SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Out with credit cards & in with identity data: Cybercriminals take fraud to new levels
Wed, 24th Jan 2018
FYI, this story is more than a year old

Cybercriminals are ditching the ‘quick buck' methods of stealing credit cards and are instead going after identity data through ambitious attacks that provide longer-term profits.

Those are the conclusions from ThreatMetrix Cybercrime Report 2017: A Year in Review, which found that one in nine new accounts opened in 2017 were fraudulent.

The report also says there was a 100% increase in the volume of attacks over the last two years, according to the ThreatMetrix network.

The increase in fraudulent accounts is also affecting everyday consumers as organisations establish lengthier identity verification methods to separate legitimate customers from fraudulent ones.

“Analysing transactions based on true digital identity is the most effective way to instantly differentiate between legitimate users and cybercriminals. We leave traces of our identity everywhere, and by mapping the ever-changing associations between people, their devices, accounts, locations and addresses, across the businesses with which they interact, trusted behaviour for an individual becomes apparent,” comments ThreatMetrix VP of product marketing and strategy Vanita Pandey.

An account takeover happens every 10 seconds – an increase of more than 170%.

The report suggests that attackers combine identity information harvested from the dark web and data breaches to create new fraudulent accounts – 83 million were attempted between 2015 and 2017.

The most vulnerable industries include gift card trading websites and ridesharing, because cybercriminals look to exploit new platforms for attacks.

Consumers are also falling for social engineering tricks, such as emails that dupe people into thinking their account has been compromised. Attackers then ask people to ‘secure their account' but instead people are handing over access.

Spikes in cyber attack activity also point to major data breaches. According to ThreatMetrix, its network detected ‘unprecedented' spikes in irregular behaviour immediately after the Equifax breach.

As changing consumer behaviour moves towards an increase in mobile transactions, cybercriminals are reportedly keeping pace.

Mobile transaction volumes grew 83% due to an increase in multi-device purchasing. Last year mobile transactions exceeded desktop-based transactions for the first time.

With the volume and complexity of attacks increasing daily, businesses need to accurately differentiate customers from criminals in real time, without impacting transaction speeds or introducing unnecessary friction,” Pandey explains.

 “By looking beyond static data—and drilling down to the dynamic intricacies of how people transact online—companies can continue to grow their digital businesses with confidence.

The report analysed attacks that were detected and blocked on ThreatMetrix Digital Identity Network between January and December 2017.