Financial organisations are being increasingly targeted by cybercriminals looking to capitalise on alternative lending and payment models. Online fraudsters are exploiting the time delays inherent in reporting loan agreements to credit bureaus for substantial financial gain.
According to the latest ThreatMetrix® Cybercrime Report 1 million cyberattacks targeted online lending transactions throughout 2016, and this number will continue to grow in 2017. The total potential loss value of these transactions globally is estimated at £8 billion.
This emerging trend in online lending fraud is the latest attack strategy being used by organised crime rings, driving a vast amount of cybercriminal activity within the financial services sector globally. And it continues to grow at great speed. The number of attacks specifically targeting alternative lending has increased by 150% since Q3 2016.
Additionally, banks and financial services companies are becoming more and more vulnerable. The ThreatMetrix Digital Identity Network®, which analyses around 2 billion transactions per month, detected 80 million attacks using fake or stolen credentials during 2016 in the finance sector alone. Another significant industry trend is the 250% growth in mobile transaction volume year on year, with almost 55% of financial services transactions now coming through mobile devices.
76% of UK Financial Services Transactions Coming from Mobile
In the UK, Q4 saw a 10% growth in overall financial services transaction volumes from an already high level of close to 1 billion in Q3.
This growth is primarily driven by an increase in financial services account logins coming from mobile devices. Financial services had its biggest mobile quarter ever in the UK with 76% of transactions coming from mobile devices. This highlights the continued growth in popularity of transacting on a mobile device in favour of a desktop, particularly for daily login transactions to check bank balances on the move. In addition, UK consumers are now also increasingly opening new accounts on mobile devices; new mobile account applications have steadily grown for the last 4 quarters as people are becoming more comfortable with extending the breadth of services they use a mobile device for.
“Due to its surge in popularity, and fast transaction cycles, online lending has become a prime target for cybercriminals. Online lenders are under increasing pressure to adopt smarter authentication methods that leverage real-time, behaviour-based intelligence to accelerate genuine loans and prevent fraud. This is the only way to thrive in an increasingly competitive market,” says Vanita Pandey, vice president of strategy and product marketing at ThreatMetrix.
Emerging nations appear on the cybercrime frontlines
Besides the US, ThreatMetrix saw this type of fraud originating in developing countries including Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia. This is in keeping with the rise of emerging nations as players in online fraud across all industries. Brazil emerged in Q4 as a major attack destination, and ThreatMetrix saw a significant increase in attacks coming from emerging economies, including Tunisia, Ukraine, Malaysia, Bangladesh, Pakistan, Serbia, Morocco, Guadeloupe, Qatar and Cuba. Identity spoofing is the leading attack vector in such economies.
“The fact that developing nations are becoming bigger players in the online fraud game demonstrates the spread of breached identity data to countries across the globe. One in four transactions on our network is now cross-border, illustrating a global village economy that’s continuing to take root. Global data breaches are making stolen identity data globally available via the dark web, and this information is traded by organised and networked crime rings,” Pandey continues.
Additional Q4 2016 Cybercrime Report findings
With the largest-ever online Christmas shopping season taking place in 2016, Q4 was the network’s biggest digital quarter ever. The Q4 2016 Cybercrime Report found that:
- Nearly 122 million attacks were detected and stopped in real-time, an increase of more than 35% over the previous year.
- Growth in attacks outpaced overall transaction growth, and the overall rejected transaction rate grew 15% — demonstrating heightened risk levels.
- 45% of transactions now come from mobile devices, rising to 55% in financial services, as users log in almost daily to check their bank balance via mobile apps. Mobile devices are increasingly becoming the primary conduit for transacting online, with businesses moving from digital-first strategies to mobile-first ones.
- Mobile-only users have increased across all industry groups, rising to 40% in financial services. For a sizable minority, desktops are becoming obsolete, as the breadth and depth of mobile products and services stretches to allow mobile-only usage.
- Cross-border transactions are growing in prevalence; more than a quarter of transactions in the network are now cross border, but these continue to be approached with caution and are rejected more than twice as much as domestic transactions.
To access the Q4 2016 Cybercrime Report – click here