Financial services organizations saw a 28% increase in automated bot attacks and a 28% decrease in human-initiated cyberattacks in the first six months of 2021, according to a new report from LexisNexis Risk Solutions in the first six months of 2021 compared to the same period last year.
Across industries around the world, bot attacks – which typically mass-test stolen credentials on a particular use case and originate from one machine or series of machines, the report says – have been on the rise. 41% year over year in the first half of this year. Man-made attacks on individual online transactions, which typically return complete digital identity profiling data, fell 29% across industries around the world during the same period, according to the report.
The report also found that financial services organizations continued to experience the highest payment transaction attack rates than any other industry. LexisNexis Risk Solutions recorded payment transaction attack rates in financial services for the first half of 2021 at 3.6% for desktop transactions, 3.6% for mobile browser transactions, 1.3% for mobile application transactions and 2.9% for global transactions. “Transactions from desktops and mobile browsers are targeted at a significantly higher rate than transactions from mobile applications, with fraudulent payments representing a significant opportunity for fraudsters to cash in or transfer money to mule accounts in the financial services ecosystem, ”the report says.
Outside of payment transactions, however, the financial services industry has seen low attack rates overall. The connection attack rate stood at just 0.3% due to a high volume of regular transactions from trusted customers, according to the report.
For its biannual report, “Redefining trust and risk: adapting to a post-pandemic world”, LexisNexis Risk Solutions also monitored the prevalence of cyber attacks by region and at various points in the customer journey. While North America generally has lower attack rates than other regions, a sharp increase in the volume of bot attacks in the first half of the year (42%) and a minimal decrease in the volume of attacks initiated by the male (-1%) indicated an increasing risk of fraud in the Region. The rise in the attack was “possibly fueled by the further easing of COVID restrictions for many states in the United States and Canada, with scammers hoping to capitalize on the more diverse footprint of consumer travel and spending “.
The first point in a customer’s journey – the creation of a new account – had the highest attack rate in any industry in the world from January to June 2021, with about one in 11 transactions representing a potential attack , according to the report. Payment point saw the highest volume of attacks compared to other touchpoints, with cases of bots targeting payment transactions (likely testing stolen credit card credentials) increasing by 18% from one year to the next.
At the connection point of the customer journey, the first half of the year saw a 50% year-over-year increase in automated bot take-over attempts, and a higher percentage of retries of account takeovers targeting the mobile channel (44%) compared to 36% last year. Of all the secondary points in the customer journey, password resets had the highest attack rate in the first half of the year, at 3.8%.
The report also explained how new banking innovations are changing the threat landscape. For example, buy now-pay later transactions, which have grown 183% year-over-year and mostly take place on mobile devices, make scammers look for avenues of exploitation because “they can come away with goods at a fraction of the retail piece, or even at zero cost, ”the report says. The growing popularity of virtual banks is also likely to be on the fraudster’s radar, with transaction volume increasing 68% at virtual banks year-over-year in the first half of the year, compared to 37% in traditional banks.
“Today’s report not only confirms cybercriminals’ confidence in automated processes, but also highlights that fraudsters are establishing sophisticated and extensive networks to carry out frauds,” said Stephen Topliss, vice president of fraud and identity for LexisNexis Risk Solutions. “The explosive growth rates of transactions and users in industrial sectors such as virtual banks and immediate and pay-later purchases likely expose emerging risks for these new businesses as they attract the attention of fraudsters. The digital businesses that survive and thrive will be those that deploy layered cybercrime prevention solutions as they evolve. “
The semi-annual report was an analysis of transaction data from the LexisNexis digital identity network. It analyzed 28.7 billion transactions during the six-month period, a 28% year-over-year increase that can be attributed to increased transaction volumes from existing customers and a base increased customers within the digital identity network.