Bots targeting mobile app registrations fuel holiday shopping cyberattacks

The analysis was based on transactions and cyberattacks that occurred between Wednesday, November 27, 2019 through Tuesday, December 3, 2019 (Black Friday week). The data was acquired from the LexisNexis Digital Identity Network, a crowdsourced intelligence network comprised of data from approximately 38 billion global transactions each year including logins, payments and new account creations.

The deals and offers available over the holiday shopping week continue to draw more consumers every year, with the Digital Identity Network recording a 48% increase globally in transactions compared to 2018.

During the Black Friday week, fraudsters targeted new mobile accounts or mobile app registrations, as these provide fraudsters the opportunity to mimic new customers and initiate transactions through an established and seemingly genuine account.

Black Friday week is also a major money maker for fraudsters, who use the increase in online traffic as camouflage for fraudulent transactions to increase their revenue per transaction. The average shopping cart transaction value rejected as high risk or fraudulent over the 2019 Black Friday week was 179% higher than legitimate transactions – USD 329 versus USD 118.

According to the 2019 LexisNexis Cybercrime Report, the mobile channel is a growing target for fraudsters, increasing 12% in the last year alone. However, desktop transactions remain in the crosshairs for fraudsters, who target it more often: the desktop attack rate in the first half of 2019 was 3.4% versus 1.4% for mobile, with lower mobile attack volumes likely due to mobile being inherently more secure than desktop.

Black Friday is becoming a global target, as in 2019, the Digital Identity Network recorded attacks originating from Russia, Belarus, China, Vietnam, and South Korea, as well as the US.