Threat intelligence from NuData Security, released today, provides insight into the ominous cyber fraud threats coming over this holiday period.
Fraudsters use ever-morphing cyber fraud methods over the holidays. NuData’s intelligence supports industry trends that e-commerce is increasingly mobile and high-risk.
Fraudsters are using increasingly sophisticated cyber fraud techniques and leveraging spikes in activity over holiday shopping periods to circumvent detection. As merchants and financial institutions implement additional security layers for automation, account takeover, and fraud detection, hackers are evolving to find more complex and pervasive ways to commit fraudulent activities online. Much like a virus that mutates in response to a vaccine, hackers are finding new ways of infiltration.
NuData Security analyzed over 80 billion behavioral events annually over its customer base, and this month alone has performed real-time analysis on 40 billion data points. NuData findings are such:
- High-risk events have more than doubled since this period last year representing a higher percentage of total traffic overall placements.
- At the login, fraudulent activity increased from 4% to 15%
- According to NuData’s intelligence, 60% of new account creations are fraudulent compared to 39% last year. With the underground awash in compromised consumer data from breach-after-breach, fraudulent account creation will continue to climb. Fraudsters create fraudulent accounts and let them sit dormant or make the accounts look legitimate during the time leading up to holiday seasons, then strike. Typically, cybercriminals target these times of year because they know security teams are stretched and policies are loosened up to accommodate volume and they can hide attacks within the volume of transactions.
- NuData found that account takeover continues to be a dire problem for retailers. A staggering 600% increase in login anomalies over this time last year was recorded. Also, both volume and sophistication of these attacks spiked due to stolen personal data being so easy to obtain on the Dark Web and the fact that consumers continue to use the same usernames and passwords from site to site. Login processes have never been so easy to subvert.
- This month alone, NuData warns that they have already seen a 128 percent increase in sophisticated scripted attacks from hackers gearing up for this holiday weekend.
- NuData also recorded 50 million fraudulent attempts last November across the network consortium is predicting an increase in high-risk attacks targeting key retailers. They anticipate that there will be approximately 82 million of these attacks over the same holiday period across the consortium.
Mobile transactions represent a concern for merchants this holiday season, as consumers continue to move to mobile shopping, retailers are trying to balance security and experience. NuData observed a 258% increase in unique devices (across our customer base), firmly supporting industry statistics of over 50% of all e-commerce traffic now coming from mobile devices.
- NuData found that last holiday season mobile devices represented only 11% of total purchases; this year mobile device use is trending toward 25% of all purchases.
- As predicted, with increased usage, there will come increased threats. NuData reports that they are seeing a spike in fraudulent activity from the mobile. They have found that 11% of mobile transactions were high risk in 2015, and this has increased to 32% this year, equating to a 190% increase over 2015. Fraud increases of this kind could have significant dollar value. The typical value of a fraudulent transaction on Black Friday is $190 on a smartphone and $210 for tablets
Fraudsters are using increasingly sophisticated techniques to steal data and circumvent detection:
- NuData found that the rate of device and location spoofing behavior has grown. Organizations relying heavily on device ID and geolocation-based solutions to find risk may be in trouble, as geographical and IP spoofing represented 10% of all risky login activity last fall leading up to Black Friday.
- In general, NuData found that account takeover and new account creation attacks are more challenging to detect by traditional fraud teams and many fraudsters are gravitating toward to these tactics for this reason.
Robert Capps, vp, business development, NuData Security, said:
“Analyzing the information discovered from the NuData Trust Consortium, it is clear that attackers are rapidly evolving their methods to more complex and evolved schemes. Organizations must be ever vigilant as fraudsters leverage the mass of freely available data on the dark web for cybercrime. Expecting consumers to maintain strong, non-reused passwords isn’t realistic, meaning retailers need to shoulder an even larger responsibility to protect their brand and users. Which is why it is more important than ever for online merchants to employ technology that can help them effectively differentiate good customers from bad.”