January 10, 2019
Stop Payment Fraud, Not Customers
The cybercrime prevention trend is shifting to a solution that is actually pretty staggering when you look at global digital identity.
First there are over a million cybercrime victims per day and 12 people every second who fall prey to cybercrime attacks. Most of these cyberattacks are primarily aimed at banking and commerce customers. It is clearly easier to attack a business indirectly through its customers, rather than directly. Unfortunately the numbers are going in the wrong direction. It is a shocking number when you think about the change we’re probably going to see in the near future.
As the US shifts over to EMV based credit cards, cyber crime will probably stay at the same level, as the number of transactions from card not present are increasing while point-of-sale purchases decline.
We’re seeing some indications of how the bad guys are using stolen credit card information and most recently there’s been some reports that apple iPhones have been engaged in the use of fraudulent credit cards, actually buying apple equipment in apple stores!
Cybercrime rings orchestrate these threats. You have to realize that we’re up against a global crime presence that in many cases is decentralized and loosely connected, working almost like independent cyber gangs coming together for targeted operations. Take the debit card shop operation in New York City, a few years back, where thieves from more than two dozen countries acting in close coordination with almost military-like precision stole $45 million from thousands of ATMs in a matter of hours. Most recently the attack in Eastern Europe where banks were attacked from numerous geographies and the bad guys ended up stealing anywhere from $300 million to $1 billion. Or more traditional gangs like the Russian ones that have amassed the largest known collection of stolen Internet credentials. Including one with more than 500 million addresses. Most recently the credit card breach at The Home Depot and Target Stores have been in the the news lately.
The Cybercrime Industrial Complex
These crime organizations have created business models that can be best described as the cybercrime industrial complex with vendors providing any number of tools and services ranging from distribution of personal information and stolen credit card data that it guarantees.
They all start with a multitude of technologies and techniques, from the use of malware, social engineering, phishing to find vulnerabilities for data breach that are straight out of the headlines as indicated by JP Morgan Chase, Home Depot and the IRS to name a few. As reported by the identity theft Resource Center that almost 720 breaches last year containing more than 2 million records were quickly sold on the underground. Some personal information is very private. Data was stolen from healthcare providers like Anthem and Phoenix Services. Email and password combinations that were stolen from Adobe, AOL, eBay and Google are bound to piece together identities of many. Forms of multi-channel fraud have taken a bit of a back seat lately but with the focus on these data breaches and with a growth rate that’s more than doubling every year it won’t be long before it makes its come back.
Now that variants are detected in the hundreds of thousands per day that’s a targeted way to collect personal data and even more creative by tricking customers when they log on to a bank account or accounts to transfer money to “mule” accounts in response to phishing emails and other messages. The attacks are all about tricking people into divulging credentials for spam email campaigns or targeted phishing to high value individuals luring the users to counterfeit websites with the intention of stealing their data.