Security & Fraud

Cybercriminals Harass FIs 81M Times In 2018 So Far

A new report has revealed that financial institutions (FIs) were hit with 81 million cybercrime attacks in the first half of 2018, with 27 million of those breaches targeting the mobile channel.

The data from ThreatMetrix, a LexisNexis Risk Solutions company, showed that the biggest threat to financial services firms is device spoofing, which is when criminals try to trick banks into thinking multiple fraudulent login attempts are taking place from new customer devices. In addition, mule networks continue to hurt the global banking ecosystem.

The report also found that globally, one third of all fraud attacks are now targeting mobile transactions. In fact, there was a 60 percent boost in bot attacks against digital transactions worldwide in the second quarter of the year, with large retailers being the main targets. A total of 170 million bot attacks came from mobile devices in the first half 2018.

“Mobile is quickly becoming the predominant way people access online goods and services, and, as a result, organizations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, chief identity officer at LexisNexis Risk Solutions, in a press release. “The good news is that, as mobile usage continues to increase, so, too, does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy. The key point of vulnerability, however, is at the app registration and account creation stage. To verify users at this crucial point, organizations need to tap into global intelligence that assesses true digital identity, compiled from the multiple channels that their customers transact on.”

Those using social networks and dating websites should be especially cautious, as the sites’ often modest security requirements translate to a high rate of attacks.

“Social networks are at risk of becoming a gateway to further organized crime,” said Rebekah Moody, director of fraud and identity at ThreatMetrix. “Identity data is arguably as valuable a currency online as hard cash. Fraudsters funnel [toward] the easiest target to help test, augment and validate stolen identity data to make future attacks more successful: In many cases, this is social networks. These organizations must start to deploy the same kind of defenses a user would expect elsewhere online, without introducing unnecessary friction.”



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.