Commerce Goes Mobile, Global and Breached

As commerce goes global and mobile so does cybercrime. ThreatMetrix found that risk is growing across retail and finance, among other industries, and especially as cross-border transactions take off. Here are the details on the trouble spots – and just how cyber criminals are targeting mobile.

Electronic commerce is increasingly becoming a mobile activity as consumers use their devices to do everything from shopping for clothes to rebalancing their stock portfolios to conducting their banking. But even as mobile technology gives consumers a degree of freedom they could not otherwise have had, threats to personal and financial data are on the rise.

ThreatMetrix has recently released a report based on actual cybercrime attacks from April 2015 – June 2015 where billions of transactions were analyzed and 75 million attacks were detected and stopped in real time. Metrics utilized run from geolocation, previous history across a particular device and behavioral analytics which help give a sense of an individual’s “digital identity” even as he or she moves across disparate applications, networks and devices.

Would-be cybercriminals, the report found, usually try to “replay” identities that have been stolen using any number of methods to cloak their own efforts, including “piggybacking” on user sessions via malware or other malevolent technologies. Therein lies a problem: As mobile use in payments grows, accounting for more than 31 percent of transactions, as estimated by ThreatMetrix, and 20 million new devices are employed on its networks monthly, opportunities for fraud grow in lockstep.

Regionally speaking, the United States, the United Kingdom and Germany are the Top 3 countries for attack originations. Rounding out the Top 5 places for originations, in the second quarter, were the Dominican Republic and India. And in those areas, among criminals looking to glom off financial institutions, payment and login attacks took precedence over online, new account fraud – and, notes the white paper, criminals are “targeting diverse data sets to effectively stitch together the consumers’ credentials.”

Within the retail industry, ThreatMetrix detected 36 million attacks in eCommerce, which shakes out to a 20 percent increase over the previous year, with roughly $1 billion to as much as $3 billion in losses being stopped.

In the financial services sector, particularly in online lending, the attacks have focused primarily on new account originations and payment disbursements, said ThreatMetrix. Research showed that the vast majority of transactions in this space, or 83 percent of overall financial activity (not just online lending), were tied to account logins, and of those transactions, ThreatMetrix deemed 2 percent as “high risk” for fraud activity.

Cross-border transactions are also seeing a spike in fraudulent activity, as according to the report “it is hard for businesses to know the true digital identities of the customers.” As a result, businesses decline these transactions at a much higher rate compared to domestic transactions — sometimes three times more than domestic transactions.


To learn more about this data download ThreatMetrix’s Q2 2015 Cybercrime Report. 

Download Here 2