Digital Transactions Authoritative, insightful and timely information for payments professionals
Human-initiated cybercrime attacks in the United States and Canada decreased 6% in the first half of 2020 compared to the same period in 2019, finds the biannual Cybercrime Report from LexisNexis Risk Solutions. Even automated bot attacks dipped—by 0.3%—in the period. But, as with all things related to online fraud, it’s not all good news. The number of attacks coming from mobile devices increased 48% over last year.
While North America had lower overall attack rates compared to other regions, the United States contributes the highest volume of human-initiated and automated bot attacks globally, the report finds. Overall, there was a 33% decrease in human-initiated attacks for the first six months of 2020, a 23% decrease in the financial-services attack rate, and a 55% decline in the e-commerce attack rate, but a 3% increase in the media attack rate. Attack rates measure the number of transactions that ultimately are deemed fraudulent in nature.
Criminals are particularly fond of using mobile channels. Within financial services, the attack rate is 29.2% for new account creations via mobile apps. Such attacks, across all channels, have had two consecutive periods of growth on desktop and mobile app. For payments, which is cataloged as part of financial services, the attack rate, 5.2%, is highest on mobile browsers.
“The convenience and availability of mobile devices continue to drive increases in mobile transaction volume, especially during the global lockdowns due to Covid-19,” Kimberly Sutherland, vice president of fraud and identity strategy at LexisNexis Risk Solutions, says in an email to Digital Transactions News.
“During the first half of 2020, 66% of all transactions added to our Digital Identity Network came from mobile devices, representing a 6% growth over 2019. Securing the mobile channel is critical for all industries and is extremely important because attacks coming from mobile devices have increased 42% over 2019,” she says. “However, mobile-browser transactions are reported to be most vulnerable with the highest attack rate of all channels at 2.4%. Organizations should place extra attention on mobile fraud-prevention efforts for new account creations, payment, and money transfers, which all had the highest fraud rates.”
Financial-services and payments companies should expect new-account creation fraud to remain a key objective for criminals. “FIs should increase their fraud-prevention efforts on methods to reduce new-account opening fraud attack vectors by increasing their focus of verification, identification of high-risk devices, and digital identity attributes such as email addresses and analytic modeling to detect synthetic identities and other fraudulent behaviors,” Sutherland says. “We have experienced two consecutive periods of declines in attack rates for logins and payments, so financial institutions [should] maintain their efforts to continue this successful pattern.”
Atlanta-based LexisNexis Risk Solutions report analyzed data from more than 22.5 billion transactions processed by organizations in its Digital Identity Network service.
