LexisNexis Risk Solutions released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users. Analysis shows that the under 25 age group is most vulnerable to fraud attacks while the oldest age group is second most vulnerable and loses the most money. The stark risk at both ends of the age spectrum emphasizes the importance for companies to protect both new-to-digital and vulnerable customers when transacting online in 2021. The report also provides a full year review which highlights how 2020 saw an overall decline in human-initiated attacks, while bot attacks accelerated.

The Cybercrime Report analyzes transaction data from the LexisNexis Digital Identity Network, a repository of global shared intelligence gained from billions of consumer interactions including logins, payments and new account applications. The Digital Identity Network processed 47.1 billion transactions in 2020, an increase of almost 12 billion year-over-year. The fraud attack rate observed in the Digital Identity Network decreased on average across all digital businesses year-over-year, although media companies saw an increase in the overall attack rate at account opening.

Malicious attack vectors persist despite reduced attack rates recorded across businesses as automated bot attacks offer fraudsters a cheap, quick and effective method of initial attack. The study analyzed 24.6 billion transactions July through December 2020 and found that mass automated bots used to test identity credentials remain widespread. The Digital Identity Network recorded bot attacks across global regions and within a wide variety of industries and use cases. Likewise, new account creations continue to see high attack rates, representing a key point of entry for fraudsters looking to monetize credentials harvested from data breaches.

Key Findings from the LexisNexis Risk Solutions Cybercrime Report:

• 2020 in Review: Rapid Growth in Digital Transactions Sees Human-Initiated Attacks Drop While Bot Attacks Increase – The number of human-initiated attacks dropped in 2020 by roughly 184 million while the number of bot attacks grew by 100 million. In both cases, the largest number of fraud attacks by volume originated from fraudsters located in the United States, with countries like Canada, the United Kingdom and Germany also fitting into the top ten countries for each attack method. Notably, growth economies increasingly contributed to the number of fraud attacks with rises in human-initiated attacks originating from Guatemala, Bahrain and Zimbabwe and a larger number of bot attacks coming from the Isle of Man, United Arab Emirates and Nigeria.

Sixty seven percent of all transactions were via mobile channels, with much of the transaction growth coming from trusted customers.

• July through December 2020: Cybercrime Across Generations  – With many new-to-digital customers coming online for the first time, the youngest age group of online users – were found to be the most susceptible to fraud attacks over the six month period. Analysis found that there was a 10% growth in new customers among the under 25 age group.  

The oldest age group – 75 and older – experienced the next highest attack rate. This group generally has less familiarity with the latest digital technologies and may be more susceptible to scams and phishing attempts. While millennials and Gen Z are most susceptible to fraud attacks, the average fraud loss per customer increases progressively with age, likely influenced by larger disposable incomes later in life.

The paradox of why fraudsters choose to target the younger age group in proportionally higher volumes is perhaps explained by the fact that higher success rates can offset lower monetary gains.

• July through December 2020: The Cybercrime Landscape Across Industries –The Digital Identity Network found a 29% growth in global transaction volume in the second half of 2020 compared to the second half of 2019. This growth came in the financial services (29%), e-commerce (38%) and media (9%) sectors.

Financial services saw low overall attack rates, driven by a high volume of repeat login transactions from trusted customers, with the exception of payment transactions, which saw attacks at a higher rate than any other industry. This presents a key opportunity for fraudsters to cash out.

E-commerce saw the largest growth in bot volume in comparison to other industries. The 2.7% attack rate for mobile app e-commerce payments is higher than any other industry. This represents an evident point of risk for these businesses.

New account creations for media companies were attacked at a higher rate than any other industry with fraudsters often using media organizations like streaming services, gaming and gambling sites and apps to test stolen identity data.

“Cybercriminals are opportunists first and masters of disguise second. They are always on the lookout for a new target whether this is new lines of credit, new online businesses or new-to-digital consumers,” said Rebekah Moody, director of fraud and identity for LexisNexis Risk Solutions. “While digital businesses are working hard to better provide for new and existing customers, they must identify and mitigate potential risks moment by moment in order to protect consumers from becoming victims of fraud.

“Building a layered defense is key,” Moody continued. “Uniting the best digital identity intelligence with physical identity solutions and behavioral biometrics intelligence can be the gamechanger that organizations need to lessen the unpredictable tides of fraud.

“Digital identity intelligence in particular is crucial for businesses to understand the behavior, transaction history and device intelligence of each identity entering their environment. When we can crowdsource real time intelligence across global digital businesses, it offers an unparalleled view of trust and risk. This creates a low-friction online experience because businesses can better recognize trusted, returning consumers.”

Download a copy of the LexisNexis Risk Solutions Cybercrime Report, July through December 2020.