Mobile transactions represent more than half of financial services exchanges and e-commerce businesses must strike an effective balance between protecting their platform and minimizing customer friction as we head into the holiday season.
Those are among the findings according to San Jose, Calif. based digital identity firm ThreatMetrix’s Q3 Cybercrime Report, based on actual cybercrime attacks from July to September 2016.
During what is traditionally a slow quarter, ThreatMetrix analyzed nearly five billion transactions, detecting and stopping approximately 130 million attacks in real time, an almost 40% increase over Q3 2015. Mobile transactions increased to 43% of total network traffic, a nearly 50% increase over the previous year, with no sign of slowing.
Cross-border transactions are also on the rise, representing one in five transactions in the ThreatMetrix Digital Identity Network. These transactions are 70% more likely conducted by bots than domestic transactions and riskier; with a rejection rate twice as high as that of domestic transactions due to customs rules that require the rejection of transactions originating in certain countries.
“Attacks have evolved from being one-dimensional with a singular purpose to being a Frankenstein’s monster of attack vectors, using bots, social engineering, and remote-access stealth in various combinations,” Vanita Pandey, vice president of strategy and product marketing at ThreatMetrix, said. “Fraud prevention is no longer simply about timely detection but about getting under the skin of evolving attack patterns to better thwart the rise of cybercrime.”
The ThreatMetrix Q3 Cybercrime Report noted a number of year-over-year changes and trends in all industries:
- Financial services: Mobile-banking transactions grew by 250% over Q3 2015. In addition, attacks on payment transactions continued to grow, and login attacks took a massive jump. While fraudsters still see financial services as a more challenging target than other retail transactions, attacks on financial services customers can be devastating, and risk exposure and potential brand damage for businesses is high.
- E-commerce: As digital e-commerce transactions have grown, bot attacks continue to be widespread and persistent, occasionally surpassing legitimate transaction traffic. Q3 2016 saw 76 million blocked e-commerce transactions, the highest number ever, and a 60% increase over the third quarter 2015. Attacks on logins and payment transactions grew 30% and 70%, respectively, over the previous year, a trend that will likely pick up steam into the 2016 holiday season.
- Digital media/social networks: More attacks take place on these types of accounts than on any other kind of transaction. Bot traffic can account for more than 90% of transaction volume at certain times. Q3 2016 saw attacks on nearly one in five transactions. Attacks on new account creations have gone up by almost 400% over the previous year. However, rejected transactions also increased by about 80% over the third quarter in 2015.
“It is this ability for a fraudster to masquerade convincingly as the legitimate customer that is a far more pervasive challenge for global digital businesses, leading to higher instances of account takeover and new account origination fraud, both of which we see prolifically in our network.” Alistdair Faulkner, chief products officer at Threatmetrix, said in the report.
The report states, “What cyber criminals have shown us time and time again is that identity data is the critical currency for perpetrating online fraud, and this can be stitched together using a patchwork quilt of stolen credentials harvested from separate breaches.”
The impact to ecommerce users can be extensive, with losses felt far beyond an initial monetary loss. Consumers who have been subjected to fraud either defect to a competitor, or if they do stay they transact less.”
