October 20, 2017
October 16, 2017
Posted December 12, 2016
Hong Kong – (December 13, 2016)
Scale of attacks on online transactions using stolen identity data revealed in ThreatMetrix APAC report
The Asia-Pacific region is facing unprecedented levels of complex cybercrime and fraud attacks, as revealed in the “2016 Q3 Cybercrime Report – APAC Deep Dive” from ThreatMetrix®, The Digital Identity Company®.
Key highlights in the report:
Identity attacks are having an ever-increasing impact on the APAC market as fraudsters attempt to monetize credentials harvested from huge data breaches by testing, validating and augmenting identity data. Spikes in automated bot attacks, which are being used to carry out identity credential testing activity, are leading to attack peaks where up to 14 percent of all transactions are rejected as fraudulent. Identity spoofing is the most prevalent attack vector in APAC, highlighting the fact that cybercriminals are actively leveraging stolen identity data to carry out attacks on digital transactions.
“Identities are fast becoming hard currency for cybercriminals perpetrating online fraud. Many of the attacks we see in the Digital Identity Network are focused on stealing, validating, augmenting and selling identity credentials to make future attacks more lucrative,” says Vanita Pandey, vice president of strategy and product marketing at ThreatMetrix. “Transactions from the APAC region are at particular risk from identity-related attacks; we see almost double the percentage of identity spoofing attacks originating here compared to global averages, illustrating the fact that without proper controls in place, the region could be a key hub for cybercriminals.”
Attacks themselves continue to adapt and pivot to leverage the latest leaked data that floods the dark web after a breach. Cybercriminals make use of the full armory of attack vectors at their disposal, using a basic bot to mass validate stolen data; advanced social engineering attacks to improve the success of a remote account takeover; to masquerading bots used to attempt fraudulent transactions, which are particularly hard to distinguish from legitimate human traffic.
“Businesses in the APAC region need to be especially adept at identifying legitimate cross-border transactions versus cyber attacks,” Pandey says. “As fraudsters leverage patched-together stolen identities, it is only in understanding the intricacies of a true digital identity, that organizations can accurately detect future fraud.”
AUSTRALIA & NEW ZEALAND
Australia and New Zealand have the highest transaction volumes in APAC with the lowest overall reject rate at 3.7 percent, meaning these transactions are least susceptible to attacks. Device spoofing is the most prevalent attack vector, which is in line with the other highly developed global digital economies.
Automated bot attacks from China are extremely high with large attacks combining bots attacks with identity or device spoofing. Identity spoofing is the most prevalent attack vector, higher than anywhere else in APAC.
India sees particularly strong mobile penetration, with 44 percent of total transaction volumes coming from mobile; the highest in APAC. 70 percent of account creations in India come from a mobile device, as users embrace the freedom and flexibility that transacting on a mobile affords.
Japan is a key growth region in the Network, with a 51 percent increase in transaction volumes compared to last year. Japan has the second highest percentage of rejected transactions at 14.4 percent; representing a steady year-on-year increase.
SOUTH EAST ASIA
SE Asia saw a 47 percent increase in attacks compared to last year, as total transaction volumes grew 45 percent. Mobile transaction volumes are grew 34 percent compared to 2015.
About the ThreatMetrix “2016 Q3 Cybercrime Report – APAC Deep Dive”
The report is based on actual cybercrime attacks from July to September 2016 that were detected by the ThreatMetrix Digital Identity Network during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.