Interview with Rebekah Moody, LexisNexis® Risk Solutions on cybercrime trends amid COVID-19

Rebekah Moody, Market Planning Director, Fraud & Identity, LexisNexis Risk Solutions shares with The Paypers what were the main fraud trends that the team has seen from analysis of the LexisNexis® Risk Solutions Digital Identity Network® between January and June 2020

From January to June 2020, LexisNexis® Risk Solutions Digital Identity Network® has tracked changes in consumer behaviour, collecting and processing global shared intelligence from more than 22.5 billion online transactions across the customer journey. Some of these changes have caused an accelerated digital transformation in many sectors, however not without some risks.

Mass scale automated bot traffic testing stolen identity credentials, hyperconnected fraud networks operating across industries and organisations, scams leveraging COVID-19-related anxieties to prey on vulnerable customers, are just some key attack typologies of the last few years that still persist, and in some cases have become more aggressive for the last ten months.

Today we speak with Rebekah Moody, Market Planning Director, Fraud & Identity, LexisNexis® Risk Solutions to explore key findings from LexisNexis® Risk Solutions Cybercrime Report H1 2020.

What are the main findings of the new LexisNexis® Risk Solutions Cybercrime Report H1 2020?

This is the first LexisNexis Risk Solutions Cybercrime Report to include data on the new reality of conducting business during a pandemic. The move to digital, for both businesses and consumers, has been significant, contributing to a 37% growth year over year in transactions processed by the LexisNexis® Digital Identity Network®. The growth was influenced especially by the surge of new-to-digital users as well as existing users transacting more frequently during lockdown.

Mobile transactions have also increased, with 66% of all transactions coming from mobile devices in the first half of 2020, up from 20% in early 2015. The Network also notes a boost in transactions from new devices and new digital identities, across online retailers and digital banking services. This could be explained by the shift of many consumers to digital channels to buy goods and services that were no longer available in person or harder to access via a physical store, during the pandemic.

In terms of geographical spread of cyberattacks, a high volume of trusted login transactions across relatively mature mobile apps has helped the EMEA region maintain low overall attack rates in comparison to most other global regions from January through June 2020. Furthermore, the attack patterns in EMEA were also more benign and had less volatility and fewer spikes in attack rates. However, there are some notable exceptions. For instance, desktop transactions conducted from EMEA had a higher attack rate than the global average and automated bot attack volume grew 45% year over year.

Could you please tell us more about how these cyberattacks are conducted and what is their focus?

In terms of attack originators, we distinguished two types: human-initiated cyberattacks and automated bot attacks.

Surprisingly, the overall human-initiated attack rate across the Digital Identity Network fell through the first half of 2020, showing a 33% decline year over year. The breakdown by sector shows a 23% decline in financial services and a 55% decline in ecommerce attack rates. Latin America experienced the highest attack rates of all regions globally, while UK originates the highest volume of human-initiated cyberattacks in EMEA. The UK is also the second largest contributor to global bot attacks behind the US.

Still, at a global level, automated bots remain a key attack vector in the Digital Identity Network. The financial services industry was targeted by the largest volume of automated bot attacks, which grew 38% year-over-year, and continues to experience more bot attacks than any other industry. Japan records largest growth in bot attack originations, year-over-year. Intriguingly, LATAM countries that appear in the top human-initiated attack list are absent from the top bot attackers list.

The Digital Identity Network tracks trust and risk right across the customer journey. The key risk point is at new account creations: 1 in 7 new account creations is an attempted attack. We also recorded an 88% growth in new account creation attacks from a mobile app year-over-year. However, the largest volume of attacks targets online payments (we noticed 4% growth in payment attacks from a mobile app in comparison to the previous six-month period). Login transactions have seen the biggest drop-in attack rate in comparison to other use cases.

Besides new account creations, logins, and payments, what other key moments in the customer journey can provide additional context for trust and risk decisions?

The Network analyses transactions from the moment an account is opened, then throughout the lifecycle and management of that account. Only in this way can you have a holistic view of a user’s activity and be able to build proper context for trust and risk decisions.

Besides new account creations, logins, and payments, we also analyse account management functions (such as changes to authentication details) or use cases unique to specific industries, (such as ad listings for online marketplaces or reviews for travel companies). Although the attack rate on these subsidiary touchpoints is lower than those on the core touchpoints, these use cases still present significant points of risk in the customer journey, contributing to millions of additional cyberattacks.

