Data Theft, E-Commerce Attacks & Payments Fraud Hit Record Highs
New research shows the data records stolen, lost or exposed worldwide hit 2.6 billion in 2017.
The flow of compromised records, e-commerce fraud attacks and payments fraud all set new records in 2017, according to three new studies.
More compromised records than ever
The first, published by digital security firm Gemalto, found that the number of data records stolen, lost or exposed worldwide hit 2.6 billion in 2017 — marking an 88% rise between 2016 and 2017 — but the number of data breach incidents shrank by 11%.
The company said it was the first year since it began tracking breaches in 2013 that publicly disclosed breaches involved more than two billion compromised records.
“Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69% of all data breaches,” Gemalto said.
Malicious outsiders were the largest cybersecurity threat last year, causing 72% of all breach incidents. But their damage was light compared to breaches caused by accidental loss, which were behind only 18% of the data breaches yet accounted for 76% of all compromised records.
Healthcare, financial services and retail companies were primary targets for breaches in 2017, but government and educational institutions made up 22% of all breaches, it added. The financial services industry experienced 12% of all breaches.
Gemalto also found that the number of records affected by identity theft rose 73% between 2016 and 2017, and the number of records stolen or compromised at the hands of malicious insiders jumped 117% during that time. Nuisance attacks — where the compromised data is basic information used for other attacks — rose a whopping 560% in a year.
E-commerce fraud attacks spike
Much of that stolen data may be fueling the 30%+ rise in e-commerce fraud attacks that occurred between 2016 and 2017, according to a new report from Experian.
“With 16.7 million reported victims of identity fraud in 2017 (that’s 6.64% of the U.S. population), it was another record year for the number of fraud victims,” it said.
According to the company, Delaware and Oregon were the riskiest states for billing and shipping fraud. South El Monte, California, was the riskiest city overall, however; shipping fraud rose 230% there.
“The increase in e-commerce fraud attacks shouldn’t come as a huge surprise,” Experian said. “The uptick in data breaches, merchants’ continued adoption of EMV-enabled terminals to protect against counterfeit card fraud and the abundance of consumer data on the dark web means that information is even more accessible to criminals. This enables them to open fraudulent accounts, take over legitimate accounts and submit fraudulent transactions. Another reason for the increase is automation. In the past, criminals needed a strong understanding of fraud methods and technology, but they can now bring down an entire organization by simply downloading a file and automating the submission of thousands of applications or transactions simultaneously.”
Payments fraud hits record high
Also this week, the Association for Financial Professionals released its 2018 Payments Fraud Survey, underwritten by JPMorgan, which found that a record 78% of all organizations were hit by payments fraud in 2017.
The survey of nearly 700 treasury and finance professionals found that 74% experienced check fraud, 48% experienced wire fraud and 30% experienced corporate card fraud.
“It is alarming that the rate of payments fraud has reached a record high despite repeated warnings,” Association for Financial Professionals President and CEO Jim Kaitz said. “In addition to being extremely vigilant, treasury and finance professionals will need to anticipate scams and be prepared to deter these attacks.”
The study also found that 77% of organizations experienced business email compromise (BEC). Over half of the scams (54%) associated with BEC targeted wires, and about a third (34%) targeted checks.
The survey also found that 67% of payments fraud is discovered by treasury staff, and 47% of organizations discovered fraud less than two weeks after it occurred.
“The good news is that 77% of organizations have implemented controls to prevent BEC scams,” it reported.