Digital commerce channels are presenting new opportunities for bad actors, making cybercrime a colossal problem for companies of all sizes. All told, U.S. businesses and consumers lost more than $1.4 billion in 300,000-plus reported cyberattacks last year, according to the Federal Bureau of Investigation (FBI).
Perhaps more troubling, however, is digital fraud’s projected future. Recently published research noted global fraud losses could top $6 billion by 2021, more than doubling the $3 billion lost worldwide in 2015.
There is seemingly no rule, rhyme or reason as to when a cyberattack will strike, or whom or what it will target, which can be particularly frightening. Some research indicates that mid-sized firms are at higher risk, but every company — from industry giants to fledgling startups — could see fraudsters wreak havoc with ever-smarter and more sophisticated methods. As such, businesses are now investing in their security and fraud prevention technology and solutions.
PYMNTS explores the world of cybercrime in this inaugural Digital Fraud Tracker™, including how fraudsters target their victims and the ways security providers are working to stop them.
How Cybercrime Happens
Most fraudsters resort to one of a half-dozen techniques when launching their attacks.
Data breaches include the unwanted release or unauthorized use of company or customer records. These incidents — such as the event that impacted Equifax late last year — account for roughly 25 percent of all attacks, and most commonly occur when hackers pass through security firewalls or other protections to gain access to records. Bad actors typically access that data by using malware to hack into corporate networks.
Digital fraudsters also employ card-not-present attacks, which use malware to exploit online payment processing vulnerabilities. eCommerce sellers report these events as the most commonly experienced technique, with bad actors attempting to use stolen payment card information and other customer data to make purchases.
Transaction laundering merchant fraud occurs when hackers use legitimate merchant accounts to complete unknown and unauthorized transactions, thereby covering their tracks and obscuring their identities. These attacks largely target banks, payment processors and companies working with cryptocurrencies.
Fraudsters also use customers’ or executives’ lack of knowledge about security protocols to their advantage, and that’s where account takeovers come in. Usually following a data breach, these attacks rely on phishing or other schemes to steal a business’ or individual’s account information — including address, name and payment details — to make a purchase. Account takeovers have skyrocketed in recent months, as a flood of consumer records have hit the dark web.
CEO fraud, which targets companies with foreign suppliers or using wire payments, also often relies on bad actors’ ability to fool innocent victims. Cybercriminals create fake email addresses that resemble those of CEOs or other trusted executives, then use them to trick other employees into completing unauthorized wire transactions.
Finally, companies are sometimes victimized by their own customers. Chargebacks, or friendly fraud, has become a large problem in the online age. The attacks occur when consumers file a false fraud report with an FI or card processor requesting a refund for a purchase they claim not to have made. Chargebacks are much more damaging than traditional refunds, as merchants are then left with neither merchandise nor payment.
An AI-Assisted Approach
Many companies appear to be increasing their investments in cybersecurity solutions amid such a wide variety of attacks being employed by fraudsters and bad actors.
The cybersecurity market is now worth $120 billion, according to 2018 research, a roughly 13,500 percent increase compared to a decade earlier. What’s more, spending is expected to increase to $1 trillion by 2021 as companies invest in emerging prevention solutions. In fact, more are already turning to artificial intelligence, data analytics, machine learning and other technologies to strengthen their cybercrime defenses.
These technologies seem to hold promise in the fight against fraud, too, thanks to their ability to track and interpret massive amounts of data. This information can then be used to better understand what separates normal consumer behavior from that of bad actors, improving defenses, reducing false positives and giving consumers more convenient and secure online experiences.
Challenges still stand in the way of wide-scale AI, data analytics and ML adoption — including regulatory issues and accurate upcoming fraud trend predictions — but these technologies may represent companies’ best hope for effectively and efficiently fighting bad actors’ attacks. As such, it may not be long before more firms are taking an AI-assisted approach against the rising tide of cybercrime.