'You need to fight a network with a network!' - Interview with LexisNexis Risk Solutions

During Sibos 2019, LexisNexis Risk Solutions released a new report that offers global insights from the LexisNexis® Digital Identity Network. Main findings highlighted a shift toward networked, cross-organisational and cross-industry fraud.

Could you please share with us the main findings of the new 2019 LexisNexis® Risk Solutions Cybercrime Report?

The LexisNexis Risk solutions Cybercrime report is based on cybercrime attacks detected by the LexisNexis Digital Identity Network during real-time analysis of consumer interactions during their digital journeys, for example during sign up to a new online service, making a purchase at an ecommerce site or signing in to their digital banking app. We released our first Cybercrime report back in 2015 and have published new editions at least twice a year since then. In the latest report, we analysed 16.4 billion transactions covering the period from January to June 2019. The reports help to identify trends, anticipate the direction cybercrime is taking and reflect how our customers benefit from a global view of risks, leveraging network level rules within bespoke policies that are customer-tuned specifically for their businesses.

For a while now we’ve observed instances of networked fraud in the network. However, in the first six months of 2019 we’ve really started to see this develop into a consistent trend, with multiple examples of complex, cross-organisational, and cross-industry fraud. Distinct from individual cases of fraud, networked fraud manifests itself as linked fraud attacks on multiple organisations by the same fraud ring. According to our findings, this happens mainly across organisations in the same industry, particularly banking, lending, and stock brokerage. However, in many instances, we found it occurring across geographical borders and varying industries.

One clear example we identified originated from a fraudster based in the UK.  One digital identity targeted a number of global organisations, including multiple financial services organisations, a media streaming company, and a credit reporting agency. The fraudster carried out a large number of transactions across six different organisations, attempting fraudulent new account creations, bonus abuse, and money laundering. The fraudster even created an account with a credit reporting agency, presumably aiming to augment stolen identity data to make fraudulent account creations more successful.

This worrying trend suggests that fraud prevention operating at the organisation level is no longer going to be sufficient to stop these kinds of attacks, and a layer of fraud prevention based on shared global digital intelligence will be required:  You need to fight a network with a network!

How has the cybercrime landscape evolved/changed since the last edition?

We’ve actually since a lot less volatility in attack rates in the last 6 months compared to prior years, with the one exception being a large bot attack in June 2019. The relentless shift to mobile continues, with 62% of all transactions in The Network now originating from the mobile channel.  We’re also seeing a new focus on account creation attacks:  

In the networked fraud example mentioned earlier, we observed that the fraudster was mainly attempting to create new accounts. This is an emerging trend: Fraudsters have identified the point of registration as a key vulnerability across all industries and have tapped into this. Our study showed a 24% year-on-year growth in new account registration attacks.

In the first six months of 2019, bot-based account creation attacks perpetrated against online retailers spiked by 305%. What are the new challenges for financial institutions and ecommerce providers when it comes to fighting and preventing fraud?

Using bots to perform mass credential testing linked to account takeover attacks has been regularly observed for a while now, but we’re seeing a shift where bot attacks are targeting more account creation events. Those new account creation bot attacks cover various industries, and facilitate bonus abuse, media streaming piracy, and identity testing for financial gain. 

In the case of media streaming, fraudsters are using bots to sign up for mass new media accounts to take advantage of free trials and streaming bonuses and then sell those trials and bonuses for a profit. Other bot attack examples include account creation in online marketplaces, which give the fraudster access to seller credentials in order to create fake listings or fraudulent bids. Cybercriminals can also use virtual gift cards to quickly monetise stolen credit cards. There are even situations where fraudsters are creating driver accounts on ridesharing sites to monetise stolen credit card credentials, using GPS spoofing apps to make the journeys appear legitimate.

The challenge here is that once bots perform basic validation of identity details, criminals are then using sophisticated impersonation attempts to establish a fraudulent account and potentially launder money through the financial system, likely contributing to the reported rise in mules and mule networks, who assist with social engineering attacks, enabling a means of cashing out on their fraud schemes.  Bot detection/prevention systems are typically separated from fraud prevention systems, such that a view of the entire attack is not seen by either system or mitigated accordingly.

Returning a bit to Sibos and keeping the online environment safe, it has been over one month since SCA came into effect, how did discussions revolve around this topic during the event?

With the European Banking Authority relaxing the SCA deadline and enabling more time for all parties to prepare fully for SCA, we’ve been involved in more discussions where the focus has been on how to provide a dynamic or more sophisticated strong authentication approach, rather than the rush to get a basic SCA process in place as fast as possible.  The multifaceted PSD2 requirements result in discussions covering a wide range of topics, such as getting layered fraud detection systems in place to clearly identify risk and comply with exemption requirements, but also what new technologies exist as novel factors of authentication to use as part of SCA – for example the concept of end-user transparent ‘Strong deviceID’ based on cryptographic approaches to satisfy the possession factor or Behavioural Biometrics techniques to satisfy the inherence factor.

Finally, how can businesses transact with customers across online and mobile channels while avoiding higher fraud risks?

Single point solutions are no match to complex, networked cybercrime, with fraudsters adept at masking themselves as legitimate and trusted customers. The most robust solution to this growing problem is a layered defence of fraud, identity and authentication capabilities, executable in real time, across the entire customer journey. This relies on uniting world-class, global digital identity intelligence, physical identity and authentication capabilities that can help businesses meet regulatory requirements, streamline the customer experience and detect complex and evolving fraud.

About Stephen Topliss

Dr. Stephen Topliss is an internationally focused software professional, with a track record of facilitating the sale and implementation of complex solutions, managing technical sales and consulting teams and leading implementation delivery. Dr Topliss is frequently invited to speak at conferences and webinars, and has previously presented at the CNP Expo, MRC, MPE and various eCrime conferences worldwide.

About LexisNexis Risk Solutions

LexisNexis® Risk Solutions harnesses the power of data and advanced analytics to provide insights that help businesses and governmental entities reduce risk and improve decisions to benefit people around the globe. We provide data and technology solutions for a wide range of industries including financial services. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX, a global provider of information-based and analytics and decision tools for professional and business customers across industries.