New research signals snowballing threat of cybercrime on marketplaces
New findings released today signal a snowballing threat of cybercrime thriving on the marketplace ecosystem, with 277 million human-initiated cyberattacks in the last six month saw online fraud solidifying a 13% year-on-year (YoY) rise.
The research by LexisNexis® Risk Solutions analysed 16.4 billion transactions January-June 2019, with 62% originating from a mobile device.
The report recorded a much more benign environment in the first half of 2019 in comparison to the two preceding years, with 2017 and 2018 dominated by high volume bot attacks originating from diverse and emerging economies.
The key difference in bot attacks during the first six months of 2019 has been the growth in bots targeting new account creation transactions on marketplaces. Online platforms are seeing fraudsters accessing seller credentials to make fraudulent bids or phoney listings.
Although account logins remain the primary attack target by volume, new account creations are the only use case that recorded a growth in attacks during the period. Bot attacks from India and South East Asia have seen considerable growth over the last year, suggesting growth economies are becoming an integral part of the global cybercrime economy.
Fraudsters are often using these new account creation attempts to test, validate and build online identities for financial gain.
Cybercrime is now an established industry in its own right and, like any growing enterprise, continues to expand with highly organised, customizable services and regional outposts in emerging economies.
However, as breached identity data becomes more widespread, fueling the growth of cybercrime across borders and continents, a noticeable shift towards attacks originating from growth economies has emerged.
Mexico is a notable emerging economy making its debut on the top ten attackers list, having climbed six places in the last 12 months. A possible explanation for Mexico’s rapid rise to the top 10 rankings is the current heightened risk environment in the LATAM region; the incredibly diverse region is in the midst of immense digital growth and has emerged as a hotbed of new account creation fraud.
This also explains Brazil’s repeated top 10 ranking. The first half of 2019 also recorded a growth in attacks from Bangladesh, Malaysia, Pakistan and Columbia, illustrating the global nature of cybercrime.
Fraudsters take on marketplaces
As merchants vie for customers in an increasingly crowded marketplace, promotional discounts, offers and free trials are designed to attract market share. Cybercriminals, however, see opportunity in these promotions, for example illegally signing up for, and then selling on free trial accounts on a mass scale.
In addition to taking advantage of discounts and other promotions, new accounts can also be used by fraudsters to make payments with stolen credit cards.
In the first six months of 2019, an extremely high percentage of attacks were recorded on new account creations, illustrating how e-commerce continues to be a prime target for monetising stolen identity credentials gleaned from data breaches.
The attack on a virtual gift card provider in June contributed to the high percentage of attacks on new account creations, although the attack rate is also indicative of the heightened risk the industry faces from fraudulent new accounts.
While mobile plays a prominent role in ecommerce transactions, they are still more desktop-based than other industries. Some 69% of ecommerce login transactions originate from a desktop device, suggesting that consumers still prefer a bigger screen when browsing online marketplaces, even if mobile is the preferred device at payments.
Marketplace merchants enjoy a truly global customer base, with consumers searching for the best deals and services regardless of location. Merchants are increasingly targeting consumers outside their country of origin: 44% of all ecommerce transactions are now cross-border.
This presents merchants with additional challenges around identity verification, authentication and fraud control, demanding a global view of digital identity and fraud risk.
But how do you defend against these increasingly sophisticated networks of fraudsters? Single point solutions are no match to this networked cybercrime, with fraudsters adept at masking themselves as legitimate and trusted customers in order to maximise monetary gain and minimise detection.
The most robust solution to this growing problem is a layered defence of fraud, identity and authentication capabilities, executable in near real-time, and across the entire customer journey. This relies on uniting world-class digital identity intelligence, physical identity and authentication capabilities that can help businesses meet regulatory requirements, streamline the customer experience and detect complex and evolving fraud.
I believe that banks will stop fraud and cyber crimes permanently if they implement simple foolproof systems invented to personalise signature, pin and passwords to the individuals to deter criminals from getting tempted to misuse them the way they are doing now. How else are we going stop criminals from buying personal details of anyone of us online from dark web due to so many data breaches?