Cybersecurity Roundup: the Rise of First-Party Fraud; and Some Consumers Deterred by Biometrics

By Roy Urrico

Finopotamus aims to highlight white papers, surveys, blogs and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.

In this cybersecurity roundup, we focus on global fraud attacks and consumer reaction to biometrics use in identity checks.

First-Party Fraud Leads the Scam Charge

The annual LexisNexis Risk Solutions Cybercrime Report, The Calm Before the Storm?, shows a substantial shift in the makeup of global fraud attacks, with first-party fraud now the leading type. Looking ahead the report anticipates artificial intelligence (AI)-powered fraud to increase in 2025.

The Cybercrime Report is based on cybercrime attacks detected in the LexisNexis Digital Identity Network between January and December 2024, during near real-time analysis of consumer interactions from new account creations, logins and payments to non-core transactions such as password resets and transfers. The report found the four most prevalent categories were first-party fraud, third-party account takeover, scams and identity theft.

“After two years of substantial increases in overall global attacks, the latest Cybercrime Report finds that rates began stabilizing in 2024, with only a marginal (1%) increase in the human attack rate and a 15% decrease in global bot attacks – algorithms designed to break into customer accounts using stolen credentials,” said LexisNexis in the report. “However, LexisNexis Risk Solutions believes this relatively calm global picture may obscure underlying signs of a coming storm powered by AI.”

First-party fraud, which includes misrepresenting or giving false personal or account information for financial gain, represented 36% of all reported fraud in 2024, up from 15% the year before. First-party fraud includes deception when applying for a loan, claiming a card purchase to get a refund (known as friendly fraud), or non-delivery of ordered goods. “’Buy now, pay later (BNPL) clients reported more first-party fraud, as did financial institutions in general. Periods of inflation and the rising cost of living are known to motivate consumers to attempt first-party fraud,” said the study.

Other findings:

·         With significant layers of fraud defenses in place, financial services generally saw a lower attack rate (1.2%) than most other industries. Nevertheless, finserv transactions grew 16% year over year (YOY).

·         Account takeover (ATO) fraud – fueled by phishing and smishing (SMS phishing) activity – represents 27% of globally reported fraud (down by about 2% year on year).

·         Scams, including authorized push payment (APP) fraud, represent 11% of cases (down from 16% of cases in 2023).

·         Eleven percent of password reset attempts in 2024 was a fraud attack, rising to 27% reset attempts initiated on a desktop computer.

“These findings represent a notable shift in global fraud patterns, with consumers now emerging as the single largest source of human-initiated fraud,” said Stephen Topliss, vice president of fraud and identity, LexisNexis Risk Solutions. “The change in composition of attacks presents a significant challenge for fraud prevention since detecting first-party fraud requires a subtly different approach than detecting scams or account takeovers. Organizations can’t afford to be complacent, however – there were more than three billion brute-force automated account takeover attacks detected last year alone and scams remain a global problem. It is vital for organizations to have models tuned to detect these varied forms of fraud.”

Topliss continued, “We are at a potential tipping point. While many organizations have improved their defenses over the past few years, we also know that cybercriminals are embracing new innovative, AI-enhanced capabilities and we will likely see these extensively tested and executed over the coming months. Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks.”

Consumers Concerned Over Biometrics Harvesting

Sixty-three percent of respondents to a consumer attitude survey on biometrics by the Identity Theft Resource Center (ITRC) said they had serious concerns about providing biometric information; 91% provided it anyway.

For the Biometric Report, the El Cajon, Calif.-based ITRC, a national nonprofit organization that supports identity crime victims, surveyed 1,177 consumers to gauge their familiarity with using biometric information for identity verification. Eighty-seven percent of respondents received requests for biometrics to verify their identity in the past year, according to the responses.

Two-thirds of respondents agreed that biometrics can reduce identity crimes. However, 39% believed in banning biometric use, while 36% did not share that same belief. Younger respondents and men (approximately 45% and 54%, respectively) dominated the number of people wanting to ban the use of all biometrics. Women (39%) and respondents 60-plus years old (about 49%) dominated the number of people who would not ban biometrics.

“This research highlights a critical need for those of us working to prevent identity crimes to do a better job explaining both the benefits and risks of emerging identity technologies – especially biometrics,” said Eva Velasquez, CEO of the Identity Theft Resource Center. “Our hope is that this Biometric Report serves not only as a guide for future study but also as a roadmap to increase public understanding and acceptance. Change can be uncomfortable, but resisting it without understanding the facts can create unnecessary risk. We must do more to show why secure biometric identity verification is in everyone’s best interest.”

“What occurs next is identity fraud, when a criminal uses stolen information to pretend to be the person whose identity has been compromised,” noted Velasquez. “Identity criminals use stolen information to open new accounts at banks and retailers, take out loans and credit cards, seek jobs, and even apply for government benefits—all of which are application processes that require you to prove your identity.”

Some identity crimes can be prevented with the right technology, regulatory framework and consumer support, the report suggested. “That is especially true when it comes to using biometrics to verify a person’s identity in important transactions like opening a bank account or applying for government benefits.”

Velasquez maintained, “One of the barriers to wider adoption of biometrics in identity verification: the attitudes of people who are asked to provide a biometric to verify their identity as part of a transaction. This research reinforces the need for all of us engaged in preventing identity crimes to do a better job of explaining the benefits and risks of new identity technologies, especially biometrics. Change is hard and often scary, but it doesn’t have to be.”