A sharp rise in fraud attack levels on mobile transactions was reported by ThreatMetrix, a LexisNexis Risk Solutions company, in its cybercrime report for the first half of 2018. As consumers go mobile for virtually all online goods and services, fraudsters are starting to close the gap on this channel, according to the firm.
It analysed 17.6 billion digital transactions on the ThreatMetrix Digital Identity Network during the first half of 2018. The Network also detected and stopped 361 million cybercrime attacks in the same period. According to the data firm’s data, in the last three years the proportion of mobile transactions versus desktop has almost tripled. Mobile transactions, which include account creations, logins and payments, reached 58 per cent of all traffic by the middle of 2018.
Mobile fraud rates have tended to lag behind the channel’s overall growth; however in the first half of 2018 mobile attack rates rose 24pc, when compared to the first half of 2017. In the United States mobile attack rates experienced a far higher growth rate of 44pc for the same period. Globally, one third of all fraud attacks are now targeting mobile transactions. This means that although digital companies do need to prepare for increasing attacks, mobile remains the more secure channel compared to desktop, the firm suggested.
Mobile offers unique ways for accurately assessing user identity, thanks to geo-location and behavioural analysis. It offers strong customer authentication options that require no user intervention, including cryptographically binding devices for persistent authentication (“Strong ID”). The number of Strong IDs for mobile devices on the ThreatMetrix network has more than doubled in the first half of 2018.
Alisdair Faulkner, Chief Identity Officer at ThreatMetrix said: “Mobile is quickly becoming the predominant way people access online goods and services, and as a result organisations need to anticipate that the barrage of mobile attacks will only increase. The good news is that as mobile usage continues to increase, so too does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy. The key point of vulnerability, however, is at the app registration and account creation stage. To verify users at this crucial point, organisations need to tap into global intelligence that assesses true digital identity, compiled from the multiple channels that their customers transact on.”
Financial institutions faced 81 million cybercrime attacks in the first half of 2018 on the ThreatMetrix global Network. Of these, 27 million were targeting the mobile channel. Financial services mobile transactions are growing globally, with China, South East Asia and India showing the strongest regional growth. Overall, the biggest threat in financial services comes from device spoofing, as fraudsters attempt to trick banks into thinking multiple fraudulent log in attempts are coming from new customer devices, perhaps by repeatedly wiping cookies or using virtual machines.
Mule networks also continue to hit the global banking ecosystem, even when individual account behaviour may not trigger red flags. The first half of 2018 there saw an unprecedented spike in the volume of bot attacks targeting digital transactions worldwide. ThreatMetrix registered a 60pc spike in bot attacks in the second quarter of the year, increasing from one billion bot attacks in Q1 to 1.6 billion in Q2. The sheer volume of this automated bot traffic affects businesses the data firm says because, without the correct measures in place, this slows order processing times and the ability to effectively identify good returning customers in real time. At peak times, retailers report these attacks account for more than half of all transactions. Large retailers are the primary targets as fraudsters attempt to infiltrate good user accounts and access sensitive personal data and saved credit card information. A total of 170 million bot attacks came from mobile devices in 1H 2018. This bot traffic in the first six months of the year predominantly originated from locations such as Vietnam and South Korea, illustrating the global trend of stolen identity data disseminating to growth regions and emerging economies.
Social networks and dating websites have the highest mobile footprint of all industries, reaching 85pc of total transactions and 88pc of account creations by the middle of 2018. Given these sites’ often modest security requirements, attack rates are high as hackers use these platforms to test stolen identity credentials, as well as to steal sensitive personal data via account takeovers. Identity spoofing is widespread. IP spoofing is also prevalent, with fraudsters—predominantly from Vietnam, Ghana, Nigeria, US and Philippines using proxy servers to make it appear as though they are actually based in locations close to their intended victims.
