ThreatMetrix US Patents Press Releases

ThreatMetrix Announces the “ThreatMetrix Cybercrime Report: Q1 2015,” Sees Cybercrime Surge on Backs of Breaches

Posted May 6, 2015


The Report Examines Cybercrime Attacks Detected by the ThreatMetrix® Digital Identity Network, Which Analyzes More Than One Billion Transactions Monthly

San Jose, CA – May 6, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the availability of its “ThreatMetrix® Cybercrime Report: Q1 2015,” which examines cybercrime attacks detected by the ThreatMetrix® Digital Identity Network during Q4 2014 and Q1 2015. These attacks were detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations.

During this period, the ThreatMetrix Digital Identity Network analyzed more than six billion transactions, with nearly one-third originating from mobile devices, and protected more than 250 million active user accounts across 3,000 customers and 15,000 websites. Through its analysis of the top customer transactions across industries, the ThreatMetrix Digital Identity Network provides unique insight into legitimate end customers’ “digital identities,” even as they move between applications, devices and networks and highlights some representative key market trends.

The number of attacks on businesses is trending up as crimeware tools gain traction providing tools to fraudsters to automate cybercrime attacks leveraging the customer data made available from breaches. As such, the ThreatMetrix Digital Identity Network is seeing more and more traffic that is cloaked – the masking of an identity. This is especially true for new account creations wherein the fraudsters use stolen identities with these tools to defraud businesses. Mobile fraud also proliferates as more users carry out transactions on their devices, with device spoofing now becoming the most popular attack vector.

Strong Growth in Online and Mobile Commerce Along with Fraud

The report highlights the trends in the 2014 holiday shopping season, which was a period of record online transactions and unprecedented number of attacks. These attacks are directly associated with the growing data breaches over the past year. Impersonation or “spoofing” attacks are now the most common threat and ThreatMetrix identifi­ed more than 11.4 million fraud attempts during peak holiday shopping. The “ThreatMetrix Cybercrime Report: Q1 2015” is the first of its kind to analyze how stolen and compromised identities are used for cybercrime.

Trust is critical for customer loyalty and e-commerce merchants had a spike in account login transactions as customers revisited retailers to view offerings/deals and make purchases. While new account creation rates were lower than other transaction types, they had two times higher instance of fraudulent transactions driven by the availability of stolen identities in the wild from massive breaches. E-commerce transactions broken down consist of the following percentages and risks:

  • One percent of transactions were account creation, with 6.7 percent high risk
  • 80 percent of transactions were account logins, with 2 percent high risk
  • 19 percent of transactions were payments, with 2.6 percent high risk

“In the wake of recent data breaches, customers’ digital debris is floating in the cyber world for fraudsters to compromise, making accurate insight into digital identities of the utmost importance for businesses, especially in the e-commerce industry,” said Vanita Pandey, senior director, strategy and product marketing at ThreatMetrix. “ThreatMetrix data shows an upswing in account takeover and identity spoofing attacks following recent massive data breaches. While guest checkouts previously represented the highest risk, due to the breadth of digital debris at cybercriminals’ fingertips, fraudsters are much more likely to use a stolen username and password combination than to use compromised credit card information, which has a shorter life span. As the volume of e-commerce transactions increase, it gives cybercriminals more places to poke and exploit. Retailers need to leverage a digital identity network to get a comprehensive view of customers to accurately differentiate between trusted and fraudulent transactions.”

Cybercrime Surges Across All Transaction Types in the Financial Services Industry

In addition to e-commerce, the “ThreatMetrix Cybercrime Report: Q1 2015” examines financial services transactions and authentication attempts. While online banking authentication transactions continue to dominate the ­financial services industry, the payment transactions increased during this period driven by the increasing adoption of alternate payment methods and bankcard authentication solutions, and increase in online money gifting during the holiday season. The impact of breaches and consumer credentials in the wild is more evident in the financial services industry, with a substantial increase in fraud rates across all transaction types. Financial services transactions broken down consist of the following percentages and risks:

  • One percent of transactions were account creation, with 2 percent high risk
  • 76 percent of transactions were account logins, with 2.6 percent high risk
  • 23 percent of transactions were payments, with 3.2 percent high risk

“On the backs of major data breaches, we’re seeing a trend in cybercriminals using more sophisticated, automated crimeware tools that are deliberately targeting first generation device identification and authentication solutions used by most financial institutions,” said Pandey. “Fraudsters are shifting from exploiting hardware and software to exploiting people – taking bits and pieces of their digital identities that have been compromised through breaches, and attempting to make transactions disguised as those individuals. As cybercriminals move to exploit financial institutions, those businesses need a more sophisticated view of their users. They need to look at their customers’ behaviors, devices and identities as a whole – the ultimate behavioral biometric.”

