Cyber criminals took no time off in the first six months of 2019 as human-initiated attacks against online sites grew by 13% from the same period a year ago, finds the LexisNexis Risk Solutions Cybercrime Report released Tuesday.
Bots, too, evolved to target new account creations. Bot attacks targeting new e-commerce account creations increased 171% year-over-year. Many were seen at online marketplaces, virtual gift card providers, and ridesharing sites, the report says.
It’s a sobering report, one that highlights the growing threat of networked cybercrimes. This is when digital identities are associated with confirmed fraud attempts across more than one organization. Those in the same industry, such as banking, lending, and stock brokerages, are acutely affected, LexisNexis Risk Solutions says.
“The pattern of networked cybercrime has strong implications for all industries, as fraudsters potentially use information/credentials gleaned in one attack to make other attacks more successful,” says Rebekah Moody, LexisNexis Risk Solutions director of fraud and identity. “Both financial services organizations and payments companies represent opportunity for ‘cashing out’ of fraudulent funds, either via a payment to a beneficiary, loan payment, or monetization of stolen credit cards. This means as fraudsters operate across industries, building identity credentials and taking up free trials/bonuses with new account creations, taking over good customer accounts and accessing personal credentials, the final point of cashing out may be either slicker or easier to perpetrate without the right defenses in place.”
The report also notes that the attack rate on mobile browsers is less than on desktop browsers. The attack rate also is lower in a mobile app than on a mobile browser. In both instances, inherent security features aid mobile sites and apps. Mobile, however, harbors a growing threat. There are pockets of growth in mobile attack rates. Criminals are seeing new account creations on mobile as key opportunities to mimic customers or pass security checks, LexisNexis Risk Solutions says.
For example, within media sites, such as social media and gaming, the mobile app registration attack rate increased 324% year-over-year and 148% in six months.
“Fraudsters are potentially seeing mobile channel transactions as easier targets given they sit outside the security protocols and additional mobile app registration events,” Moody says. “Over time, businesses should encourage consumers to make payments via trusted apps with additional security controls to ensure a streamlined and frictionless online experience. However, using a layered defense that can effectively identify anomalies relating to a user’s digital identity (incorporating device intelligence, location information, behavior and threats intelligence), can help secure mobile browser payment transactions.”
A perennial decision for e-commerce providers is how much fraud is acceptable so that legitimate transactions are not halted because they may get caught in a filter.
“On one hand, there is an imperative to stop bad actors before they make a fraudulent transaction or payment, but this must not come at the expense of offering a streamlined customer experience for good and trusted users,” Moody says. “Merchants may also choose to adjust their tolerance for risk during certain periods, such as during a holiday season, to avoid good customers being caught in the net of robust fraud control.” Her advice is to use a risk-based approach to authenticating transactions, one that has global shared intelligence that helps merchants reliably determine a trusted transaction from a fraudulent one.