U.S. Mobile Fraud Attacks Up 44% in First Half of 2018, Report Finds

Fraud attacks on mobile transactions rose 44% in the United States and 24% globally year over year for the first half of 2018, and a third of all fraud now targets mobile channels, according to a new analysis from cybersecurity company ThreatMetrix.

The San Jose, Calif.-based firm’s study of 17.6 billion digital transactions during the first six months of the year also found that financial institutions were hit with 81 million cybercrime attacks, including 27 million that targeted the mobile channel.

Most digital transactions now mobile

More than half (58%) of all digital transactions — including account creations, logins and payments — now originate from mobile devices, ThreatMetrix said.

“Mobile is quickly becoming the predominant way people access online goods and services, and as a result organizations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, Chief Identity Officer at LexisNexis Risk Solutions, which owns ThreatMetrix. “The good news is that as mobile usage continues to increase, so too does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy. The key point of vulnerability, however, is at the app registration and account creation stage. To verify users at this crucial point, organizations need to tap into global intelligence that assesses true digital identity, compiled from the multiple channels that their customers transact on.”

Spoofing, mules and bots are growing problems

The largest threat for credit unions another financial institutions is device spoofing, where criminals fraudulently mimic login attempts from new customer devices. Mule networks are also becoming more sophisticated and complex, ThreatMetrix noted.

“Attacks on mobile financial services transactions are growing at a faster rate than the overall attack levels. Across all transactions the attack rate grew 18% compared to last quarter, but the mobile attack rate grew 33% during the same period, indicating a potential further shift to mobile financial services attacks,” it said.

“Payments transactions continue to be the most vulnerable, however, with the percentage of financial services login attacks increasing 40% since last quarter overall, and 200% for mobile transactions, indicating a potential focus on account takeovers using social engineering and remote access attacks,” it added.

In addition, bot attacks posted a record-breaking rise in the second quarter of 2018 — up 60% to 1.2 billion, according to the company.

“The sheer volume of this automated bot traffic impacts businesses worldwide because, without the correct measures in place, this slows order processing times and the ability to effectively identify good returning customers in real time. At peak times, individual organizations report these attacks account for more than half of all transactions,” it said.

Fintechs major targets

Fintech providers were bigger targets than traditional credit unions and other financial institutions in the second quarter of 2018, according to the report. Attacks targeted account logins and payments transactions, often with the goal of taking out loans and diverting the funds to criminals’ accounts.

“Identity spoofing continues to be the most prevalent attack vector and is much more prevalent for fintechs than traditional banks, presumably because fraudsters see emerging providers as an easier target, perhaps because of more lax fraud and security measures,” it said.