sb-nz logo
Story image

Out with credit cards & in with identity data: Cybercriminals take fraud to new levels

24 Jan 2018

Cybercriminals are ditching the ‘quick buck’ methods of stealing credit cards and are instead going after identity data through ambitious attacks that provide longer-term profits.

Those are the conclusions from ThreatMetrix Cybercrime Report 2017: A Year in Review, which found that one in nine new accounts opened in 2017 were fraudulent.

The report also says there was a 100% increase in the volume of attacks over the last two years, according to the ThreatMetrix network.

The increase in fraudulent accounts is also affecting everyday consumers as organisations establish lengthier identity verification methods to separate legitimate customers from fraudulent ones.

“Analysing transactions based on true digital identity is the most effective way to instantly differentiate between legitimate users and cybercriminals. We leave traces of our identity everywhere, and by mapping the ever-changing associations between people, their devices, accounts, locations and addresses, across the businesses with which they interact, trusted behaviour for an individual becomes apparent,” comments ThreatMetrix VP of product marketing and strategy Vanita Pandey.

An account takeover happens every 10 seconds – an increase of more than 170%.

The report suggests that attackers combine identity information harvested from the dark web and data breaches to create new fraudulent accounts – 83 million were attempted between 2015 and 2017.

The most vulnerable industries include gift card trading websites and ridesharing, because cybercriminals look to exploit new platforms for attacks.

Consumers are also falling for social engineering tricks, such as emails that dupe people into thinking their account has been compromised. Attackers then ask people to ‘secure their account’ but instead people are handing over access.

Spikes in cyber attack activity also point to major data breaches. According to ThreatMetrix, its network detected ‘unprecedented’ spikes in irregular behaviour immediately after the Equifax breach.

As changing consumer behaviour moves towards an increase in mobile transactions, cybercriminals are reportedly keeping pace.

Mobile transaction volumes grew 83% due to an increase in multi-device purchasing. Last year mobile transactions exceeded desktop-based transactions for the first time.

With the volume and complexity of attacks increasing daily, businesses need to accurately differentiate customers from criminals in real time, without impacting transaction speeds or introducing unnecessary friction,” Pandey explains. 

 “By looking beyond static data—and drilling down to the dynamic intricacies of how people transact online—companies can continue to grow their digital businesses with confidence.”

The report analysed attacks that were detected and blocked on ThreatMetrix Digital Identity Network between January and December 2017.

Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
Case study: How Pattern helped SimTutor secure online education
SimTutor provides a software-as-a-service (SaaS) solution designed for online healthcare education and e-learning content creators.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Combine endpoint privilege management with these tools for maximum protection
By integrating an EPM solution with additional technologies, teams can manage the entire security tool stack more easily and enhance each component’s effectiveness.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Why organisations should rethink the approach to retail demand planning and forecasting
Why organisations should rethink the approach to retail demand planning and forecastingMore