Fraud increased 30% overall in Q3 2019
and bot-driven account registration fraud is up 70% as cybercriminals test
stolen credentials in advance of the holiday retail season. The Q4 Fraud and
Abuse Report today released by
Arkose Labs, the platform that bankrupts the business model of fraud and
abuse, provides deep insights into the global cybercrime ecosystem and reveals
how criminals worldwide are preparing for large-scale attacks on digital
commerce in Q4 2019.
After analyzing over 1.3 billion
transactions spanning account registrations, logins and payments, the report
found that a staggering one in five account openings were fraudulent. Arkose
Labs examined transactions in the financial services, e-commerce, travel,
social media, gaming and entertainment industries from July 1, 2019 to Sept.
30, 2019.
"Our report
shows the evolving nature of the global cybercrime ecosystem. The monetization
channels of fraud have become increasingly complex, which means the incentive
and victim is not always immediately obvious," said Kevin Gosschalk, CEO of
Arkose Labs. "One thing is clear: the way fraudsters are weaponizing
compromised data from recent high-profile breaches highlights the deep
connectivity of the global cybercrime ecosystem that goes way beyond selling
stolen data or knowledge sharing. One attack is a precursor to another attack,
and they can be in two different industries, across two different geographies."
Account
registrations are the most attacked customer touchpoint
Digital account
registration has become the identity testing mechanism for fraudsters,
evidenced in the sharp increase in account creation attacks. Even when an
account creation attack fails, it can provide valuable insight into the
existence of an account with the business. This information is then used for
more sophisticated account takeover attacks.
The report
found that identity testing on social, tech and gaming companies continues to
be high. Within the technology industry, fake account creations were nine times
more likely to be attacked compared to login attempts, increasing five-fold
from the previous quarter. This is because fraudsters are discovering
increasingly inventive ways to monetize account creation attacks. An
interesting example revealed in the report was abuse detected on a technology
platform that offered access to free cloud computing accounts, which was
subsequently used to mine for Bitcoin.
"Identity is
the new global currency, which explains why fraudsters are prioritizing
valuable resources to test and validate identities across disparate
industries," said Vanita Pandey, VP of Strategy at Arkose Labs. "As we enter
the next stage of the post-breach era, when identities have been compromised en
masse and fraudsters have access to behavioral information on consumers through
hacked accounts, it has never been more difficult to validate digital identity.
Intelligent step-up challenges can be the missing link to clarify whether an
online identity has been corrupted by fraudster or is being exploited by organized
sweatshop activity."
Elevated
attack rate on retail payments transactions forecasts record-high holiday fraud
season
Arkose Labs
observed a 30% increase in account takeover attacks in the retail industry
compared to the previous quarter. Account takeover attacks are a precursor to
payment fraud, as most ecommerce companies encourage consumers to create
accounts and store payment details to remove friction in the path-to-purchase.
81% of all
retail attacks were fraudulent payments transactions, with fraudsters targeting
this sector to monetize the identity and payment credentials that have been
breached en masse.
"Our report
exposes the monetization roadmap criminals take to commit an attack," said
Pandey. "First, fraudsters test credentials - which we are witnessing in
profusion across all industries. Next, they take over accounts. Payment fraud
is usually the last step in the attack cycle and the overwhelming volume of
fraudulent retail payment transactions in Q3 forecasts a very ominous holiday
shopping season. Data shows criminals are weaponizing credentials to target
businesses when transaction volumes are elevated and all digital commerce
companies must be on high-alert."
"As we head
into the holiday season, customer acquisition is top of mind for retailers.
Fraudsters know this and will exploit the pressure companies are under to open
new accounts and maximize conversion rates," said Gosschalk.
Human-driven
fraud on the rise
Attacks from
malicious humans - both lone perpetrators and organized fraud
sweatshops-increased 33% over the previous quarter and nearly one in every five
attacks are human-driven rather than automated.
Every third
attack on financial services is human-driven, with the most sophisticated
attacks coming from lone fraudsters with access to stolen identity information
and the latest tools. Over half of the attacks from Russia and China are
human-driven, and China continues to have the highest mix of human-driven
attacks because of the enormous labor pool available.
"The increase
in human-driven fraud highlights why businesses need to rethink the role of
friction within their authentication strategy. We have spent so much time
focusing on acceptance rates, but a little friction is not bad if it allows
organizations to properly protect their attack surfaces while giving consumers
a simple way to prove they are legitimate," said Pandey.
Overall, the US
experienced the highest number of attacks in Q3 2019.
New Attack
Incentive Index measures financial motivations by country to commit fraud
Using regional
economic indicators combined with proprietary data on known attacks, Arkose
Labs created an Attack Incentive Index for countries across the globe. The
higher the incentive, the more resources they are likely to put behind attacks
while still preserving ROI.
Areas with high
incentive levels have more financial motivation to become involved in cybercrime
and will persevere longer than average when they meet resistance or friction
before abandoning attacks as they cease to be profitable.
Disparities in
wages and cost of labor, differing costs of living and the comparative
purchasing power of different currencies shift incentive levels amongst
would-be fraudsters. For example, based on IMF statistics on purchasing power
parity, the Russian ruble is a quarter of the value of the US dollar.
Therefore, cybercriminals in Russia stand to gain four times the value from defrauding
United States businesses as opposed to acquiring rubles.
Russia, the
Philippines and Indonesia all have the highest Attack Incentive Index rating
and feature in the top five countries from which attacks originate. Philippines
is the top attack originator; fraudsters are driven by the low purchasing power
of the region, meaning that there are big gains to be won in defrauding western
countries.
"Businesses are
coming up against global cybercrime networks which are leveraging regions with
high Attack Incentive Index ratings, using the economic realities of different
locations to their advantage," said Gosschalk. "The sooner businesses
understand the varying global economic factors which incentivize cyber fraud
and inform attack patterns, the sooner they can better protect their attack
surfaces. The best defense in today's fraud landscape is a strategy rooted in
prevention, which removes the economic incentive for fraudsters to attack."
To learn more about Arkose Labs and its Fraud
and Abuse Defense Platform, visit
www.arkoselabs.com.