By Roy Urrico
Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
In 2022, the global digital attack rate increased 20% year-over-year (YOY) compared to 2021, continuing the rising digital fraud trend as economies re-opened following the pandemic. Digital transactions last year went up by 24% YOY, primarily driven by increasing transactions in financial services (29%) and e-commerce (17%).
These are among the findings from Atlanta-based LexisNexis Risk Solutions’ annual Cybercrime Report titled, Trust and Collaboration as Foundations to Fight Fraud. The analysis uses 79.8 billion transactions processed through the LexisNexis Digital Identity Network from January to December 2022 – with specific data focused on financial services, e-commerce transactions and cyberattacks.
Regarding the rise of digital fraud in 2022, the report stated “Cybercriminals had already been looking forward to expanding opportunities. Countries historically less impacted by fraud — Singapore for example — were being clearly targeted at the start of the year with a surge in fraud attacks. By the end of the year, not only was much of the world back open for business, but there was talk of a new global fraud pandemic.”
Soudamini Modak, director, market strategy, fraud and identity at LexisNexis Risk Solutions, provided Finopotamus with insight into the Cybersecurity Report’s findings. She noted, “We have seen changes year over year, the increase in the number of digital transaction and that shift to digital to more usage of the mobile apps.” Modak added, “(LexisNexis Risk Solutions) looks at the trends from a couple of the global lenses. We also drill down to the industry level as well as the regional level.”
Key Takeaways
LexisNexis Risk Solutions, which provides data and technology solutions that help businesses and governmental entities reduce risk and improve decisions, revealed some key findings within its Cybercrime Report:
· The increasing popularity of mobile channels. Mobile transactions have reached a record high of 77% of all observed transactions, with the mobile app channel making up 82% of all mobile interactions.
· The attack rate continues to rise. The global attack rate continues to increase, driven by an uptick in the financial services and e-commerce industries at 31% and 29%, respectively.
· Vulnerabilities in payments. Alternative payment methods, such as digital wallets, QR code payments and peer-to-peer transfers, continue to gain popularity, particularly in Asia-Pacific (APAC) countries. However, across all desktop and mobile channels, attack rates on digital payments increased 27% YOY.
· Lucrative avenue for cybercrime. Automated bot attacks in the e-commerce space have grown 195% globally. Almost half of these attacks concentrated on the U.S., where focused bot attacks increased by 127% YOY. Bot attacks increased 112% in the U.S. gaming and gambling industry alone as the sector grows due to legalization in more states.
Payments and Financial Services as Fraud Targets
“Obviously during the COVID years we have seen this massive increase in the digital transactions as new users or even the existing users were transacting more digitally,” Modak noted. She added, ease of use is driving more activity in mobile channel in general. “In terms of the attack patterns, what caught my attention this time was that human-initiated attack increased by about 20% year over year,” said Modak.
Payments and financial services are favorite targets of cyberattacks because of the potential payouts they offer. Pointed out Modak, “The attack rate for financial institutions has increased by 31%, and that is entirely driven by the mobile channel. Consumers are preferring this channel and then obviously (cyberattackers) are also turning their attention to (the mobile) channel particularly because of the opportunity of a cash out or payout.”
“In the case of payments, it's really crucial to analyze the risk associated with both sender and beneficiary when it comes to peer to peer payments,” added Modak. “If that's not being done, some institutions will still see that those attacks more and more.”
The report emphasized as fraud attacks increased, some organizations responded by focusing more on building trust with their loyal customer base. The study explained separating the trusted population enables organizations to enhance the digital experience for good customers while facilitating a more focused analysis of the remaining events to determine which are attacks. Modak explained that analysis from the Digital Identity Network showed that the percentage of events classified as trusted during 2022 increased by 9%.
Mules and Scams
Modak also pointed to the increased use of money mules, people who, at someone else's direction, receive and move money obtained from victims of fraud. “We've seen mules provide the kinds of accounts that can be used to receive the stolen funds or the mechanism to rapidly transfer those funds across the banks.”
Mules are often considered more of a financial crime problem because they play a supporting role in money laundering or terrorism financing. However, the report suggests mules also play a significant role in networked fraud schemes by providing accounts that can be used to receive stolen funds and a mechanism to rapidly transfer those funds onwards across financial institutions and borders.
The report classifies mules into different types: complicit (accounts set up specifically for mule activity); converted (genuine accounts where the owner knowingly begins to engage in mule activity); and unwitting (genuine accounts where owners are unwittingly scammed into mule activity).
Scams of all kinds—both traditional account takeover through phishing attacks as well as sophisticated authorized push payment fraud—were frequently in the news in 2022 and continue to be. “Reports of industrial-scale scam centers and gangs in Asia and Eastern Europe confirm that scams have become the latest organized digital crime, operating professionally and cross-border,” states the Cybercrime Report.
Fixing the Vulnerabilities
What makes financial institutions particularly vulnerable is what makes them increasingly more appealing to consumers: their ease of use. “Financial institutions in general are making it easier for their consumers to interact with both web or mobile channels,” said Modak. “And that's not limited to credit unions, but financial institutions in general.”
From a general cybersecurity perspective, Modak noted that establishments and consumers need awareness of phishing attempts or spoofing, which is where employees of a particular organization (or individuals) are tricked into sharing information by clicking on certain links via an email address or fake website. “We hear from our customers all the time where the consumers are sent some links to share their credentials or their personal details on behalf of an email that look very similar to that bank or that e-commerce organization,” said Modak.
Modak continued. “Institutions definitely need to tighten their fraud controls. We have seen in the past few years monies moved across different accounts across different organizations.” She added, more than ever, understanding the customer journey and behavior can help identify potential attacks.
The Identity Abuse Index, contained within the Cybercrime Report, which records the percentage of attacks per day, shows attack rates fell in the fourth quarter of 2022. However, the picture varies by region, with sizeable spikes in Asia-Pacific (APAC), Latin America (LATAM) and North America at the end of the year.