For instance, ad listings are a high-risk touchpoint in the customer journey as they allow fraudsters to control the sale or promotion of goods and services. This can provide a way of monetising stolen goods, posting fake listings for properties or services, or creating phony reviews to facilitate sales. Similarly, changes to account details enable fraudsters to amend key account information. Changing a phone number, for example, means that subsequent events, such as SMS one-time passcode authentication checks, are sent to the fraudster.

Analysis on these additional touchpoints is being introduced for the first time in this report, giving businesses an enhanced view of trust and risk across the entire customer journey, rather than just at point-in-time transactions.

How has COVID-19 impacted transactions coming from the financial services industry and ecommerce?

The impact of COVID-19 has been felt across all industries, with peaks and troughs in transaction volumes coinciding with global lockdown periods. Financial services organisations have seen a growth in new-to-digital banking users. For instance, several financial services organisations in the Digital Identity Network saw a growth in new registrations for online banking, both via web and mobile app, at key points throughout January-June 2020.

Also, there has been a significant reduction in consumer travelling reflected in the login activity. Both North American and UK financial services institutions recorded far fewer logins from customers that had travelled more than 1,000km in a week. Login patterns also shifted from a high density in urban and metropolitan areas, to a wider dispersal around suburban and rural areas, with fewer logins recorded from office locations as more consumers work from home.

When it comes to the devices used by customers in financial services, their number has reduced because of the COVID-19 lockdown. The percentage of customers using one device only has grown between January and April 2020, while the percentage of customers using two or more devices has dropped during the same period.

The transaction volumes of several financial services organisations in the Digital Identity Network have also been impacted by the financial support offered by countries/governments for both businesses and consumers impacted by the COVID-19 pandemic. There has been an overall growth in new account creations for financial services April to May 2020 due to deposit account applications to pay in government-backed funds, loan applications (where government-backed business loans are administered by the financial services organisation), credit account applications for back-up sources of credit during the pandemic, and new online banking registrations.

Ecommerce merchants have seen a growth in digital payments, as well as several key attack typologies that coincide with the lockdown period. Although the ecommerce industry has seen some pockets of attack growth, the payments attack rate is on a general downward trend. This indicates that much of this growth in payment transaction volume came from trusted customers, who were turning to online platforms instead of physical stores.

However, there was a spike in attack rates during May 2020, with the highest attack rate of the period recorded at 4.6%. This was predominantly caused by an identity spoofing attack coming from Brazil, targeting a global payments gateway.

To sum up, how can businesses transact with customers across online and mobile channels while avoiding higher fraud risks?

Businesses must be armed with fraud defences that layer multiple solutions to detect and block the full spectrum of attacks. These must be future-proofed, evolving as cybercrime moves across geographies, industries, organisations, and customers. This relies on differentiating good, trusted users - whether new-to-digital or long-established - from potential threats in near real time, before, during and after a transaction is processed.

Interested to find more about transaction and attack patterns in global cybercrime?

Join us for an exciting session that explores how different industries have been impacted by the current pandemic and which customer use cases have been most targeted by fraudsters between January and June 2020. Furthermore, we will offer examples of fraud stories from specific businesses with key mitigation strategies, and more.

And, of course, there will be a Q&A session at the end. This Monday, October 12, from 5:00 PM - 6:00 PM EEST. You can register for free here.

About Rebekah Moody

Rebekah Moody has been part of the LexisNexis® Fraud and Identity team for over four years, helping develop product strategy and market positioning to better understand and solve for the complex fraud, identity and authentication challenges of the company’s varied customer base. Rebekah works with the sales team, prospects, customers and analysts to better understand the current and emerging threat landscape, developing thought leadership articles as well as showcasing customer success stories. Rebekah has been involved in the development of the LexisNexis Risk Solutions Cybercrime Report for 5 years, tracking the ever-evolving cybercrime landscape by looking at transaction and attack patterns and trends across industries and global geographies. Rebekah brings over 12 years of marketing and strategy expertise to ThreatMetrix following time at two large London agencies.

About LexisNexis Risk Solutions

LexisNexis® Risk Solutions harnesses the power of data and advanced analytics to provide insights that help businesses and governmental entities reduce risk and improve decisions to benefit people around the globe. We provide data and technology solutions for a wide range of industries including insurance, financial services, healthcare and government. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based analytics and decision tools for professional and business customers across industries. For more information, please visit www.risk.lexisnexis.com and www.relx.com.