Financial Services Sector Sees Bot Attack Surge

During the first six months of 2020, financial services organizations saw a year-over-year uptick in automated bot attacks, and continued to see more bot attacks – as well as more login and payment attacks – than any other industry.

That’s according to the biannual Cybercrime Report released Sept. 15 by LexisNexis Risk Solutions, which tracked global cybercrime activity from January through June 2020 based on an analysis of more than 22.5 billion transactions processed by the LexisNexis Digital Identity Network.

The financial services industry experienced year-over-year growth of 38% in automated bot attack volume, compared to overall growth of 13% in automated bot attack volume for all industries. Of all the stops consumers make along their financial services journey, the point of new account creation was targeted at the highest rate by fraudsters, with financial services organizations seeing 29.2% growth in attack rates on mobile apps during new account creations. Contributing to this high rate was a large bot attack targeting new app registrations in December 2019 that continued through January 2020, LexisNexis Risk Solutions said.

The financial services journey point with the second-highest attack rate was payments – financial services organizations saw 5.2% growth in the rate of attacks targeting payments transactions on mobile browsers. Payments attracted the largest volume of attacks in the financial services sector, however, at 62 million, followed by logins at 46 million and new account creations at a volume of 16 million. “New account creations and payments are key targets in the financial services customer journey, offering fraudsters the opportunity to monetize stolen credentials and cash out,” the report stated.

The company’s findings were not all discouraging, however. The rate of human-initiated cyberattacks fell 33% year-over-year in all industries globally, and dropped by 23% specifically in the financial services industry. Media was the only industry to experience year-over-year growth in the rate of human-initiated attacks, with a 3% increase solely across mobile browser transactions.

Other key findings from the report included the following:

• Global financial services transaction volume grew 36% year-over-year;
• Mobile browser transactions saw the highest attack rate of all channels at 2.4%, despite a decline in attack rate year-over-year;
• Mobile device transactions grew year-over-year, with 66% of online transactions taking place on mobile (6% growth year-over-year) compared to 34% on desktop;
• COVID-19 brought transaction volume increases in government services, web hosting, personal finance (including significant growth in lending), e-commerce merchants (particularly those selling food and entertainment), cryptocurrency, digital wallets and e-commerce marketplaces;
• COVID-19 brought transaction volume decreases in ticketing, travel, charity, gift cards, gaming and gambling, and online dating;
• Transactions made from new devices grew significantly since March, and financial services customers used fewer devices as a result of the COVID-19 lockdown, with the percentage of customers using only one device growing between January and April and the percentage using two or more devices dropping during the same period;
• More financial services customers turned to digital for the first time, with new online banking registrations via the web and mobile app growing at several points from January to June 2020; and
• An analysis of the link between card-not-present transactions and email data showed an increase in the first-party chargeback fraud rate, indicating that consumers claimed more chargebacks for goods they received during lockdown.

LexisNexis Risk Solutions stated that the growth in new-to-digital customers and a tough economic climate could lead to more widespread and diverse cyberattacks, with evidence of mule activity already increasing as mule herders capitalize on economic downturns to recruit new mule accounts into their network.

“The move to digital, for both businesses and consumers, has been significant,” Rebekah Moody, director of fraud and identity for LexisNexis Risk Solutions, said in a press release announcing the report. “Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: Whether government support packages, new lines of credit or media companies with fewer barriers to entry. We need to ensure that all consumers, especially those who might be new to digital, are protected. Businesses must arm themselves with a layered defense that can detect the full spectrum of possible attacks and is future-proofed against evolving threats.”