Business Maverick

CYBERCRIME REPORT

Spike in digital fraud, but consumers can be part of the solution – global survey

Spike in digital fraud, but consumers can be part of the solution – global survey

Digital transactions dominated the global marketplace with an increase of 37% year on year for the six months to end June, while businesses saw a corresponding 38% jump in malicious bot attacks over the past year.

The bot attack rate for e-commerce businesses was significantly higher at 155%, according to the LexisNexis Risk Solutions’ first Global State of Fraud and Identity Report released on Tuesday.

The survey included interviews with almost 3,000 risk and fraud executives in retail, e-commerce and financial services/lending across the globe over the last year. 

“Digital fraud has continued to grow as economies around the world re-opened in 2022, as we anticipated in our H2 2021 Cybercrime Report based on early trends in the United States, Europe, the Middle East and Africa.

“The latest surge in scams shows how the fraud landscape will continue to morph. Organisations need to use flexible fraud prevention models coupled with an adaptive authentication approach,” says Stephen Topliss, vice-president, fraud and identity, at LexisNexis Risk Solutions.

Topliss says a solution approach deep in layers, combining behavioural biometrics with global digital identity data and risk-appropriate authenticators, enables businesses to confidently make risk-based decisions while delivering a friction-appropriate customer journey.

The report demonstrates how digital transactions dominated the global marketplace as the pandemic-driven trend of consumers migrating to online interactions became commonplace behaviour.  

Pandemic-driven digital transaction growth continued to attract fraud attacks, with global businesses recording a 32% jump in the human-initiated attack rate over the past year, while high-velocity automated bot attacks were up 38% year on year.

Shifts to mobile channels continued to increase, reaching 76% of all transactions in the digital identity network. Consumers today use an average of four connected devices to facilitate digital economy transactions. 

The addition of new e-commerce channels via marketplaces and within the wider banking ecosystem, along with a proliferation of payment options such as Buy Now Pay Later (BNPL), digital wallets and QR codes, contributed to a growth in transactions across mobile channels.

As consumers adopt multiple digital channels and payment formats, they expect a positive experience and trusted security measurements at every touchpoint. Identification and authentication solutions across the entire customer journey are becoming mandatory, as fraudsters build attack strategies at every stage. 

The report reveals that one in 12 new account openings, and one in 20 password resets, represent an attack.

“Cybercriminals quickly launch complex attacks on the weakest link in the omnichannel network, targeting individuals who are newer to transacting online with less cybersecurity awareness, while targeting companies that – in their rush to provide consumers with digital transaction options – have not deployed adequate defences,” Topliss says.


Visit Daily Maverick’s home page for more news, analysis and investigations


Key findings from the report include:

  • Fraud evolves with new payment methods: Increased adoption and strong demand for contactless payment methods are major contributors to the rise of QR code fraud. BNPL is gaining traction globally, leading to an increase in new account opening fraud.
  • Risks in the digital ecosystem: Fraud networks are increasingly pervasive in the omnichannel digital ecosystem leading to a dramatic rise in scams including social engineering, identity theft, password reset and account takeover fraud. The escalating risk of account takeover fraud is one of the biggest threats, as mobile app login attack rates increased 211% year on year.
  • Identity verification remains the top hurdle: Customer identity verification remains a top challenge for global businesses, which cited limited real-time third-party data (46%) and limited real-time transaction tracking (43%) as the two biggest challenges when it comes to verifying customer identity in online channels.

Locally, companies – particularly those in the financial services arena – have spent millions educating their customers about new and evolving security risks. 

However, authentication expert Entersekt says South African consumers are now so hyper-aware of protecting their personal data, that many are inadvertently disabling their means to some of the strongest digital security available. 

“Striking the balance between friction and security will require re-educating customers and making them part of the solution,” says Andries Maritz, product manager at Enterekt. 

Maritz says authentication is generally viewed as a one-size-fits-all solution, but this approach is no longer appropriate and not only adds layers of friction that will hurt the customer experience, but also cuts the customer off from a better security option. 

“Context-aware authentication looks at each transaction and each user profile and then makes a judgement call as to the most appropriate authentication journey for that transaction.  

“The problem is that as customers take control of their data, many are switching off certain functions in apps, such as location data. While it’s understandable that users are mistrustful of being tracked, this could potentially force a shift in how authentication solutions operate and assess risk,” he explains. 

The authentication method has evolved to accommodate the move towards omni-channel customer experience. 

A Future of Authentication in Financial Services survey, conducted by PYMNTS and Entersekt, shows that 25% of consumers use multiple devices to check their bank accounts. This means banks and other financial services companies will need to build up data across all digital channels over a period of time in order to deliver accurate estimations of the legitimacy of users and transactions. 

“Consumers are wary of the unknown. They may not immediately understand what companies are using their data for, and this can cause panic. For instance, your banking app may access your camera in order to compare your face to the picture it has of you on file. 

“Or it may access your microphone, apply artificial intelligence to emit a noise, and see if that noise bounces back to ensure it is not dealing with a recording of your voice. 

“There are also other liveness detection features, which may be startling if the user is not aware of them. We believe that organisations should inform customers and make them part of the security solution,” Maritz says. BM/DM

Gallery

Comments - Please in order to comment.

  • virginia crawford says:

    Perhaps someone can explain this: my address on my Woolworths Dash profile was changed to an area I’ve never even been to. The response from Woolworths took over a week and amounted to nothing, certainly no explanation as to how profile details can be altered “randomly “. My concern about my bank and personal details being potentially accessed went unheeded by Woolworths.

  • Epsilon Indi says:

    Sometimes organisations throw the baby out with the bathwater, ABSA is a case in point. They have a set of questions they use to authenticate customers which are sourced from credit bureaus and they contain so much fluff it’s difficult to answer them correctly. The questions are similar to “How much did you pay into your home loan account 3 months ago ?” WHAT ? I don’t even know what I paid into my home loan account this month let alone 3 months ago and similar to “Were you ever a director of company XYZ ?” when my involvement with that company was over 15 years ago, WHAT ? I don’t know, I can’t remember what I was doing 2 years ago let alone 15 years ago. They ask one stupid question after the next and if one gets 2 or more incorrect they refuse to authenticate one. I find this approach EXTREMELY irksome, for heaven’s sake ask me relevant questions not inane questions that only a bl–dy accountant would remember. This is a classic example of an organisation being overzealous and letting the security related to a customer’s account get in the way of the customer accessing that account.

Please peer review 3 community comments before your comment can be posted

X

This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.


Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.

We would like our readers to start paying for Daily Maverick...

…but we are not going to force you to. Over 10 million users come to us each month for the news. We have not put it behind a paywall because the truth should not be a luxury.

Instead we ask our readers who can afford to contribute, even a small amount each month, to do so.

If you appreciate it and want to see us keep going then please consider contributing whatever you can.

Support Daily Maverick→
Payment options

Become a Maverick Insider

This could have been a paywall

On another site this would have been a paywall. Maverick Insider keeps our content free for all.

Become an Insider

Every seed of hope will one day sprout.

South African citizens throughout the country are standing up for our human rights. Stay informed, connected and inspired by our weekly FREE Maverick Citizen newsletter.