ThreatMatrix’s 2018 Cybercrime Report is based on the transactions in their Digital Identity Network - the world largest tracking of cyber fraud worldwide. The report’s forward quotes Wired.com who claim that, “a group of computer scientists from New York University’s engineering department has managed to generate a series of “master prints” that not only pass smartphone fingerprint sensors but can actually masquerade as prints from multiple users. When evolving global regulations are mandating the use of a “foolproof” biometric suite of strong authentication, hackers are already cracking the codes that make them penetrable.”

The report says, “This calls into question the very meaning of strong authentication; is anything really impenetrable? How far should businesses rely on point solutions to protect customer accounts and authenticate online payments?”

The numbers (for the 2nd half of 2018) were:

• 17 billion transactions processed
• 3 billion bot attacks
• 61% of transactions from mobile
• 244 million human-initiated attacks including mobile attacks
• USA was the biggest attacker.

Key highlights

The main findings were that:

• Mobile risk continues to grow, except for e-commerce logins where 69% of logins were on desktops
• Strong networked pattern of fraud, with the same cybercriminals working across different organizations in the same industry, as well as across different industries
• E-commerce under pressure from bot volume
• 107% growth in mobile account takeovers in comparison to H1 2018, despite the fact that overall attack rates are low
• Fraudsters see media companies, with their lower barriers to entry, as ideal test beds for stolen credentials. Approximately one in every six new account creation transactions is fraudulent.

 Conclusion

The report concluded that:

• “the only reliable approach to smart authentication is a layered solution that combines real-time elements of a user’s unique behavioral pattern, with customer- focused, strong authentication that is inextricably linked to their online customer journey.
• Only then can businesses genuinely detect unusual or high-risk scenarios before they pose a risk to security defenses and customer accounts.”

---

CTMfile take: Given those digital identities may be about to become unreliable, is the only solution “a layered solution that combines real-time elements of a user’s unique behavioural pattern, with the customer-focused, strong authentication that is inextricably linked to their online customer journey”? What else can you do?