September 20, 2018
Organised Fraud Rings Turn Their Attention to Online Lenders and Emerging Financial Services
Posted February 28, 2017
Over a million worldwide cyberattacks on online lending transactions in 2016 with the potential loss of £8 billion
London, UK – (March 1, 2017) Financial organisations are being increasingly targeted by cybercriminals looking to capitalise on alternative lending and payment models. Online fraudsters are exploiting the time delays inherent in reporting loan agreements to credit bureaus for substantial financial gain.
According to the latest ThreatMetrix® Cybercrime Report 1 million cyberattacks targeted online lending transactions throughout 2016, and this number will continue to grow in 2017. The total potential loss value of these transactions globally is estimated at £8 billion.
This emerging trend in online lending fraud is the latest attack strategy being used by organised crime rings, driving a vast amount of cybercriminal activity within the financial services sector globally. And it continues to grow at great speed. The number of attacks specifically targeting alternative lending has increased by 150% since Q3 2016.
Additionally, banks and financial services companies are becoming more and more vulnerable. The ThreatMetrix Digital Identity Network®, which analyses around 2 billion transactions per month, detected 80 million attacks using fake or stolen credentials during 2016 in the finance sector alone. Another significant industry trend is the 250% growth in mobile transaction volume year on year, with almost 55% of financial services transactions now coming through mobile devices.
76% of UK financial services transactions coming from mobile
In the UK, Q4 saw a 10% growth in overall financial services transaction volumes from an already high level of close to 1 billion the previous quarter.
This growth is primarily driven by an increase in financial services account logins coming from mobile devices. Financial services had its biggest mobile quarter ever in the UK with 76% of transactions coming from mobile devices. This highlights the continued growth in popularity of transacting on a mobile device in favour of a desktop, particularly for daily login transactions to check bank balances on the move. In addition, UK consumers are now also increasingly opening new accounts on mobile devices; new mobile account applications have steadily grown for the last 4 quarters as people are becoming more comfortable with extending the breadth of services they use a mobile device for.
“Due to its surge in popularity, and fast transaction cycles, online lending has become a prime target for cybercriminals. Online lenders are under increasing pressure to adopt smarter authentication methods that leverage real-time, behaviour-based intelligence to accelerate genuine loans and prevent fraud. This is the only way to thrive in an increasingly competitive market,” says Vanita Pandey, vice president of strategy and product marketing at ThreatMetrix.
Emerging nations appear on the cybercrime frontlines
Besides the US, ThreatMetrix saw this type of fraud originating in developing countries including Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia. This is in keeping with the rise of emerging nations as players in online fraud across all industries. Brazil emerged in Q4 as a major attack destination, and ThreatMetrix saw a significant increase in attacks coming from emerging economies, including Tunisia, Ukraine, Malaysia, Bangladesh, Pakistan, Serbia, Morocco, Guadeloupe, Qatar and Cuba. Identity spoofing is the leading attack vector in such economies.
“The fact that developing nations are becoming bigger players in the online fraud game demonstrates the spread of breached identity data to countries across the globe. One in four transactions on our network is now cross-border, illustrating a global village economy that’s continuing to take root. Global data breaches are making stolen identity data globally available via the dark web, and this information is traded by organised and networked crime rings,” Pandey continues.
Additional Q4 2016 Cybercrime Report findings
With the largest-ever online Christmas shopping season taking place in 2016, Q4 was the network’s biggest digital quarter ever. The Q4 2016 Cybercrime Report found that:
- Nearly 122 million attacks were detected and stopped in real-time, an increase of more than 35% over the previous year.
- Growth in attacks outpaced overall transaction growth, and the overall rejected transaction rate grew 15% — demonstrating heightened risk levels.
- 45% of transactions now come from mobile devices, rising to 55% in financial services, as users log in almost daily to check their bank balance via mobile apps. Mobile devices are increasingly becoming the primary conduit for transacting online, with businesses moving from digital-first strategies to mobile-first ones.
- Mobile-only users have increased across all industry groups, rising to 40% in financial services. For a sizable minority, desktops are becoming obsolete, as the breadth and depth of mobile products and services stretches to allow mobile-only usage.
- Cross-border transactions are growing in prevalence; more than a quarter of transactions in the network are now cross border, but these continue to be approached with caution and are rejected more than twice as much as domestic transactions.
To access the Q4 2016 Cybercrime Report – click here
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,500 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.
© 2017 ThreatMetrix. All rights reserved. ThreatMetrix and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.
Sophie Brown Communications
Tel: 07919 098 893