Story image

Out with credit cards & in with identity data: Cybercriminals take fraud to new levels

24 Jan 2018

Cybercriminals are ditching the ‘quick buck’ methods of stealing credit cards and are instead going after identity data through ambitious attacks that provide longer-term profits.

Those are the conclusions from ThreatMetrix Cybercrime Report 2017: A Year in Review, which found that one in nine new accounts opened in 2017 were fraudulent.

The report also says there was a 100% increase in the volume of attacks over the last two years, according to the ThreatMetrix network.

The increase in fraudulent accounts is also affecting everyday consumers as organisations establish lengthier identity verification methods to separate legitimate customers from fraudulent ones.

“Analysing transactions based on true digital identity is the most effective way to instantly differentiate between legitimate users and cybercriminals. We leave traces of our identity everywhere, and by mapping the ever-changing associations between people, their devices, accounts, locations and addresses, across the businesses with which they interact, trusted behaviour for an individual becomes apparent,” comments ThreatMetrix VP of product marketing and strategy Vanita Pandey.

An account takeover happens every 10 seconds – an increase of more than 170%.

The report suggests that attackers combine identity information harvested from the dark web and data breaches to create new fraudulent accounts – 83 million were attempted between 2015 and 2017.

The most vulnerable industries include gift card trading websites and ridesharing, because cybercriminals look to exploit new platforms for attacks.

Consumers are also falling for social engineering tricks, such as emails that dupe people into thinking their account has been compromised. Attackers then ask people to ‘secure their account’ but instead people are handing over access.

Spikes in cyber attack activity also point to major data breaches. According to ThreatMetrix, its network detected ‘unprecedented’ spikes in irregular behaviour immediately after the Equifax breach.

As changing consumer behaviour moves towards an increase in mobile transactions, cybercriminals are reportedly keeping pace.

Mobile transaction volumes grew 83% due to an increase in multi-device purchasing. Last year mobile transactions exceeded desktop-based transactions for the first time.

With the volume and complexity of attacks increasing daily, businesses need to accurately differentiate customers from criminals in real time, without impacting transaction speeds or introducing unnecessary friction,” Pandey explains. 

 “By looking beyond static data—and drilling down to the dynamic intricacies of how people transact online—companies can continue to grow their digital businesses with confidence.”

The report analysed attacks that were detected and blocked on ThreatMetrix Digital Identity Network between January and December 2017.

Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.