Quarterly Report Examines Cybercrime Attacks Detected by the ThreatMetrix Digital Identity Network, Which Analyzes More Than One Billion Transactions Monthly
ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the release of its “ThreatMetrix® Cybercrime Report: Q2 2015,” which examines cybercrime attacks detected by the ThreatMetrix® Digital Identity Network (The Network) during Q2 2015. These attacks were detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations.
During this period, The Network analyzed more than 3 billion transactions, and detected and stopped more than 75 million attacks in real time. Through its analysis of transactions across industries, The Network provides unique insight into legitimate end-users’ digital identities and highlights some representative key market trends.
“As commerce goes global and mobile, cybercrime follows suit, as is evidenced by the high volume of attacks targeting cross-border and mobile transactions,” said Vanita Pandey, senior director, strategy and product marketing at ThreatMetrix. “Cross-border transactions open the door to new revenue opportunities for businesses but are easy targets for cybercrime attacks, so they must make every effort to ensure they’re stopping fraudulent transactions without rejecting authentic customers.”
E-Commerce Ticks Up, as Does Fraud :
With the growth of the online and mobile commerce, retailers are trying to build long-term relationships with their customers by storing customer account information and creating mobile applications to make access easier. The heightened number of retailer app downloads across connected devices – including smartphones and tablets – implies consumers move between devices for e-commerce transactions.
“As retailers focus on customer engagement, it is critical to balance the customer experience and online security to ensure their digital debris is not scattered across cyberspace,” said Pandey. “During this period alone we detected almost 36 million attacks, a 20 percent increase over the previous quarter. Overall, this equates out to approximately $1 to $3 billion in potential losses being avoided.”
As retailers across the globe prepare for the holiday season, they need to also prepare for an increase in potential attacks. With The Network, e-commerce of transactions can be analyzed in real time to identify trusted customers, avoid customer friction and ultimately, stop fraudulent transactions.
E-commerce transactions broken down consist of the following percentages and risks :
- 80 percent of transactions were account logins, with 3 percent high risk
- 19 percent of transactions were payments, with 3 percent high risk
- 1 percent of transactions were account creation, with nearly 7 percent high risk
Financial Services Organizations Continue to See Organized Attacks Worldwide :
As financial institutions have evolved their services to cater to digital consumers, fraudsters worldwide are looking for ways to exploit any vulnerability. This is evidenced by the substantial increase in fraud rates across all transaction types, mostly driven by the breaches and the availability of consumer credentials in the wild.
In the online lending space, attacks spiked during this period and focused primarily on new accounts originations and payment disbursements. Online lending is seen as an easier way for the unbanked and underbanked to gain access to loans in a matter of days—and it is taking off, making it a top target for cybercriminals. For example, Lending Club, the first peer-to-peer lender, has issued $7.6 billion in loans since they started nine years ago—with $1.4 billion of that in the last three months alone.
“Mobile is driving financial inclusion for unbanked and underbanked population in both developed and emerging economies,” said Pandey. “As consumers turn to digital channels for instant access to funds or to store and manage their financial information, the online lending space has become a big target for attackers. Ensuring digital identities are effectively protected should be high priority for emerging and established financial institutions.”
Financial services transactions broken down consist of the following percentages and risks:
- 83 percent of transactions were account logins, with 2 percent high risk
- 16 percent of transactions were payments, with 3 percent high risk
- 1 percent of transactions were account creation, with 2 percent high risk
With the upcoming Europay-MasterCard-Visa (EMV) deadline in October, e-commerce merchants and financial institutions must prepare for an increase in the attacks targeting the digital channels. The adoption of EMV secures point-of-sale, causing a migration of fraud to the less secure online and mobile channels.
Media Industry Sees Highest Percentage of High-Risk Transactions :
ThreatMetrix analyzed transactions across social networks, content streaming channels, and online and mobile dating sites. Modest sign-up and authentication requirements along with user password sharing across sites lead to the media industry being a top target for cybercrime.
“Digital media has become fraudsters’ weapon of choice to test the validity of stolen credentials, leading to heightened levels of attacks in this segment” said Pandey. “At the same time, businesses also have to protect against illegal content access, malicious content posting and spamming.”
Media transactions broken down consist of the following percentages and risks :
- 27 percent of transactions were account logins, with nearly 6 percent high risk
- 50 percent of transactions were payments, with 3 percent high risk
- 23 percent of transactions were account creation, with nearly 4 percent high risk
Mobile Makes up One-Third of All Transactions Analyzed :
Mobile is the biggest emerging opportunity and risk for businesses and financial institutions trying to deliver frictionless experiences to their customers. Mobile usage continues to grow, accounting for up to 31 percent of transactions. With more than 20 million new mobile devices being added to The Network every month, this trend is expected to continue.
According to the 2013 FDIC National Survey of Unbanked or Underbanked Households, 20 percent Americans were unbanked or underbanked. On the flipside, in developing economies, only 41 percent of adults have bank accounts. Mobile has been positioned as the tool to drive financial inclusion for the unbanked and underbanked and is giving more people in developing countries access to banking and e-commerce.
“Mobile transactions provide additional opportunities for fraudsters to conduct spoofing attacks or identity theft by increasingly impersonating other devices to facilitate attacks,” said Pandey. “With consumers constantly on-the-go, they are more likely to conduct mobile transactions, which have the potential to compromise their digital identities.”
As shown in the “ThreatMetrix Cybercrime Report: Q2 2015,” cybercrime continues to grow across industries and online channels. Consumer behavior has gone through a drastic change and this can be attributed to the reliance on mobile and other connected devices. Attacks detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations show us that fraudsters are constantly developing sophisticated strategies to compromise digital identities. The ThreatMetrix Digital Identity Network empowers businesses with real-time intelligence to differentiate between fraudsters and trusted consumers across channel, location and devices.[su_box title=”About ThreatMetrix” style=”noise” box_color=”#336588″]
ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes billions of transactions and protects hundreds of millions of active user accounts across tens of thousands of websites and mobile applications. The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.