San Jose, CA (PRWEB) June 13, 2013
ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, today announced the ThreatMetrix™ Cybercrime Index, a series of Web fraud data compiled from customers using its TrustDefender™ Cybercrime Prevention Platform that leverages the ThreatMetrix™ Global Trust Intelligence Network (The Network). ThreatMetrix Cybercrime Index data was aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events, and is an industry first that provides insight into the prevalence of Web fraud attacks across the entire customer life-cycle from new account registration, authentication and payment transactions.
“Nearly one in every ten new accounts opened online is done using a spoofed identity, and the incidence of account takeover attempts and online payments fraud have both doubled in a six-month period,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Data breaches are imminent and given the increased sophistication of malware, organizations should assume that a material percentage of their customers and user accounts are either compromised or criminal and invest accordingly.”
The total cost of cybercrime and efforts to prevent attacks has surpassed $1 trillion annually. Recent high profile attacks include Twitter hacks on LivingSocial and The Associated Press and Chinese hacker attacks on U.S. targets. As these attacks become more common, the ThreatMetrix Cybercrime Index outlines several statistics around new account registration fraud, payments fraud and account takeover.
New Account Registration Fraud
In a recent six-month snapshot ending March 31, ThreatMetrix determined that attacks on new account registrations using spoofed and synthetic identities saw the highest rate of attacks followed by account logins and payment fraud. According to The Network data, nearly one in ten registrations for online services originates from a cybercriminal. New account registrations include applying for new lines of credit, creating a profile on a social networking site or marketplace and enrolling in an authentication scheme.
“Account registrations saw the highest rate of attack among the key customer engagement use cases,” said Faulkner. “This isn’t surprising in light of large scale data breaches recently highlighted by Symantec in their Internet Security Threat Report 2013 and Verizon in its 2013 Data Breach Investigations Report. These breaches underscore the relative ease of obtaining a person’s full identity information sufficient enough to bypass most identity verification capabilities.”
According to Faulkner, the most common form of stolen identities is by human or bot-generated fraud attacks directed through proxies and Virtual Private Networks (VPNs) intended to disguise the true origin of the attacker. These bypass IP address-based geo filter blacklists that also have the downside of unknowingly blocking legitimate visitors.
“The economic impact of these attacks varies by industry,” added Faulkner. “However, the common thread is that without automated visibility into the true device, persona, relationship and global behavior, the only alternative is additional verification roadblocks put in front of legitimate customers and extended review and hold-out periods.”
Payments fraud attempts, which include online credit card transactions and money transfers, increased from 3.1 percent to 6.4 percent over the six months ending in March 2013. According to Faulkner, several underlying trends help explain this dramatic increase:
Based on data taken from October 2012 through March 2013, ThreatMetrix customers saw account takeover attempts nearly double (168%). These types of attacks have traditionally focused on banking and brokerage sites, but have recently escalated across e-commerce sites that store credit card details and Software-as-a-Service (SaaS) companies that hold valuable customer data that do not yet have the heightened level of protection as banking sites.
ThreatMetrix has observed a rise in the sophistication of account takeover attempts using blended attacks to exploit companies that do not have an integrated solution for malware, device identification and bot protection. These include:
In today’s ever evolving threat environment, no business can stand alone in the fight against cybercrime. Using data pulled from The Network, ThreatMetrix provides businesses worldwide with a collective response to cybercrime.
To learn more, visit http://www.threatmetrix.com/technology/global-trus-intelligence-network/.
ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit http://www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.