“Identity is the new global currency, which explains why fraudsters are prioritizing valuable resources to test and validate identities across disparate industries,” said Vanita Pandey, VP of Strategy at Arkose Labs. “As we enter the next stage of the post-breach era, when identities have been compromised en masse and fraudsters have access to behavioral information on consumers through hacked accounts, it has never been more difficult to validate digital identity. Intelligent step-up challenges can be the missing link to clarify whether an online identity has been corrupted by fraudster or is being exploited by organized sweatshop activity.”
Arkose Labs observed a 30-percent increase in account takeover attacks in the retail industry compared to the previous quarter. Account takeover attacks are a precursor to payment fraud, as most ecommerce companies encourage consumers to create accounts and store payment details to remove friction in the path-to-purchase.
According to the report, 81 percent of all retail attacks were fraudulent payments transactions, with fraudsters targeting this sector to monetize the identity and payment credentials that have been breached en masse.
“Our report exposes the monetization roadmap criminals take to commit an attack,” said Pandey. “First, fraudsters test credentials – which we are witnessing in profusion across all industries. Next, they take over accounts. Payment fraud is usually the last step in the attack cycle and the overwhelming volume of fraudulent retail payment transactions in Q3 forecasts a very ominous holiday shopping season. Data shows criminals are weaponizing credentials to target businesses when transaction volumes are elevated and all digital commerce companies must be on high-alert.”
Attacks from malicious humans – both lone perpetrators and organized fraud sweatshops—increased 33 percent over the previous quarter and nearly one in every five attacks are human-driven rather than automated.
Every third attack on ﬁnancial services is human-driven, with the most sophisticated attacks coming from lone fraudsters with access to stolen identity information and the latest tools. Over half of the attacks from Russia and China are human-driven, and China continues to have the highest mix of human-driven attacks because of the enormous labor pool available.
“The increase in human-driven fraud highlights why businesses need to rethink the role of friction within their authentication strategy. We have spent so much time focusing on acceptance rates, but a little friction is not bad if it allows organizations to properly protect their attack surfaces while giving consumers a simple way to prove they are legitimate,” said Pandey.
Overall, the U.S. experienced the highest number of attacks in Q3 2019.
Using regional economic indicators combined with proprietary data on known attacks, Arkose Labs created an Attack Incentive Index for countries across the globe. The higher the incentive, the more resources they are likely to put behind attacks while still preserving ROI.
Areas with high incentive levels have more ﬁnancial motivation to become involved in cybercrime and will persevere longer than average when they meet resistance or friction before abandoning attacks as they cease to be proﬁtable.
Disparities in wages and cost of labor, differing costs of living and the comparative purchasing power of different currencies shift incentive levels among would-be fraudsters. For example, based on IMF statistics on purchasing power parity, the Russian ruble is a quarter of the value of the US dollar. Therefore, cybercriminals in Russia stand to gain four times the value from defrauding United States businesses as opposed to acquiring rubles.
Russia, the Philippines and Indonesia all have the highest Attack Incentive Index rating and feature in the top five countries from which attacks originate. Philippines is the top attack originator; fraudsters are driven by the low purchasing power of the region, meaning that there are big gains to be won in defrauding western countries.
“Businesses are coming up against global cybercrime networks which are leveraging regions with high Attack Incentive Index ratings, using the economic realities of different locations to their advantage,” said Gosschalk. “The sooner businesses understand the varying global economic factors which incentivize cyber fraud and inform attack patterns, the sooner they can better protect their attack surfaces. The best defense in today’s fraud landscape is a strategy rooted in prevention, which removes the economic incentive for fraudsters to attack.”