ALPHARETTA, Ga.–A new cybercrime analysis details how the evolving threat landscape has created new opportunities for cybercriminals, particularly as they target new online users, while also revealing the financial services industry saw the highest number of attacks on payment transactions.
LexisNexis Risk Solutions’ biannual Cybercrime Report, which covers July-December 2020, shows that the under 25 age group is most vulnerable to fraud attacks while the oldest age group is second most vulnerable and loses the most money.
“The stark risk at both ends of the age spectrum emphasizes the importance for companies to protect both new-to-digital and vulnerable customers when transacting online in 2021,” the company said.
The report also provides a full year review that highlights how 2020 saw an overall decline in human-initiated attacks, while bot attacks accelerated.
The Cybercrime report analyzes transaction data from the LexisNexis Digital Identity Network, a repository of global shared intelligence gained from billions of consumer interactions including logins, payments and new account applications. The Digital Identity Network processed 47.1 billion transactions in 2020, an increase of almost 12 billion year-over-year, LexisNexis said.
‘Malicious Attack Vectors Persist’
The fraud attack rate observed in the Digital Identity Network decreased on average across all digital businesses year-over-year, although media companies saw an increase in the overall attack rate at account opening.
According to LexisNexis, malicious attack vectors persist despite reduced attack rates recorded across businesses as automated bot attacks offer fraudsters a cheap, quick and effective method of initial attack. The study analyzed 24.6 billion transactions July through December 2020 and found that mass automated bots used to test identity credentials remain widespread.
The Digital Identity Network also recorded bot attacks across global regions and within a wide variety of industries and use cases. Likewise, new account creations continue to see high attack rates, representing a key point of entry for fraudsters looking to monetize credentials harvested from data breaches.
The Key Findings
Among the key findings in the newest LexisNexis Risk Solutions Cybercrime Report:
2020 in Review: Rapid Growth in Digital Transactions Sees Human-Initiated Attacks Drop While Bot Attacks Increase
The number of human-initiated attacks dropped in 2020 by roughly 184 million while the number of bot attacks grew by 100 million. In both cases, the largest number of fraud attacks by volume originated from fraudsters located in the United States, with countries like Canada, the United Kingdom and Germany also fitting into the top ten countries for each attack method.
Notably, growth economies increasingly contributed to the number of fraud attacks with rises in human-initiated attacks originating from Guatemala, Bahrain and Zimbabweand a larger number of bot attacks coming from the Isle of Man, United Arab Emirates and Nigeria, LexisNexis said.
Sixty-seven percent of all transactions were via mobile channels, with much of the transaction growth coming from trusted customers.
July through December 2020: The Cybercrime Landscape Across Industries
The Digital Identity Network found a 29% growth in global transaction volume in the second half of 2020 compared to the second half of 2019. This growth came in the financial services (29%), e-commerce (38%) and media (9%) sectors.
Financial services saw low overall attack rates, driven by a high volume of repeat login transactions from trusted customers, with the exception of payment transactions, which saw attacks at a higher rate than any other industry. This presents a key opportunity for fraudsters to cash out.
E-commerce saw the largest growth in both volume in comparison to other industries. The 2.7% attack rate for mobile app e-commerce payments is higher than any other industry. “This represents an evident point of risk for these businesses,” LexisNexis said.
New account creations for media companies were attacked at a higher rate than any other industry with fraudsters often using media organizations like streaming services, gaming and gambling sites and apps to test stolen identity data.
"Building a layered defense is key," said Rebekah Moody, director of fraud and identity for LexisNexis Risk Solutions. "Uniting the best digital identity intelligence with physical identity solutions and behavioral biometrics intelligence can be the gamechanger that organizations need to lessen the unpredictable tides of fraud.
For info: LexisNexis Risk Solutions Cybercrime Report, July through December 2020.