Consumers are increasingly embracing mobile for online goods and services, and fraudsters are moving in fast for a piece of the action.
New cybercrime insights from the first half of 2018 released by ThreatMetrix, a LexisNexis Risk Solutions Company, reveal a sharp rise in fraud attack levels on mobile transactions. The findings are based on the analysis of 17.6 billion digital transactions on the ThreatMetrix digital identity network during the first half the year.
Mobile transactions, which include account creations, logins and payments, reached 58% of all online traffic by the middle of 2018, according to ThreatMetrix’s “Q2 2018 Cybercrime Report.” Globally, 2018 mobile attack rates rose 24% in the first half of 2018 compared to the year-ago period. In the United States, however, mobile attack rates experienced a far higher growth rate of 44% for the same period.
The rise of mobile is undisputedly the key change agent in digital commerce, the report noted. In the last three years the proportion of mobile transactions versus desktop has almost tripled.
Globally, one third of all fraud attacks are now targeting mobile transactions. This means that although digital companies do need to prepare for increasing attacks, mobile remains the more secure channel compared to desktop.
Mobile offers organizations unique opportunities for accurately assessing user identity, thanks to highly personalized device attributes, geo-location and behavioral analysis, according to ThreatMetrix. It offers strong customer authentication options that require no user intervention, including cryptographically binding devices for persistent authentication (“Strong ID”).
“Mobile is quickly becoming the predominant way people access online goods and services, and as a result organizations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, chief identity officer at LexisNexis Risk Solutions. “The good news is that as mobile usage continues to increase, so too does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy.”
The key point of vulnerability for mobile is at the app registration and account creation stage, according to Faulkner.
“To verify users at this crucial point, organizations need to tap into global intelligence that assesses true digital identity, compiled from the multiple channels that their customers transact on,” he added.
Throughout the first half of 2018 there was an unprecedented spike in the volume of bot attacks targeting digital transactions worldwide. The ThreatMetrix Digital Identity Network registered a 60% spike in bot attacks in the second quarter of the year, increasing from 1 billion bot attacks in the first quarter to 1.6 billion in the second quarter.
Large retailers are the primary targets as fraudsters attempt to infiltrate good user accounts and access sensitive personal data and saved credit card information. A total of 170 million bot attacks came from mobile devices in the first half of 2018.
The bot traffic predominantly originated from locations such as Vietnam and South Korea, illustrating the global trend of stolen identity data disseminating to growth regions and emerging economies.
Social networks and dating websites have the highest mobile footprint of all industries, reaching 85% of total transactions and 88% of account creations by the middle of 2018. Given these sites’ often modest security requirements, attack rates are high as hackers use these platforms to test stolen identity credentials, as well as to steal sensitive personal data via account takeovers.
“Social networks are at risk of becoming a gateway to further organized crime”, said Rebekah Moody, director of fraud and identity at ThreatMetrix. “Identity data is arguably as valuable a currency online as hard cash.”
Other highlights from ThreatMetrix Q2 2018 Cybercrime Report include:
• Fifty-four percent of all e-commerce transactions are now cross-border, which is much higher than other markets, and emphasizes the industry’s increasingly global footprint.
• Cross border e-commerce transactions are 69% more likely to be rejected as fraudulent, however, demonstrating the challenge of accepting overseas commerce.
• Twenty-five percent of new e-commerce account applications are fraudulent, a 130% increase compared to the same period last year.
• China appears on the top five cybercrime attackers list for the first time ever.