ThreatMetrix US Patents Press Releases

Cybercrime Attacks Rise 40 Percent Across Asia-Pacific With Identity Attacks Double the Global Average

Posted December 12, 2016

Hong Kong – (December 13, 2016)

Scale of attacks on online transactions using stolen identity data revealed in ThreatMetrix APAC report

The Asia-Pacific region is facing unprecedented levels of complex cybercrime and fraud attacks, as revealed in the “2016 Q3 Cybercrime Report – APAC Deep Dive” from ThreatMetrix®, The Digital Identity Company®.

Key highlights in the report:

  • APAC digital revolution: APAC businesses and consumers are leading the way in digitalization, with the ThreatMetrix Digital Identity Network® seeing online transaction volume increase 36 percent over the previous year.
  • Mobile access is the key: Mobile transactions make up 35 percent of overall transaction volume, a 44 percent increase since 2015.
  • APAC is facing unprecedented threats: 40 percent increase year-on-year in the number of daily attacks; China revealed as the most attacked nation in the region.
  • Finance goes mobile: Mobile transactions in financial services have almost tripled compared to last year, demonstrating the exponential growth in popularity of mobile banking within the APAC region.
  • Cross-border transactions fuelling high attack rates in APAC: Higher than average instances of cross-border transactions compared with global figures, which are more susceptible to bot attacks and location spoofing than domestic transactions

Identity attacks are having an ever-increasing impact on the APAC market as fraudsters attempt to monetize credentials harvested from huge data breaches by testing, validating and augmenting identity data. Spikes in automated bot attacks, which are being used to carry out identity credential testing activity, are leading to attack peaks where up to 14 percent of all transactions are rejected as fraudulent. Identity spoofing is the most prevalent attack vector in APAC, highlighting the fact that cybercriminals are actively leveraging stolen identity data to carry out attacks on digital transactions.

“Identities are fast becoming hard currency for cybercriminals perpetrating online fraud. Many of the attacks we see in the Digital Identity Network are focused on stealing, validating, augmenting and selling identity credentials to make future attacks more lucrative,” says Vanita Pandey, vice president of strategy and product marketing at ThreatMetrix. “Transactions from the APAC region are at particular risk from identity-related attacks; we see almost double the percentage of identity spoofing attacks originating here compared to global averages, illustrating the fact that without proper controls in place, the region could be a key hub for cybercriminals.”

Attacks themselves continue to adapt and pivot to leverage the latest leaked data that floods the dark web after a breach. Cybercriminals make use of the full armory of attack vectors at their disposal, using a basic bot to mass validate stolen data; advanced social engineering attacks to improve the success of a remote account takeover; to masquerading bots used to attempt fraudulent transactions, which are particularly hard to distinguish from legitimate human traffic.

“Businesses in the APAC region need to be especially adept at identifying legitimate cross-border transactions versus cyber attacks,” Pandey says. “As fraudsters leverage patched-together stolen identities, it is only in understanding the intricacies of a true digital identity, that organizations can accurately detect future fraud.”

Region Snapshots:

Australia and New Zealand have the highest transaction volumes in APAC with the lowest overall reject rate at 3.7 percent, meaning these transactions are least susceptible to attacks. Device spoofing is the most prevalent attack vector, which is in line with the other highly developed global digital economies.

Automated bot attacks from China are extremely high with large attacks combining bots attacks with identity or device spoofing.  Identity spoofing is the most prevalent attack vector, higher than anywhere else in APAC.

India sees particularly strong mobile penetration, with 44 percent of total transaction volumes coming from mobile; the highest in APAC.  70 percent of account creations in India come from a mobile device, as users embrace the freedom and flexibility that transacting on a mobile affords.

Japan is a key growth region in the Network, with a 51 percent increase in transaction volumes compared to last year. Japan has the second highest percentage of rejected transactions at 14.4 percent; representing a steady year-on-year increase.

SE Asia saw a 47 percent increase in attacks compared to last year, as total transaction volumes grew 45 percent. Mobile transaction volumes are grew 34 percent compared to 2015.

About the ThreatMetrix   “2016 Q3 Cybercrime Report – APAC Deep Dive”
The report is based on actual cybercrime attacks from July to September 2016 that were detected by the ThreatMetrix Digital Identity Network during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

Additional Resources:

  • Download the report here

About ThreatMetrix:
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.

For more information, visit or call 1-408-200-5755. Join the cybersecurity conversation by visiting the ThreatMetrix blog, Twitter, LinkedIn and Facebook pages.

© 2016 ThreatMetrix. All rights reserved. ThreatMetrix and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts:
Ken Lam
Contact number:  +852-61800905
Paul Wilke
Upright Position Communications
Tel: +1-415-881-7995

close btn