolen identity data becomes more readily available, fraudsters are increasingly launching large-scale bot attacks to validate and test list data—and payments processors are prime targets.
The goal: hijack existing accounts with stolen credentials or create new ones. And because so many consumers have started to store card-on-file information in online accounts, one successful attack can lead to many more.
The record level of bot attacks in Q1 offer just one among many reasons overall cross-border payment attacks are nearly 30 percent higher than they are for domestic transactions. Indeed, 820 million of those bot attacks were perpetrated against online retailers both foreign and domestic to the cybercrooks behind them, pointing to perceived weaknesses in that particular industry.
But there’s little doubt bots are increasingly seen as an effective tool in cross-border attacks—including those focused on payment transactions.
Beyond the sheer scale of global attacks, Q1 saw other worrisome developments in the evolution of bots, including:
For payment processors, mitigating the ever-evolving threat from bots and other cyberattacks will be tough going.
Deploy anti-fraud systems that are too cautious, and consumer friction and false declines could drive merchants to competitors. Opt for solutions that are unable to tap global sources of dynamic, digital identity data, and you may fail to get the visibility required to fend off these attacks successfully.
Indeed, finding the sweet spot that helps merchants accept more orders, reduce false declines and curtail chargebacks will be quite the balancing act. But with an estimated $2.3 trillion in digital and mobile transaction revenue in play, merchants and other businesses at the forefront of the digital economy had better hope their payment processors can find it.
To learn more about the threat from bot attacks and other forms of cross-border payments fraud, download a FREE copy of the ThreatMetrix Cybercrime Report for Payment Processors.