LexisNexis Risk Solutions has revealed the results of its annual Cybercrime Report, an analysis of data from 92 billion transactions processed through its LexisNexis Digital Identity Network throughout 2023. The Report, Confidence Amid Chaos, reveals a 19% year-over-year (YoY) increase in the global human-initiated digital attack rate compared to the previous year. Cybercriminals expanding scale of activity is reflected in the rising attack rate, particularly in e-commerce and across North America.
The
LexisNexis® Identity Abuse Index, which records the percentage of attacks per
day, shows that attack rates spiked at both the beginning and end of 2023. A
significant factor was that North America's attack rate rose to meet and then
surpass that of Latin America throughout the year.
The
number of e-commerce transactions increased modestly by 7% in 2023, as rising
interest rates and global inflation cooled consumer spending. However, where
consumers held back, fraudsters became more active. The volume of
human-initiated attacks surged 80% YOY, resulting in an attack rate of 2.8% (up
by 59% YOY). A key component of this growth in attacks was fraudsters' focus on
account takeover of e-commerce accounts, with the attack rate at login reaching
3.3% (an increase of 119% YOY).
Greater
adoption globally of 3D Secure to mitigate the risk of fraud from
Card-Not-Present (CNP) transactions is just one method businesses are employing
to confront the heightened threat posed by cybercriminals. Regulatory changes
in specific markets, such as establishing clearer liability frameworks, serve
as a model for enhanced global cooperation aimed at minimizing the impact of
digital activities carried out by criminals.
“Cybercriminals
continue to increase the scale and complexity of their illegal operations, with
dedicated scam centers becoming a permanent fixture to mount digital attacks on
consumers worldwide,” said Stephen Topliss, vice
president of fraud and identity, LexisNexis Risk Solutions. “While these scam
centers will continue to drive the threat of human-initiated attacks,
organizations cannot afford to be complacent about the growing sophistication
of bots, which can display more human-like behavior to evade traditional
prevention solutions. By focusing on identifying advanced bots in real time,
businesses can mitigate their ability to create fraudulent accounts or test stolen
login credentials for future account takeover attacks.”
Key
findings from Confidence Amid Chaos:
· Third-party
Account Takeover Takes Top Spot – Third party account takeover fraud
was the leading type of fraud reported by clients in 2023, contributing
29% of fraud classifications reported, aligning with the strong attack rate
growth seen at account login in 2023 (up 18% YOY).
· Human-Initiated
Attacks Experience Rapid Growth – While bot-initiated attacks
maintained a steady 2% YOY growth to reach 3.6 billion, human-initiated attacks
surged by 40% in volume to 1.3 billion.
· Remote
Scam Centers Drive Fraud – Device data, including high-altitude
behavioral biometrics telemetry, reveals that parts of South-East Asia are
established homes for dedicated remote scam centers. Cybercriminals favor
border areas in Cambodia, Myanmar and remote parts of Thailand, according to
data from the Digital Identity Network.
· New
Challenges Confront Bot Attacks – Automated bot attack rates remained
steady in 2023, partly due to the threat posed by advanced bot detection
capabilities to this attack vector. These capabilities involve detecting bot
traffic that mimics the locations of legitimate customers via IP proxies, along
with identifying abnormal timing of events and unusual on-page or in-app
behaviors. Businesses are increasingly employing proxy piercing technology to
break the anonymity of cybercriminals attempting to conceal their behavior
through the use of virtual private networks (VPNs).
