Digital Transactions Authoritative, insightful and timely information for payments professionals
It’s not a pretty picture, but then anything detailing the proliferation of cybercrime isn’t likely to have a bright side. ThreatMetrix Inc., in its “2017 Q3 Cybercrime Report,” says it detected and stopped 171 million attacks in the third quarter, a 100% increase from the 2015 third quarter.
The report, which is expected to be released next week, notes the increased attacks came from developed economies as criminals sought to exploit the seemingly non-stop supply of fresh consumer data.
Of e-commerce transactions monitored by ThreatMetrix, 28% were payments, 71% were account log-ins, and 1% were account creations. Among the payments, 4% were actually attacks, but just as problematic is what criminals attempt to do with account logins and creations. Both of these transaction categories suffered an attack rate of 9.4%.
“Login transactions are attacked more heavily in e-commerce than in other industries as fraudsters seek to capitalize on the growing propensity to save credit card information to selected trusted brands,” the report says.
Among transactions monitored within the financial-services segment, payments accounted for 8% of the volume, says Vanita Pandey, ThreatMetrix vice president of product marketing and strategy, in an email. “Of these 80 transactions, 6.4% are attacks,” Pandey says. Another way of putting it: 80 out of every 1,000 transactions is a payment, and five out of those 80 payments are actually an attack.
The ThreatMetrix Identity Abuse Index, which tracks attack rates over time and ranks them as low, medium, and high, detected two spikes, one in May and one in July. In September, credit-reporting firm Equifax Inc. said 145 million of its records were open to hackers from May through July.
“Key spikes over the past two quarters demonstrate the immediate impact of breached credentials being made available on the dark Web, resulting in attacks on some large global organizations as cybercriminals continue to mass-test identity credentials before launching more targeted attacks on other corporations and/or end users,” the report says.
One notable way criminals test their illegally obtained data is through charities, where they’ll make a $5 payment with a stolen credit card. If successful, they’ll use the card data elsewhere to make a high-value purchase.
For the first time, a majority of the transactions studied—51%—came from mobile devices. For retailers and financial institutions, mobile technology represents not only opportunity, but also risk, Pandey says. “While mobile enables these businesses to engage with their customers in a personalized way, anywhere, anytime, [the] mobile channel is also increasingly being targeted by fraudsters,” Pandey says. “The key is to ensure these businesses have the ability to differentiate between good customers and fraudulent customers in real time.”
There are other risks, as well, as efforts to keep out bad actors can erode the positive experience of legitimate customers, if not handled right. “These businesses have the unenviable task of having to balance customer experience for their trusted users while solving for the rapidly evolving cybercrime landscape,” Pandey says.
