ThreatMatrix’s 2018 Cybercrime Report is based on the transactions in their Digital Identity Network - the world largest tracking of cyber fraud worldwide. The report’s forward quotes Wired.com who claim that, “a group of computer scientists from New York University’s engineering department has managed to generate a series of “master prints” that not only pass smartphone fingerprint sensors but can actually masquerade as prints from multiple users. When evolving global regulations are mandating the use of a “foolproof” biometric suite of strong authentication, hackers are already cracking the codes that make them penetrable.”
The report says, “This calls into question the very meaning of strong authentication; is anything really impenetrable? How far should businesses rely on point solutions to protect customer accounts and authenticate online payments?”
The numbers (for the 2nd half of 2018) were:
- 17 billion transactions processed
- 3 billion bot attacks
- 61% of transactions from mobile
- 244 million human-initiated attacks including mobile attacks
- USA was the biggest attacker.
The main findings were that:
- Mobile risk continues to grow, except for e-commerce logins where 69% of logins were on desktops
- Strong networked pattern of fraud, with the same cybercriminals working across different organizations in the same industry, as well as across different industries
- E-commerce under pressure from bot volume
- 107% growth in mobile account takeovers in comparison to H1 2018, despite the fact that overall attack rates are low
- Fraudsters see media companies, with their lower barriers to entry, as ideal test beds for stolen credentials. Approximately one in every six new account creation transactions is fraudulent.
The report concluded that:
- “the only reliable approach to smart authentication is a layered solution that combines real-time elements of a user’s unique behavioral pattern, with customer- focused, strong authentication that is inextricably linked to their online customer journey.
- Only then can businesses genuinely detect unusual or high-risk scenarios before they pose a risk to security defenses and customer accounts.”
CTMfile take: Given those digital identities may be about to become unreliable, is the only solution “a layered solution that combines real-time elements of a user’s unique behavioural pattern, with the customer-focused, strong authentication that is inextricably linked to their online customer journey”? What else can you do?
Fraud: detect anomalies as they happen
Aite study reviews how to use machine learning platforms and to reduce false positives by 63%, & increase CNP fraud detection by 177%
Payments & fraud keeping CFOs awake at night
AFP 2018 Payments Fraud Survey shows major concerns and opportunities
US payments fraud at record high, AFP survey shows
More than four in five organisations reported incidents in 2018, reports the Association for Financial Professionals.