The Q2 Cybercrime Report from global security company ThreatMetrix has arrived, with its "ThreatMetrix Digital Identity Network" detecting and stopping a record 112 million cyber attacks this quarter, 50% more than last year!
The report can be freely downloaded here after free registration.
The report is "based on actual cybercrime attacks from April-June 2016 that were detected by the ThreatMetrix Digital Identity Network during real-time analysis and interdiction of fraudulent online payments, logins and new account applications".
The detailed 42-page must-read report revealed that "the rise in stolen identity credentials available in the market led to an increased level of attacks on new accounts, a 250% increase year-over-year".
The company states that "fraudsters are using identity credentials obtained from the dark web to run substantial automated bot attacks that have increased 50% since last quarter", with ThreatMetrix’s "Network" having detected "450 million such threats, thwarting millions of attacks on numerous individual companies".
Attack levels also continue to "increase as the global digital economy grows, and as consumers make more online transactions", with fraudsters "capitalising on this growth, evolving their tactics to target new payment platforms, EMV transactions and the mobile platform".
Vanita Pandey, vice-president, strategy and product marketing at ThreatMetrix, said: “In a world where billions of consumer identities have been compromised, it is becoming harder for digital businesses to authenticate the good guys, let alone detect the bad ones.
“Digital authentication continues to be one of our biggest use cases globally. The challenge remains, how do businesses accurately identify genuine attacks from legitimate transactions?”
Here’s ThreatMetrix’s official video outlining its Q2 2016 Report – key findings and more are listed thereafter, please read on!
So, what are some of the key findings from the report, along with the trends and surprises listed on the report’s fifth page?
Other key findings:
- Attacks are becoming more prevalent and are evolving in scope, depth and complexity: In Q2 2016 The Network processed 5.2 billion transactions, identifying and stopping 112 million attacks.
- This represents a 50% increase over the previous year. The exploitation of stolen data is global and co-ordinated, resulting in huge attack spikes following a large breach.
- Bot attacks continue their relentless rise: 450 million bot attacks were detected and stopped this quarter, a 50% increase over last quarter.
- As mobile transactions increase, fraudsters’ mobile attacks evolve: Mobile transactions are growing at a rate of 200% year-over-year, and 40% of Network transactions now come from mobile devices.
- The Network reported its first mobile bot attack this quarter, as fraudsters seek to capitalise on the increasing popularity of mobile commerce.
- EMV has a noticeable impact on e-commerce attacks: There were 69 million e-commerce attacks this quarter, an increase of 90% over the previous year.
- P2P media platforms see a spike in fraudulent activity ahead of the summer holiday season:
- Online review sites and other media platforms were a key target this quarter; fraudulent new account registrations increased 350% over the previous year ahead of the summer holiday season.
- Broader trends include EMV migration impact and increases in mobile and cross-border transactions.
Trends that the TreatMetrix report includes on page 5:
- Continued growth of attacks across segments, a 50% increase in attacks over Q2 2015.
- Impact of EMV mandate on CNP fraud evident in the high levels of attacks on CNP merchants.
- Impact of recent data breaches seen in the increase in new account origination fraud.
- Mobile transactions continue to grow.
- Mobile banking is more popular than ever amongst returning customers in financial services, who continue to login to online banking via mobile apps almost twice as much as via desktop.
Surprises (also on page 5 of the report):
- Massive increase in bot attacks targeting financial institutions, particularly FinTechs.
- Emergence of mobile bot attacks targeting mobile apps.
- A 500% growth in mobile transactions for financial institutions compared to same quarter last year.
- A 25% increase in “mobile only” users for financial institutions compared to last quarter.
- China emerges as one of the big attack destinations.
- Cross-border transactions are growing and continue to be considered riskier.
EMV migration hits e-commerce transactions
ThreatMetrix says that it has been "predicting the impact of EMV migration for the last few months, and is now seeing the full force of the adoption of chip technology".
Of note is that this quarter "saw the highest level of attacks on e-commerce ever, with reject rates increasing across account logins, new account creations and payments".
Pandey said: “EMV migration represents a big win for straightforward, friction-free transacting, but at what cost?
“Businesses increasingly have to balance careful fraud and risk management with strong customer authentication to ensure this upward trajectory of fraud attacks is held in check.”
Mobile transactions drive the pace of change in financial services
Next ThreatMetrix states that The Network saw a whopping 500% increase in mobile transactions for financial institutions compared to the same quarter last year, as users embrace the flexibility and convenience of mobile banking apps, and as noted above.
The Network has also detected a 25% increase in “mobile only” users compared to last quarter, indicating consumers have become more comfortable with mobile banking.
What’s scary but real is that "cybercriminals are picking up on this trend and are evolving their attacks".
Bots crossed over into mobile for the first time ever this quarter, as fraudsters targeted a key online e-commerce merchant in an attempt to gain access to customer accounts.
The global digital economy fuels cross-border transactions
The company says that approximately 16% of The Network’s transactions are now "cross-border, as businesses and consumers become part of a global village economy".
Businesses tend to approach cross-border transactions with more caution: The rejection rate is 2.5 times higher for cross-border transactions than domestic ones.
Why? Because a big driver of this is "the custom rules set by businesses that often reject transactions from specific countries".
Pandey added: “Fraudsters try to cloak and spoof their location in order to bypass standard reject rules. As a result, location spoofing attacks for cross-border transactions were 60 percent above domestic transactions.
“Good customers can often get caught in the net, penalised because of the country they are transacting from or caught by outdated static fraud rules.”
Ted Egan, ThreatMetrix’s SVP for the APAC region, notes that “Today everyone has a digital DNA, good guys and even the bad guys. And like human DNA, they can’t change it. Your Digital DNA travels with you online regardless of changing devices or countries travelled.
“They can try to mask it, but they can’t change it! ThreatMetrix Digital Identity Network is global, providing businesses more precise accuracy and realtime digital data when validating the authenticity of a customer.
"From this point an online business, bank or customer of ThreatMetrix can substantially improve customer experience without adding friction, while also driving stronger customer acquisition rates and reducing fraud events.”
Indeed, ThreatMetrix states it is "able to leverage the global nature of the unique digital identities it builds in the Digital Identity Network; looking beyond simple changes in behaviour (such as transacting from a new country) to the holistic view of how a user transacts across devices and locations, analysing their behavioural pattern over time".