Security & Fraud

Cybercriminals Harass FIs 81M Times In 2018 So Far

A new report has revealed that financial institutions (FIs) were hit with 81 million cybercrime attacks in the first half of 2018, with 27 million of those breaches targeting the mobile channel.

The data from ThreatMetrix, a LexisNexis Risk Solutions company, showed that the biggest threat to financial services firms is device spoofing, which is when criminals try to trick banks into thinking multiple fraudulent login attempts are taking place from new customer devices. In addition, mule networks continue to hurt the global banking ecosystem.

The report also found that globally, one third of all fraud attacks are now targeting mobile transactions. In fact, there was a 60 percent boost in bot attacks against digital transactions worldwide in the second quarter of the year, with large retailers being the main targets. A total of 170 million bot attacks came from mobile devices in the first half 2018.

“Mobile is quickly becoming the predominant way people access online goods and services, and, as a result, organizations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, chief identity officer at LexisNexis Risk Solutions, in a press release. “The good news is that, as mobile usage continues to increase, so, too, does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy. The key point of vulnerability, however, is at the app registration and account creation stage. To verify users at this crucial point, organizations need to tap into global intelligence that assesses true digital identity, compiled from the multiple channels that their customers transact on.”

Those using social networks and dating websites should be especially cautious, as the sites’ often modest security requirements translate to a high rate of attacks.

“Social networks are at risk of becoming a gateway to further organized crime,” said Rebekah Moody, director of fraud and identity at ThreatMetrix. “Identity data is arguably as valuable a currency online as hard cash. Fraudsters funnel [toward] the easiest target to help test, augment and validate stolen identity data to make future attacks more successful: In many cases, this is social networks. These organizations must start to deploy the same kind of defenses a user would expect elsewhere online, without introducing unnecessary friction.”



B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.