Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Thought Leaders Corner<br />
by Rebekah Moody<br />
& Vanita Pandey<br />
The Many Faces of Cybercrime – A Look at the Key Fraud Trends<br />
from Q1 2016<br />
As a technologically savvy consumer, you might think you are<br />
fairly adept at spotting potential fraud attempts. We know that<br />
banks won’t ask for our full login details, our passwords need<br />
to be undecipherable, and we need to make sure that we<br />
don’t click on dodgy looking links in emails. Sadly, this may not<br />
be enough to protect us from fraud attacks. The cybercrime<br />
world is evolving and consumer data is now everywhere.<br />
Usernames and passwords can be bought at the touch of a<br />
button following numerous data breaches and fraudsters<br />
can stitch together complete and convincing identities from a<br />
jigsaw of stolen credentials. They create pitch-perfect attacks<br />
because they know so much about us, sometimes more than<br />
the businesses we transact with.<br />
Organizations must become smarter at detecting the full<br />
spectrum of possible attacks, from huge automated identity<br />
testing sessions, to advanced social engineering attacks that<br />
hijack individual accounts. This starts with really understanding<br />
the digital identities of consumers so that high-risk behavior<br />
can be detected in real-time.<br />
We’ve seen some interesting trends emerge in ThreatMetrix<br />
Digital Identity Network at the start of this year. Authentication<br />
is still a core part of our Network traffic, with 86% of<br />
transactions coming from returning devices. Trust is critical<br />
– consumers expect to be recognized, known and given<br />
easy access to products and services without experiencing<br />
unnecessary friction.<br />
However, the dark undertones of fraud attacks continue<br />
to take us all by surprise, with 311 botnet attacks detected<br />
this quarter alone. Businesses are under attack from a<br />
particularly pernicious group of fraudsters who are becoming<br />
would-be generals of their very own botnet army, controlling<br />
vast networks of bot computers, some of which belong to<br />
unsuspecting consumers.<br />
These botnet attacks are mass-testing identity credentials,<br />
often adopting a low and slow attack speed to appear more<br />
like legitimate user traffic and evade rate control measures<br />
that have traditionally formed the first line of defense.<br />
ThreatMetrix also spotted some new forms of credential<br />
testing this quarter. Online businesses provide the perfect<br />
way for fraudsters to anonymously test stolen payment<br />
credentials, such as credit cards, before making a big ticket<br />
purchase. Industries with low digital sophistication are easy<br />
targets. We detected a series of $5 payments made with<br />
stolen credit cards targeting the charity sector.<br />
Identity spoofing had a strong footprint in the FinTech<br />
space with fraudsters using cloaking technologies such as<br />
proxies or spoofed locations to mask their true identities and<br />
locations. This has caused an increase in fraudulent new loan<br />
applications.<br />
Our other big story this quarter was the continued growth<br />
of mobile transactions, particularly prevalent in financial<br />
services. Mobile transactions grew 200 percent compared<br />
to the previous year and now make up one third of our<br />
006