ThreatMetrix is a security company with a difference - it’s the ‘fastest-growing provider of context-based security and advanced fraud prevention solutions,’ which places it firmly in pole position to help financial organisations, retailers, businesses and government to protect themselves and users from the worst cyber criminal online activity.
It has been doing so for some years now, and has solid Australian connections - two of its original co-founders are Australian, while ThreatMetrix purchased Australian company TrustDefender, integrating its cutting-edge technologies to take ThreatMetrix’s suite of products to the next level.
For more information on some of this history, take a look at my article from 19 February this year in an article entitled ‘VIDEO: ThreatMetrix’s 6 cybercrime predictions for 2015.’
The company continues its solid growth strategy, and is back in the news again today following the release of its detailed, 27-page “ThreatMetrix Cybercrime Report: Q2 2015,” (free download here with registration) which examines cybercrime attacks detected by ThreatMetrix’s Digital Identity Network (The Network) during Q2 2015. These attacks were detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations.
During this period, The Network analysed over 3 billion transactions, and detected and stopped more than 75 million attacks in real time. Through its analysis of transactions across industries, ThreatMetrix says its Network ‘provides unique insight into legitimate end-users’ digital identities and highlights some representative key market trends.’
Vanita Pandey, Senior Director of Strategy and Product Marketing at ThreatMetrix said: “As commerce goes global and mobile, cybercrime follows suit, as is evidenced by the high volume of attacks targeting cross-border and mobile transactions.
“Cross-border transactions open the door to new revenue opportunities for businesses but are easy targets for cybercrime attacks, so they must make every effort to ensure they’re stopping fraudulent transactions without rejecting authentic customers.”
Interestingly, ThreatMetrix’s report comes a day after Juniper Research released a report, which we wrote about here in an article entitled: ‘Mobile, online transactions: $125 billion per year by 2018 as China overtakes the US’.
Clearly, with this massive growth in mobile and online transactions comes a massive opportunity for expanded cyber crime, making ThreatMetrix’s solutions all the more timely - and especially so in the current global environment seeing major stock market falls around the world as China suffers growth jitters.
And ThreatMetrix points to fraud increasing as e-commerce ‘ticks up’, stating that ‘with the growth of the online and mobile commerce, retailers are trying to build long-term relationships with their customers by storing customer account information and creating mobile applications to make access easier. The heightened number of retailer app downloads across connected devices – including smartphones and tablets – implies consumers move between devices for e-commerce transactions.’
Pandey added: “As retailers focus on customer engagement, it is critical to balance the customer experience and online security to ensure their digital debris is not scattered across cyberspace. During this period alone we detected almost 36 million attacks, a 20% increase over the previous quarter. Overall, this equates out to approximately $1 to $3 billion in potential losses being avoided.”
Then there’s the upcoming holiday season to consider, which retailers are naturally already preparing for. They’ll also need to prepare for an increase in potential attacks.
ThreatMetrix’s Network ensures the e-commerce of transactions can be analysed in real time to identify trusted customers, avoid customer friction and ultimately, stop fraudulent transactions.
Here’s the breakdown of e-commerce transactions which consist of the following percentages and risks:
- 80% of transactions were account logins, with 3% high risk
- 19% of transactions were payments, with 3% high risk
- 1% of transactions were account creation, with nearly 7% high risk
It’s not just retailers, but also financial services organisations continue to see organised attacks worldwide, with ThreatMetrix noting that ‘fraudsters worldwide are looking for ways to exploit any vulnerability,’ something that is ‘evidenced by the substantial increase in fraud rates across all transaction types, mostly driven by the breaches and the availability of consumer credentials in the wild.’
The online lending space saw attacks spike during this period, focused primarily on new accounts originations and payment disbursements.
Unsurprisingly, online lending is seen ‘as an easier way for the unbanked and underbanked to gain access to loans in a matter of days—and it is taking off, making it a top target for cybercriminals.’
One example is Lending Club, the first peer-to-peer lender, which has issued US $7.6 billion in loans since it started nine years ago, with US $1.4 billion of that in the last three months alone.
Pandey said: “Mobile is driving financial inclusion for unbanked and underbanked population in both developed and emerging economies. As consumers turn to digital channels for instant access to funds or to store and manage their financial information, the online lending space has become a big target for attackers.
“Ensuring digital identities are effectively protected should be high priority for emerging and established financial institutions.”
Here’s the financial services transactions breakdown consisting of the following percentages and risks:
- 83% of transactions were account logins, with 2% high risk
- 16% of transactions were payments, with 3% high risk
- 1% of transactions were account creation, with 2% high risk
In the US, there’s also the upcoming Europay-MasterCard-Visa (EMV) deadline in October.
Here, e-commerce merchants and financial institutions must prepare for an increase in the attacks targeting the digital channels, as the adoption of EMV secures point-of-sale, causing a migration of fraud to the less secure online and mobile channels. Media sites aren’t immune either, currently seeing the ‘highest percentage of high-risk transactions.’
ThreatMetrix notes it analysed transactions ‘across social networks, content streaming channels, and online and mobile dating sites. Modest sign-up and authentication requirements along with user password sharing across sites lead to the media industry being a top target for cybercrime.’
Pandey added: “Digital media has become fraudsters’ weapon of choice to test the validity of stolen credentials, leading to heightened levels of attacks in this segment. At the same time, businesses also have to protect against illegal content access, malicious content posting and spamming.”
Here’s the media transactions breakdown consisting of the following percentages and risks:
- 27% of transactions were account logins, with nearly 6% high risk
- 50% of transactions were payments, with 3% high risk
- 23% of transactions were account creation, with nearly 4% high risk
Then there’s mobile, which is making up ‘one-third of all transactions analysed.’
ThreatMetrix says ‘mobile is the biggest emerging opportunity and risk for businesses and financial institutions trying to deliver frictionless experiences to their customers. Mobile usage continues to grow, accounting for up to 31 percent of transactions.
With more than 20 million new mobile devices being added to The Network every month, this trend is expected to continue.’ Quoting the 2013 US FDIC National Survey of Unbanked or Underbanked Households, 20% Americans were unbanked or underbanked.
On the flipside, in developing economies, only 41% of adults have bank accounts. Mobile has been positioned as the tool to drive financial inclusion for the unbanked and underbanked and is giving more people in developing countries access to banking and e-commerce.
Here, Pandey said: “Mobile transactions provide additional opportunities for fraudsters to conduct spoofing attacks or identity theft by increasingly impersonating other devices to facilitate attacks. With consumers constantly on-the-go, they are more likely to conduct mobile transactions, which have the potential to compromise their digital identities.”
So, as shown in the “ThreatMetrix Cybercrime Report: Q2 2015,” cybercrime continues to grow across industries and online channels. Consumer behaviour has gone through a drastic change and this can be attributed to the reliance on mobile and other connected devices.
Attacks detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations show us that fraudsters are constantly developing sophisticated strategies to compromise digital identities.
Therefore, it is no surprise to see ThreatMetrix stating its ‘Digital Identity Network’ empowers businesses with real-time intelligence to differentiate between fraudsters and trusted consumers across channel, location and devices.
You can download the free 27-page ThreatMetrix Cybercrime Report: Q2 2015 eBook/report here.
ThreatMetrix is also holding its CyberCrime Prevention Summit 2015 in Napa, California from 7 to 9 October - more details here.