E-commerce attacks increased 93% in the first quarter of 2018 in comparison to the same quarter a year ago, finds the Q1 2018 Cybercrime Report from ThreatMetrix, a unit of LexisNexis Risk Solutions.
Based on an analysis of 210 million attacks ThreatMetrix detected and stopped on behalf of its clients, the report found that most e-commerce attacks are targeting account logins and creation, 71%, with attacks to get payment data accounting for 29% of volume.
A couple of major factors affect this increase. “The shift to EMV in 2015 caused a big shift in fraud online for the U.S. retail industry that is home to some of the world’s biggest retailers serving a global customer base,” Vanita Pandey, ThreatMetrix vice president of product marketing and strategy, says in an email to Digital Transactions News. The size of the U.S. retail industry makes it attractive outside its borders. “Even beyond the [U.S.] border, for example in the Latin America region, there is a high volume of attacks specifically targeting U.S. e-commerce transactions because the size and scale at which they operate makes them a lucrative target,” Pandey says.
Payment processors, too, found themselves besieged by online criminals. The first-quarter attack rate surged to 7.6% of all transactions among payment processors, much higher than the 3.9% rate overall. It’s also higher than the Q1 2017 rate of 6.1%.
This industry is favored by criminals because they are looking for ways to monetize the stolen credentials they’ve collected, ThreatMetrix says. This is compounded by the growing propensity of consumers to store more personal information online.
Payment processors face unrelenting bot attacks as criminals use these automated programs to test stolen identity credentials.
To counter them, Pandey recommends using the latest technologies that can distinguish quickly and correctly between legitimate users and criminals. “By detecting high-risk behavior in real-time, through multilayered technologies that assess transactions based on identity, device, geo-location, and evidence of malware and other threats, they can deliver a secure, end-to-end solution to their merchants that protects against these attacks,” she says.
In one instance, bot traffic made up to 90% of daily traffic at peak times, she says. “This causes network issues, friction for good customers, and cart abandonment. These high-volume attacks are used to test stolen credentials, and once validated, these credentials are then used for account-takeover attacks and the financial loss can run into millions of dollars.”