Confirm

Are you sure?

Comfirm Cancel

Login http://www.becomegorgeous.com/users/auth/facebook

Or Login using BecomeGorgeous

Register

Please fill the form below and follow the further instructions.

By registering, you are agreeing to the terms and conditions.
We will not sell, rent or give your email to anyone so don't worry about spam.

Recommended

http://www.becomegorgeous.com/users/auth/facebook
Password Recovery

You are about to receive a email from us please make sure to check your spam or junk folder and add our email email@bg.com to your contact list.

Thank you!

Judith J. Francis

Large

Status

General
Unknown

  • 11534 Rank

  • 0 Points

Published on: 14 Mar 2017 by francisjud

Cyber security: Fraud rises as cybercriminals flock to online lenders

Cybercrime
is becoming more automated, organized and networked than ever before, according
to the ThreatMetrix Cybercrime Report: Q4 2016.

 

Cybercriminals
are increasingly targeting online lenders and emerging financial services, says
Vanita Pandey, vice president of strategy and product marketing, ThreatMetrix.

 

[
Related: 8 tips to defend against online financial fraud threats ]

 

ThreatMetrix's
report is based on data drawn from its ThreatMetrix Digital Identity Network,
which analyzes about 2 billion transactions per month for insight into traffic
patterns and emerging threats. The network uses a real-time policy engine to
analyze transactions — about 44 percent of which originate from mobile devices
— for legitimacy based on hundreds of attributes, including device
identification, geolocation, previous history and behavioral analytics.

 

ThreatMetrix's
data shows 1 million cyberattacks targeted online lending transactions
throughout 2016, Pandey says . It estimates the total value of these
transactions at about $10 billion. It expects the number of attacks to continue
to grow in 2017. Indeed, the number of attacks specifically targeting
alternative lending increased by 150 percent quarter-over-quarter in the fourth
quarter of 2016. That doesn't mean criminals have stopped targeting banks:
ThreatMetrix says it detected 80 million attacks using fake or stolen
credentials during 2016 in the finance sector alone.

 

It
should be noted that attacks are increasing both in number (ThreatMetrix says
it detected and stopped nearly 122 million attacks in real-time in the fourth
quarter, an increase of more than 35 percent over the previous year) and in
proportion: growth in attacks outpaced overall transaction growth, and the
overall rejected transaction rate grew by 15 percent.

 

[
Related: Online card fraud up as thieves avoid more secure chip cards for
in-store payments ]

 

"Fraud
has evolved from being like robbing a house to being a big heist on a bank or
institution," Pandey says.

 

Increasingly,
she explains, cybercriminals are stealing identities and using them to create
accounts that they allow to sit and mature, sometimes for years, before
leveraging them for crime.

 

First,
she says, criminals buy, trade and augment stolen identity credentials from any
of the numerous data breaches that occur with increasing frequency.

 

"Most
of us have been breached, whether you've stayed at an InterContinental Hotel,
or you had a Yahoo account or you have a LinkedIn password you haven't changed
in four years," she says.

 

Those
credentials are then used to create new accounts with retailers, banks and
e-lenders. E-lenders are frequently targeted, perhaps because the criminals see
them as softer targets than more established banks, according to ThreatMetrix.

 

"They
will then use automated bot attacks on a new site to create an account for
you," Pandey says. "If it doesn't exist, they'll create an account.
If it does, they'll bring in sophisticated tools to crack your password.
They'll let an account sit and mature for a while. Once your identity has been
verified, a lot of times you won't be stepped up or challenged. Imagine if I
have a stable account, I've been transacting for two years nicely and then I
use my account to buy a big item and change my address, they may not flag
that."

 

Pandey
says ThreatMetrix sees a lot of fraud being committed with accounts that have
five or even six years of credit history and a big credit file. Even victims
who regularly check their credit reports may not pick up on the fraud, as the
criminals take care not to damage their victims' credit ratings until the
accounts mature.

 

"Due
to its surge in popularity, and fast transaction cycles, online lending has
become a prime target for cybercriminals," she says. "Online lenders
are under increasing pressure to adopt smarter authentication methods that
leverage real-time, behavior-based intelligence to accelerate genuine loans and
prevent fraud. This is the only way to thrive in an increasingly competitive
market."

 

Developing countries becoming bigger
players in online fraud game

 

This
type of fraud isn't limited to the U.S. and other developed nations.
ThreatMetrix says it has seen this type of fraud originating in developing
countries including Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia. ThreatMetrix also reports a significant increase in attacks,
particularly identity spoofing attacks, from emerging economies including
Tunisia, Ukraine, Malaysia, Bangladesh, Pakistan, Serbia, Morocco, Guadeloupe,
Qatar and Cuba.

 

"The
fact that developing nations are becoming bigger players in the online fraud
game demonstrates the spread of breached identity data to countries across the
globe," Pandey says. "One in four transactions on our network is now
cross-border, illustrating a global village economy that's continuing to take
root. Global data breaches are making stolen identity data globally available
via the dark web, and this information is traded by organized and networked
crime rings."

 

How to keep the online digital world
safe

 

With
cybercriminals becoming more ambitious and more sophisticated, Pandey says it's
becoming clear that text-based authentication needs to be deprecated. In fact, she
says, any static information used for authentication that must be stored by a
company is susceptible to a data breach and therefore an outdated way of
thinking about secure authentication, identity verification and fraud
prevention.

 

"It
is becoming increasingly clear that the only true way to keep the online
digital world safe and secure, (and processing transactions in the manner that
technology-savvy consumers expect), is by analyzing the digital identity of
every online user, an identity that is built on dynamic, shared intelligence
harnessed from sources far wider than the individual companies a user transacts
with," the ThreatMetrix report says.

 

Behavioral analytics and machine
learning are the keys to making this work.

 

"It
is only by using this holistic, crowdsourced approach to digital identities
that companies can be more confident of accurately differentiating fraudsters
from genuine customers," the report concludes. "In the case of Yahoo,
the cookies might have been forged, but the online footprint of those
fraudsters would have been markedly different to the genuine users, and it is
up to Yahoo to be able to detect that in order to protect sensitive customer
data."

Add a Comment

* Please Add A Comment

Anonymous

Thank you for submission! Your comment will be displayed after getting approval from our administrators.

Connect With
Or Pick a name