Cybercrime is becoming more automated, organized and networked than ever before, according to the ThreatMetrix Cybercrime Report: Q4 2016.
Cybercriminals are increasingly targeting online lenders and emerging financial services, says Vanita Pandey, vice president of strategy and product marketing, ThreatMetrix.
ThreatMetrix's report is based on data drawn from its ThreatMetrix Digital Identity Network, which analyzes about 2 billion transactions per month for insight into traffic patterns and emerging threats. The network uses a real-time policy engine to analyze transactions — about 44 percent of which originate from mobile devices — for legitimacy based on hundreds of attributes, including device identification, geolocation, previous history and behavioral analytics.
ThreatMetrix's data shows 1 million cyberattacks targeted online lending transactions throughout 2016, Pandey says . It estimates the total value of these transactions at about $10 billion. It expects the number of attacks to continue to grow in 2017. Indeed, the number of attacks specifically targeting alternative lending increased by 150 percent quarter-over-quarter in the fourth quarter of 2016. That doesn't mean criminals have stopped targeting banks: ThreatMetrix says it detected 80 million attacks using fake or stolen credentials during 2016 in the finance sector alone.
It should be noted that attacks are increasing both in number (ThreatMetrix says it detected and stopped nearly 122 million attacks in real-time in the fourth quarter, an increase of more than 35 percent over the previous year) and in proportion: growth in attacks outpaced overall transaction growth, and the overall rejected transaction rate grew by 15 percent.
"Fraud has evolved from being like robbing a house to being a big heist on a bank or institution," Pandey says.
Increasingly, she explains, cybercriminals are stealing identities and using them to create accounts that they allow to sit and mature, sometimes for years, before leveraging them for crime.
First, she says, criminals buy, trade and augment stolen identity credentials from any of the numerous data breaches that occur with increasing frequency.
"Most of us have been breached, whether you've stayed at an InterContinental Hotel, or you had a Yahoo account or you have a LinkedIn password you haven't changed in four years," she says.
Those credentials are then used to create new accounts with retailers, banks and e-lenders. E-lenders are frequently targeted, perhaps because the criminals see them as softer targets than more established banks, according to ThreatMetrix.
"They will then use automated bot attacks on a new site to create an account for you," Pandey says. "If it doesn't exist, they'll create an account. If it does, they'll bring in sophisticated tools to crack your password. They'll let an account sit and mature for a while. Once your identity has been verified, a lot of times you won't be stepped up or challenged. Imagine if I have a stable account, I've been transacting for two years nicely and then I use my account to buy a big item and change my address, they may not flag that."
Pandey says ThreatMetrix sees a lot of fraud being committed with accounts that have five or even six years of credit history and a big credit file. Even victims who regularly check their credit reports may not pick up on the fraud, as the criminals take care not to damage their victims' credit ratings until the accounts mature.
"Due to its surge in popularity, and fast transaction cycles, online lending has become a prime target for cybercriminals," she says. "Online lenders are under increasing pressure to adopt smarter authentication methods that leverage real-time, behavior-based intelligence to accelerate genuine loans and prevent fraud. This is the only way to thrive in an increasingly competitive market."
Developing countries becoming bigger players in online fraud game
This type of fraud isn't limited to the U.S. and other developed nations. ThreatMetrix says it has seen this type of fraud originating in developing countries including Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia. ThreatMetrix also reports a significant increase in attacks, particularly identity spoofing attacks, from emerging economies including Tunisia, Ukraine, Malaysia, Bangladesh, Pakistan, Serbia, Morocco, Guadeloupe, Qatar and Cuba.
"The fact that developing nations are becoming bigger players in the online fraud game demonstrates the spread of breached identity data to countries across the globe," Pandey says. "One in four transactions on our network is now cross-border, illustrating a global village economy that's continuing to take root. Global data breaches are making stolen identity data globally available via the dark web, and this information is traded by organized and networked crime rings."
How to keep the online digital world safe
With cybercriminals becoming more ambitious and more sophisticated, Pandey says it's becoming clear that text-based authentication needs to be deprecated. In fact, she says, any static information used for authentication that must be stored by a company is susceptible to a data breach and therefore an outdated way of thinking about secure authentication, identity verification and fraud prevention.
"It is becoming increasingly clear that the only true way to keep the online digital world safe and secure, (and processing transactions in the manner that technology-savvy consumers expect), is by analyzing the digital identity of every online user, an identity that is built on dynamic, shared intelligence harnessed from sources far wider than the individual companies a user transacts with," the ThreatMetrix report says.
Behavioral analytics and machine learning are the keys to making this work.
"It is only by using this holistic, crowdsourced approach to digital identities that companies can be more confident of accurately differentiating fraudsters from genuine customers," the report concludes. "In the case of Yahoo, the cookies might have been forged, but the online footprint of those fraudsters would have been markedly different to the genuine users, and it is up to Yahoo to be able to detect that in order to protect sensitive customer data."