By Roy Urrico
It seems unfair that so many organizations, including credit unions, need to not only focus on carrying on business during a pandemic, but also on numerous security threats before, during and, almost certainly, after COVID-19. Here is a roundup of recent reports that highlight the impact of account takeover and supply chain attacks, and digital fraud.
Businesses Underestimate Account Takeover Attacks
A new study from San Francisco-based Arkose Labs, which provides a platform to identify bad actors, revealed that businesses underestimate the full impact of account takeover attacks (ATOs). The study included more than 100 IT executives at U.S. companies in over a dozen industries ranging in size from 1,000 employees to over 10,000.
“We wanted to better understand how ATO attacks are affecting businesses across industries. What we have found is that it can be deeply destructive — from a brand/user experience to the overall monetary loss for an organization,” said Lizzie Clitheroe, head of product marketing at Arkose Labs.
Overall, almost 90% of the respondents said ATO attacks cost them less than $500,000 in 2020, with 39% reporting losses of less than $100,000 over the past year. However, according to the study, many businesses may not have full visibility into the true extent of how ATOs interrupt their business.
“Account takeover attacks are the fuel that powers fraud and abuse globally. Personal data from compromised accounts is shared and sold on the dark web to then be reused, perpetuating the cycle of every data breach,” the study maintained. “Funds drained from hacked user accounts can be used to fund further downstream scams or to make fraudulent purchases. Legitimate accounts can also be used to send authentic-seeming spam and phishing messages to consumers via email or on a digital platform.”
While most businesses recognize the negative impact ATOs have on user experience and brand awareness, many organizations underestimate the volume of attacks, as well as the total cost of ATOs targeting its users. “With the increase in ATOs, credential stuffing, and rising sophistication of attacks, businesses need to be more vigilant in detecting the nuances and full impact of ATOs,” noted Clitheroe.
The Arkose report determined financial services firms have the most at stake in keeping customer accounts safe from fraud attacks. “Financial firms hold the most valuable consumer data, including bank account information, payment credentials, Social Security numbers, addresses and more.”
The study also revealed successfully hacking into a consumer’s financial account is a treasure trove for fraudsters, and that financial institutions, due to the sensitive and valuable data they store, also face greater regulatory scrutiny as a result of compromised accounts, which could result in massive fines.
It comes as no surprise that 94% of financial institutions surveyed either agreed or strongly agreed that ATOs had impacted their customers’ user experience. Also: 72% of financial services firms reported ATOs affected brand reputation, and 66% disclosed ATOs created compliance concerns, both larger than the cross-industry average.
Digital Fraud Attempts, COVID-19 Fraud Increased 46% In Last Year
Chicago-based TransUnion’s quarterly analysis of global online fraud trends found fraudulent digital schemes against businesses increasing since the COVID-19 pandemic. In addition, TransUnion’s 2021 first quarter Global Consumer Pulse Study found that more than one in three global consumers were recently targeted by digital fraud related to COVID-19.
TransUnion came to its conclusions about digital fraud against businesses based on intelligence from billions of transactions and more than 40,000 websites and apps contained in its flagship identity proofing, risk-based authentication and fraud analytics solution suite, TransUnion TruValidate.
It found the percent of suspected fraudulent digital transaction attempts against businesses worldwide increased 46% when comparing the following two periods: March 11, 2019 and March 10, 2020; and March 11, 2020 (when the World Health Organization declared COVID-19 a global pandemic) and March 10, 2021. In the U.S., this percentage increased 22% in the same timeframe.
“Fraudsters are always looking to take advantage of significant world events. The COVID-19 pandemic and its corresponding rapid digital acceleration brought about by stay-at-home orders is a global event unrivaled in the online age,” said Shai Cohen, senior vice president of global fraud solutions at TransUnion. “By analyzing billions of transactions, we screened for fraud indicators over the past year, it has become clear that the war against the virus has also brought about a war against digital fraud.”
The Global Consumer Pulse Study also found (as of March 16, 2021) the number of worldwide consumers targeted by digital fraud related to COVID-19 in the last three months was 36% higher than approximately one year ago.
In April 2020, TransUnion found digital fraud related to COVID-19 affected 29% of consumers globally; in the U.S., this percentage increased from 26% to 38% in the same timeframe. Worldwide, Generation Z at 42% attracts the most targets of any cohort, followed by millennials (37%). In the U.S. Gen Z gets targeted at 53% followed by millennials at 40%.
For financial services, there was a 57.49% suspected fraud change with the top threat being identity theft. Only telecommunication at 57.52% was higher, and for that industry, credit card fraud presented the top fraud.
“TransUnion documented a 21% increase in reported phishing attacks among consumers who were globally targeted with COVID-19-related digital fraud just from November 2020 to recently,” Melissa Gaddis, senior director of customer success, global fraud solutions at TransUnion, said. “This revelation shows just how essential acquiring personal credentials are for carrying out any type of digital fraud. Consumers must be vigilant and businesses should assume all consumer information is available on the dark web and have alternatives to traditional password verification in place.”
TransUnion found the countries with the highest rate of suspected fraudulent digital transactions from March 11, 2020 to March 10, 2021 were: 1) the Seychelles 2) Kazakhstan and 3) Turkmenistan. In the U.S. during that same period, TransUnion found the cities with the highest percent of suspected fraudulent transactions were: 1) Tempe, Ariz. 2) Hamtramck, Mich. and 3) Colonial Park, Pa.
Rise in Breaches and Supply Chain Attacks