2016 Has the Markings of a Perfect Storm for Fraud
Mobile apps are up against advanced adversaries, and the growth of e-commerce functionality added to social media has attracted the attention of cyber-criminals.
To help monetize their user bases and increase stickiness, social networking sites like Pinterest, Facebook and Twitter plan to add “buy” buttons to their platforms. Adding e-commerce functionality to social media will continue in 2016, but it will attract fraudsters.
If you have a social property with e-commerce features, consider adding security that can detect both social fraud (fake likes, fake reviews and spam) and financial fraud (for transactions, identity theft and promotion abuse).
Card-Not-Present fraud will grow from $10 billion in 2014 to $19 billion in 2018, spurred by the increasing adoption of EMV cards and new digital wallet solutions. These technologies are expected to reduce point-of-sale system fraud and counterfeit credit cards, but fraudsters will monetize fake and stolen credit cards online anyway.
Three trends will power a perfect storm resulting in high levels of fraudulent transactions: Significant increase in e-commerce websites and mobile apps. Increased comfort among consumers to purchase online. Adoption of EMV cards and digital wallets
This year online-to-offline (O2O) companies, like Uber and Didi, invested billions to attract new drivers and users through promotions. That is leading to massive user acquisition fraud—drivers make money on subsidies by registering multiple accounts and conducting fake rides.
As O2O companies consider global expansion, they should incorporate online fraud detection in their plans so that they can grow fast without being fleeced.
Cyber-criminals will try to monetize stolen user credentials and credit cards via fraudulent credit card attacks in 2016. Worse, they could launch account takeover campaigns and identity theft to drain bank accounts and buy fake goods.
Online merchants and consumers should be on high alert for anomalous purchases and account takeover activity to try to prevent breaches rather than react to them.
As cloud services become more pervasive and cost-effective, cyber-attacks will move to the cloud. Fraudsters are already registering huge numbers of free trial accounts and use their computation infrastructure to conduct attacks.
Dedicated/virtual hosting and anonymous proxies will come increasingly common among cyber-criminals.
The cloud enables cyber-attackers to significantly increase their attacks because of their elasticity and compute capacity. The cloud also allows fraudsters to easily hide behind legitimate network sources and remain anonymous.
To protect yourself, go beyond simple IP reputation databases and rules/model space systems to detect attacks. The industry needs more advanced solutions that precisely distinguish malicious traffic emitted from the cloud.