Based on data from 16.4 billion transactions, analysis reveals a 171% year-on-year growth in new account creation bot attacks that targeted e-commerce. These attacks are found most often in online marketplaces, virtual gift card companies and ridesharing sites.
The retail industry is increasing the number of offers, discounts and free trials in order to compete in what has become a very crowded marketplace – but this is presenting many opportunities for fraudsters who are illegally signing up for – and then selling on – free trial accounts, taking advantage of discounts and promotions, or making payments with stolen credit cards in newly created accounts.
To add to the complexity, 44 % of all e-commerce transactions were found to be cross-border, demanding a global view of digital identity and fraud risk.
The LexisNexis Risk Solutions study – 2019 Cybercrime Report, January – June 2019 – shows that driving sign-up to sites and apps, which is now a key strategy for many retailers wanting to build relationships with shoppers, is a new on-ramp for cybercrime and their bots.
The study finds that fraudsters have shifted bot attacks to target new account creation transactions – which is the only transaction use case that recorded a growth in attacks during the first half of the year. Fraudsters are using these new account creation attempts to test, validate and build online identities for financial gain.
Within media, for example, bot attacks targeting new account creations saw a 65% increase in just six months; The Digital Identity Network revealed a number of bonus abuse attempts where fraudsters attempted to sign up for a number of new accounts in order to capitalize on free trials and streaming bonuses to sell for profit.
E-commerce companies also saw bot attacks on new account creations increase 305% and were most prevalent in online marketplaces, virtual gift card companies and ridesharing sites.
While mobile continues to prove more secure than desktop, fraudsters are seeing new mobile account creations and app registrations as opportunities to intercept one-time passcodes to fraudulently register mobile apps.
This provides fraudsters with a wealth of personal information and bank account access. Globally, attacks on mobile apps rose 148% in six months and are skewed towards media organizations, particularly social media and gaming/gambling organizations, where bad actors register for new player bonuses to sell for profit.
“Fraudsters no longer operate in silos, they are attacking across industries and organizations," says Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions. “As seen by a detailed example in the report, one fraudster can carry out a large number of transactions against a series of global organizations using a single mobile device.
“In the end, corporations benefit the most when fraud defence platforms include a multi-layered approach that comprise digital identity intelligence, physical identity and authentication capabilities,” continues Moody. “This approach, when executable in near real-time and touching the entire customer journey, extends beyond detecting complex fraud – it also allows for more streamlined regulatory compliance processes and reduces friction across the customer experience.”