In both the e-commerce and financial services industries, businesses must prepare for the growth of new in-store technologies such as Europay-MasterCard-Visa (EMV) and Apple Pay with the wide adoption of the Apple Watch and other connected devices (IoT). As these technologies cut down point-of-sale fraud, the attacks will move to the online channel. Global shared intelligence will be crucial as businesses prepare for the 2015 holiday season.

Media Industry Continues to See Highest Percentage of High-Risk Transactions

The analysis of transactions from the media industry, consisting of social media, content streaming and online dating websites, show a strong growth in payment transactions through media organizations while the overall fraud levels continue to be higher than other industries. Illegal access to content outside of approved geographies, combined with spamming and fraudulent bot-driven account creation, represent the key drivers of fraudulent transactions in the media space. Broken down, media consist of the following percentages and risks:

  • 22 percent of transactions were account creation, with 3.8 percent high risk
  • 26 percent of transactions were account logins, with 6.2 percent high risk
  • 52 percent of transactions were payments, with 4 percent high risk

“From a fraudster’s perspective, social media is the gas station of the connected world,” said Pandey. “It provides a quick and easy way to assess the validity of a stolen credit card or credentials. The media industry has the highest incidence rate of high-risk transactions due to the low authentication threshold – often only consisting of a username and password combination. These identities are easily compromised, especially following a significant number of data breaches, as many people use the same login credentials across websites.”

Mobile Represents One-Third of All Activity in The ThreatMetrix Digital Identity Network

Mobile usage represents nearly one-third of all activity on the ThreatMetrix Digital Identity Network and continues to grow as more and more consumers use their mobile phone, tablets and connected devices (such as the Apple Watch) to access content, make purchases, conduct banking transactions and pay bills.

ThreatMetrix analyzes mobile transactions from more than 200 countries and territories across the globe with consumers from emerging economies conducting a much higher percentage of transactions from mobile devices. The report found that the growth in mobile brought more mobile attacks, with spoofi­ng being most prevalent. However, the attack volumes are still lower than desktop as mobile devices are not conducive to massive fraud attacks.

“While desktop fraud still dominates, as mobile usage continues to grow, especially in emerging markets, the channel will eventually see new, sophisticated criminals targeting mobile transactions,” said Pandey. “With businesses focused on lowering consumer friction on mobile, fraudsters are increasingly targeting mobile platforms and devices to spoof identities. Businesses need to be prepared for an uptick in spoofing attacks as mobile continues to grow.”

Device Spoofing Remains Top Attack Vector

Leveraging activity across industries, mobile and desktop, the report also identified the top attacks by transaction type and found spoofing, such as IP address, geolocation, identity and device spoofing to be the most common attack types across all transaction attempts. Device spoo­fing remains the top attack vector, with more than six percent of transactions. As crimeware tools gain traction, the ThreatMetrix Digital Identity Network is seeing more and more traffic that is cloaked, especially for new account creation wherein the fraudsters use stolen identities along with these tools to defraud businesses.

Cybercrime continues to be a well-funded, organized business with sophisticated technology and strong knowledge sharing across organized crime rings, nation states, and decentralized cyber gangs. Recent massive data breaches have resulted in an increase in attacks targeted towards businesses across all regions and industries. Cybercriminals continue to share information as well as develop tools that will help bypass the fi­rst generation fraud prevention solutions. The only effective solution for businesses is to share information about fraud trends across their customer bases to stop cybercriminals in their tracks. ThreatMetrix delivers advanced fraud protection, frictionless authentication, and customer protection through a real-time collective response using intelligence gathered from billions of transactions in the ThreatMetrix Digital Identity Network.

To learn more, download the “ThreatMetrix Cybercrime Report: Q1 2015” eBook

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer driven-analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blog, FacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
Tel: 408-200-5716

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178


close btn