Kevin Gosschalk, CEO of Arkose Labs, said, "One thing is clear: the way fraudsters are weaponizing compromised data from recent high-profile breaches highlights the deep connectivity of the global cybercrime ecosystem that goes way beyond selling stolen data or knowledge sharing. One attack is a precursor to another attack, and they can be in two different industries, across two different geographies."

Among the other findings:

• Digital account registration on social, tech and gaming companies has become the identity testing mechanism for fraudsters. Even when an account creation attack fails, it can provide valuable insight into an account's existence. Within the tech industry, fake account creations, nine times more likely attacked compared to login attempts, increased five-fold from the second quarter.
• Attacks from malicious humans – both lone perpetrators and organized fraud sweatshops — increased 33% over the previous quarter; and nearly one in every five attacks (every third attack on financial services) is human-driven.

"Our report exposes the monetization roadmap criminals take to commit an attack," Vanita Pandey, vice president of Strategy at Arkose Labs, said. "First, fraudsters test credentials – which we are witnessing in profusion across all industries. Next, they take over accounts. Payment fraud is usually the last step in the attack cycle and the overwhelming volume of fraudulent retail payment transactions in quarter 3 forecasts a very ominous holiday shopping season."

Gosschalk noted, "Digital commerce has made it easy to launch a global business but at the same time, it has never been easier for a fraudster to target businesses across the globe." He added, with access to sophisticated tools, complete identities harvested through breaches and phishing attacks, anyone can launch sophisticated attacks.

"How Fraud Stole Christmas," a study from Baltimore-based Terbium Labs, which provides a digital risk protection platform, suggested fears of data loss, identity theft and fraud are leaving American consumers on edge this holiday season, and they are prepared to hold their financial institution responsible for the damages.

Terbium Labs surveyed over 1,000 consumers in October 2019 in the U.S. to better understand their shopping behaviors and preferred payment strategies during the 2019 holiday shopping season.

They discovered American consumers on high alert heading into the busy holiday season, as 66% believe they could easily become a victim of fraud, while another 65% believe they are at a higher risk of having their financial information exposed as a result of their holiday shopping. Sixty-eight percent would hold their financial institution at least partly responsible for fraudulent activity, regardless of how the compromise occurred.

"Financial institutions are under heavy scrutiny by consumers during the holiday season, and should be taking customer trust and loyalty very seriously," Emily Wilson, vice president of research at Terbium Labs, said. "Cybercriminals thrive during peak holiday shopping – the hustle and bustle of transactions and unusual shopping patterns create countless opportunities to capture payment data and attempt fraudulent transactions." Wilson pointed out not helping the situation are distracted consumers, who prefer reactive measures to account for fraud, while holding financial institutions to a high standard in keeping their data safe.

Consumers made it clear they expect their financial institution to be accountable, even if it was not the original source of the data breach. Fifty-one percent said they would blame both the original source of the data compromise, such as a retailer, and the financial institution issuing the card, while another 17% said they would only hold their financial institution responsible regardless of how the compromise occurred.

According to the data, this will directly impact the bottom line as financial institutions stand to lose 45% of their customer base if a holiday data breach occurs. Nineteen percent said they would leave the financial institution and close their account following a data breach; and another 26% indicated they would only keep their accounts if their financial institution improved security.

Consumers are most concerned over the compromise of Social Security numbers (23%). Following closely, compromised debit card (22%) and credit card numbers (21%).

Meanwhile, consumers do not seem proactive in limiting their potential exposure. More than a third (35%) plan on using a mix of both debit and credit cards, while nearly half (49%) said that they will use between two and three cards. This creates far more opportunity for cybercriminals to capture payment data. Additionally, only 7% plan on using two-factor authentication when shopping online. Instead, more than a third (38%) plan to prioritize monitoring their transaction history, even though 14% indicated frustration when too many unsuspicious purchases get flagged.

Wilson said, "The wave of massive breaches exposing personal data in recent years has left consumers more worried than ever about protecting their identity information – making the stakes even higher for financial institutions who need to secure that data."