There has been a 19% year-over-year (YOY) increase in the global human-initiated digital attack rate compared to the previous year, according to a recent study by LexisNexis Risk Solutions.
As financial leaders, it is important to understand the latest news on cybersecurity for better financial planning and decision-making, especially as a possible digital attack can cost the organisation so much.
The annual Confidence Amid Chaos Cybercrime Report, which is an analysis of data from 92 billion transactions processed through its LexisNexis Digital Identity Network throughout 2023 reveals that the number of ecommerce transactions increased modestly by 7% in 2023, as rising interest rates and global inflation cooled consumer spending.
However, LexisNexis says where consumers held back, fraudsters became more active. The volume of human-initiated attacks surged 80% YOY, resulting in an attack rate of 2.8% (up by 59% YOY).
A key component of this growth in attacks was fraudsters' focus on account takeover of ecommerce accounts, with the attack rate at login reaching 3.3% (an increase of 119% YOY).Â
Greater adoption globally of 3D Secure to mitigate the risk of fraud from Card-Not-Present (CNP) transactions is just one method businesses are employing to confront the heightened threat posed by cybercriminals. Regulatory changes in specific markets, such as establishing clearer liability frameworks, serve as a model for enhanced global cooperation aimed at minimizing the impact of digital activities carried out by criminals.Â
"Cybercriminals continue to increase the scale and complexity of their illegal operations, with dedicated scam centers becoming a permanent fixture to mount digital attacks on consumers worldwide,"Â says Stephen Topliss, vice president of fraud and identity, LexisNexis Risk Solutions.Â
"While these scam centres will continue to drive the threat of human-initiated attacks, organisations cannot afford to be complacent about the growing sophistication of bots, which can display more human-like behavior to evade traditional prevention solutions. By focusing on identifying advanced bots in real time, businesses can mitigate their ability to create fraudulent accounts or test stolen login credentials for future account takeover attacks."
Key findings from Confidence Amid Chaos:Â
· Third-party Account Takeover Takes Top Spot – Third party account takeover fraud was the leading type of fraud reported by clients in 2023, contributing 29% of fraud classifications reported, aligning with the strong attack rate growth seen at account login in 2023 (up 18% YOY).
· Human-Initiated Attacks Experience Rapid Growth – While bot-initiated attacks maintained a steady 2% YOY growth to reach 3.6 billion, human-initiated attacks surged by 40% in volume to 1.3 billion.
· Remote Scam Centers Drive Fraud – Device data, including high-altitude behavioral biometrics telemetry, reveals that parts of South-East Asia are established homes for dedicated remote scam centers. Cybercriminals favor border areas in Cambodia, Myanmar and remote parts of Thailand, according to data from the Digital Identity Network.
· New Challenges Confront Bot Attacks – Automated bot attack rates remained steady in 2023, partly due to the threat posed by advanced bot detection capabilities to this attack vector. These capabilities involve detecting bot traffic that mimics the locations of legitimate customers via IP proxies, along with identifying abnormal timing of events and unusual on-page or in-app behaviors. Businesses are increasingly employing proxy piercing technology to break the anonymity of cybercriminals attempting to conceal their behavior through the use of virtual private networks (VPNs).