ThreatMetrix study reveals morphing nature of global cybercrime

In Latin America, this is fueling an outbreak of new account creation fraud. According to the ThreatMetrix Q1 2018 Cybercrime Report, one quarter of all account registrations from this region are rejected as fraudulent. Stolen and synthesized identities are leveraged to attack the growing LATAM e-commerce market, as well as major global US-based retail corporations. Another key tactic in the LATAM region for monetizing stolen identities is to create fake new accounts using free trials and reselling these for profit.

Global cybercrime expansion is being driven by developing economies recently emerging as major perpetrators of fraud, creating new epicenters of cybercrime off the back of attacks that extend beyond their own borders into the surrounding region. Attacks from Brazil continue to grow, placing it in the list of the biggest 5 attack originators globally, with activity targeting neighboring countries such as Argentina and Columbia – as well as leading digital economies in the US and the UK. Vietnam retained its position on the top five list with attacks targeting Japan, Singapore and Australia.

Overall, organized bot attacks continue to proliferate, with a record 1 billion bot attacks seen on the ThreatMetrix Digital Identity Network this quarter. This is fueled by a rise in attacks originating from new and emerging economies such as Egypt, South Korea, Ecuador, Ukraine and Vietnam.

Identity abuse makes global e-commerce transactions ten times more risky

Even amidst the traditional post-holiday lull, the overall attack levels for e-commerce remained high in Q1 with almost 150 million rejected transactions. This represents an 88% increase in fraud attacks over the previous year. E-commerce sites were also hit with 820 million bot attacks, and on average attack rates are ten times as high compared to financial services transactions.

These attacks continue to be focused on identity abuse and testing. As a result, the overall attack rates for account logins and new account creations have steadily grown in the e-commerce sector, with fraudsters targeting account takeovers to access sensitive personal credentials and saved credit cards.

Specifically, fraudulent new account registrations increased more than 30% over the previous year, as fraudsters used the relatively modest sign up requirements of e-commerce vendors as a breeding ground to test stolen identity credentials. These tests often serve as a gateway to further attacks in other industries.

Digital commerce presents retailers with compelling new revenue streams and customer engagement opportunities. But with the ever-increasing presence of cybercrime, retailers are in a precarious position. They want to provide customers with a frictionless environment, which makes for an easy test bed for fraudsters, who are executing high scale attacks and testing accounts with stolen credit cards.

Payment Processors in the Crosshairs

Transaction volume among payment processors in the ThreatMetrix Digital Identity Network has grown steadily each quarter, reaching 361 million this past quarter, with 43% of these transactions coming from mobile devices. However, payment processor transactions are seeing above-average attack rates and mobile attacks are on the rise.

Over 50% of transactions among payment processors are cross-border, which is significantly higher than the 30% cross-industry average. Among these cross-border payments attacks rates are 30% higher compared with domestic.

For other key highlights from Q1 2018 Cybercrime Report visit the download page. 

ThreatMetrix is an integrated digital identity platform that allows its users to transact their businesses without friction. For more information about this company, please check out a detailed profile in our web fraud & e-identity database.