NuData Security announced new threat intelligence that provides insight into the latest trends in online fraud.
Account takeover, in which fraudsters steal an established account with personally identifiable information (PII) attached to it, continues to beat credit card fraud. This continuing trend showcases fraudsters’ preference for account details beyond just credit cards.
NuData Security evaluated 5.1 billion behaviours in May through July. Of the over 500 million account creations analysed, more than 57 percent were flagged as high risk or fraudulent, compared to 28 percent in February through April. Account creation fraud has increased by more than 100 percent since February 2015.
Nearly half of all account registration fraud attempted in May was tied to creating false accounts to deliver false product ratings.
Researchers observed more than 270 million fraudulent or high-risk behaviour events in May through July. These events were assessed through the following behavioural biometrics and data points, including more than:
- 32.8 billion keystrokes
- 9.3 billion clicks
- 388 million unique email addresses
- 191 million unique IP addresses.
A significant portion of attacks in the past three months originated from China and the United States, however, incidents were traced back to as many as 151 countries. The top six sources of malicious behaviour include:
- United States
- Saudi Arabia
- United Kingdom
Unlike previous ecommerce industry breaches, recent attacks are growing in size and targeting more valuable PII, which may include information such as social security numbers and bank account information, among other data. A data breach has a ripple effect that reaches far beyond the breached organisation.
Businesses must protect themselves from fraudsters who know more about their customers than they do. They must not only verify a user’s identity through PII, but must also verify that the behaviour behind the transaction is that of a valid user. This is where user behaviour analytics (UBA) play a vital role. Becoming complacent in an age of massive data breaches is both a financial and reputational hazard.