ThreatMetrix Report Reveals Fraudulent Transaction Activity on Desktop and Mobile for 2011 Holiday Season
Posted January 19, 2012
The Cybercrime Prevention Provider Analyzed Data Across its Global Network to Identify Risky Transactions by Device
San Jose, CA – January 19, 2012 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, announced today that it has released data on the percentage of desktop and mobile transactions that were classified as risky — or potentially fraudulent — over the 2011 holiday season.
Findings revealed that while desktop transactions were still more risky than mobile transactions on average, the risk level remained fairly consistent across devices during the month of December; there was a slight increase in fraudulent activity the days leading up to and following Christmas day. Data was gathered across the ThreatMetrix™ Global Network.
“Online commerce is becoming a preferred channel, as its convenience and oftentimes competitive pricing are appealing factors to today’s consumers,” said Alisdair Faulkner, chief products officer, ThreatMetrix. In fact, comScore reported that shoppers had spent almost $32 billion online for the holiday season during the first 32 days of the November and December 2011 holiday shopping season, which marks a 15% increase from a year ago. “As businesses continue to build a cross-channel presence, it’s essential they understand the inner workings of the fraud network to effectively prevent cybercrime.”
Faulkner added that today’s online fraudsters have evolved from individuals and small groups, to professional worldwide networks. In 2010, fraud-related e-commerce revenue loss in the U.S. and Canada totaled $2.7 billion, according to CyberSource’s 2011 Fraud Report, and those numbers are only expected to rise.
Given the 2011 fraud season of notable cybercrimes, ThreatMetrix compiled a “Circle of Fraud” overview for how fraudsters typically operate in various industries:
• Banking: Fraudsters write software that can compromise bank accounts. The software intercepts user login sessions, enabling the hacker to transparently access the account funds.
• Social Networking: Hackers purchase compromised scripts – containing false credentials – to register on social networking sites. Fake social profiles are auto-created using the compromised scripts. Using the fake profiles, hackers distribute spam emails containing viruses that infect the recipients’ device.
• Domestic E-Commerce: Using stolen credentials from virus-infected computers, e-ommerce hackers visit compromised online retailers and steals customers’ credit card information by using SQL injection attacks.
• Online Gaming: Fraudsters verify the validity of stolen credit cards by sending out scripts to target gaming and gambling sites for the purchasing of virtual currencies. Once these virtual transactions are approved, the fraudster tests the stolen credit cards by using its available funds.
• Global E-Commerce: Hackers located overseas tunnel through compromised computers and use stolen credit cards to place online orders. The websites don’t detect the invasion because the hacker’s IP address mirrors that of the compromised computer. These more advanced cybercriminals visit online hacker forums where they pursue information about the compromised devices that correspond to the stolen identities.
• Third-Party: These individuals receive stolen goods and repackage them for fraudsters. They are sometimes unaware of their role in the “Circle of Fraud.”
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.