2016 Has the Markings of a Perfect Storm for Fraud
2016 Has the Markings of a Perfect Storm for Fraud
Mobile apps are up against advanced adversaries, and the growth of e-commerce functionality added to social media has attracted the attention of cyber-criminals.
Social and E-Commerce Will Blend
To help monetize their user bases and increase stickiness, social networking sites like Pinterest, Facebook and Twitter plan to add “buy” buttons to their platforms. Adding e-commerce functionality to social media will continue in 2016, but it will attract fraudsters.
Recommendation
If you have a social property with e-commerce features, consider adding security that can detect both social fraud (fake likes, fake reviews and spam) and financial fraud (for transactions, identity theft and promotion abuse).
EMV Cards and Digital Wallets
Card-Not-Present fraud will grow from $10 billion in 2014 to $19 billion in 2018, spurred by the increasing adoption of EMV cards and new digital wallet solutions. These technologies are expected to reduce point-of-sale system fraud and counterfeit credit cards, but fraudsters will monetize fake and stolen credit cards online anyway.
A Perfect Fraud Storm
Three trends will power a perfect storm resulting in high levels of fraudulent transactions: Significant increase in e-commerce websites and mobile apps. Increased comfort among consumers to purchase online. Adoption of EMV cards and digital wallets
Global Online-to-Offline War
This year online-to-offline (O2O) companies, like Uber and Didi, invested billions to attract new drivers and users through promotions. That is leading to massive user acquisition fraud—drivers make money on subsidies by registering multiple accounts and conducting fake rides.
Recommendation
As O2O companies consider global expansion, they should incorporate online fraud detection in their plans so that they can grow fast without being fleeced.
Account Takeovers to Rise
Cyber-criminals will try to monetize stolen user credentials and credit cards via fraudulent credit card attacks in 2016. Worse, they could launch account takeover campaigns and identity theft to drain bank accounts and buy fake goods.
Recommendation
Online merchants and consumers should be on high alert for anomalous purchases and account takeover activity to try to prevent breaches rather than react to them.
Cyber-Attackers to Move to Cloud
As cloud services become more pervasive and cost-effective, cyber-attacks will move to the cloud. Fraudsters are already registering huge numbers of free trial accounts and use their computation infrastructure to conduct attacks.
Dedicated/Virtual Hosting Also Vulnerable
Dedicated/virtual hosting and anonymous proxies will come increasingly common among cyber-criminals.
Why the Cloud Appeals to Cyber-Criminals
The cloud enables cyber-attackers to significantly increase their attacks because of their elasticity and compute capacity. The cloud also allows fraudsters to easily hide behind legitimate network sources and remain anonymous.
Recommendation
To protect yourself, go beyond simple IP reputation databases and rules/model space systems to detect attacks. The industry needs more advanced solutions that precisely distinguish malicious traffic emitted from the cloud.
