A global tsunami of cyber fraud is hitting online businesses right now, and we’ll need new solutions to survive.
In 2015, a Ponemon Cost of Cybercrime study found that cyber fraud as a whole cost global companies an average of $15.42 million per year, in the US this amounted to a 29% increase from the previous year. Juniper Research reported in May of this year that it expects cyber fraud to cost global businesses as a whole over $2 Trillion by 2019. The latest stats point to remote purchase fraud – primarily e-commerce-related – jumping by almost a third (31%) in the first half of 2016 vs. the first six months of 2015, reaching $274 Million.
We’re likely to see over 1 billion records lost in breaches this past year. This includes the infamous Yahoo breach that involved over 500 million records alone, although technically the breach occurred in 2014 and was disclosed publically this year. Keep in mind, these are the ones that are reported and it’s widely suspected that breaches and impacts are widely under-reported due to their brand damaging impacts.
The end result of the enormous losses of data in data breaches is that there is a plethora of personally identifiable information available on the dark web. While this data may include passwords and credit cards, but the reality is that any data is valuable because it is used to build identity bundles that fraudsters buy to commit online fraud of all types. Another factor in the ballooning rate of cyber fraud is the fact that there is an ever increasing volume of commerce of all types coming online with varying degrees of security sophistication. Much of this new commerce is replete of rich data that fraudsters find lucrative to exploit.
While a growing wave of cyber financial fraud has hit financial institutions and online merchants hard, it’s been tough on consumers too. Ultimately, it’s often the consumer who pays the highest price in terms of consequential impacts. This is especially true in cases of account takeover, identity theft and new account fraud where consumers can be left on the hook for the fraudulent loan or financial product the fraudster signed up for using a legitimate person’s identity. Consumers are gradually starting to push back: they’re demanding that vendors improve security, but they have shown their unwillingness for this to be at expense of having a good online experience. Customers want to be secure and have a good online experience, and in all fairness, it’s not an unreasonable ask. All online vendors, banks, and e-tailers alike are scrambling to find the balance between this consumer demand for low friction experiences and high-levels fraud protection.
Consumers are gradually starting to push back: they’re demanding that vendors improve security, but they have shown their unwillingness for this to be at expense of having a good online experience. Customers want to be secure and have a good online experience, and in all fairness, it’s not an unreasonable ask. All online vendors, banks, and e-tailers alike are scrambling to find the balance between this consumer demand for low friction experiences and high-levels fraud protection.
What’s Driving The Crime Wave?
Financial fraud is a particularly tempting proposition for cyber criminals. They’ve become increasingly sophisticated in their strategies to exploit human nature, such as our widespread trust in familiar entities, and our willingness to respond when asked for something. These instinctive responses are at the heart of phishing scams, that tease the most sensitive of personal and financial information from consumers by understanding our basic psychology.
Even savvy professionals may not fare much better, as this year’s ‘whaling’ attacks have shown. Senior executives, savvy support staff, and managers have inadvertently either revealed highly sensitive and actionable information or have approved the transfer of large amounts of funds – again, in a mistaken belief that they were responding to familiar higher ups or prized customers.
If you’re not sufficiently worried yet, think about this: the above statistics are based solely on cyber financial fraud that’s been discovered. PWC’s 2016 Global Economic Crime Survey notes: “1 in 10 economic crimes are discovered by accident” raising the question of just how many cases of financial cyber fraud aren’t ever accounted for because they’re never discovered?
The fact is that fraudsters are smart. They study and understand our weak spots, vulnerabilities, and instincts. It’s about time that we return the favor because they’re only human too.
There are two behaviors that make cyber criminals vulnerable. The first is that they’re greedy. And the second is that however creative they may be, their successful attacks are generally copy-cats of, or variants, on a few well-understood attack strategies. They leave tell-tale signs, or digital ‘fingerprints’ if you will, wherever they poke their fingers.
This means that we can – and must – adopt new authentication methods that fraudsters can’t deceive. New multi-layered solutions based on consumer behavior and interactional signals promise to cut fraud and increase online safety for consumers, for businesses and the marketplace.
But to truly succeed in taming this cyber crime tsunami, we must all be part of the solution. To combat phishing types of attacks, consumers should NEVER respond to an email, and always report emails to their banking provider. Remember: no legitimate organization will ask for security or banking details online.
Here are some other steps to help consumers protect their digital identities and financial well-being:
- Shop with well-known, proven companies online – or use safer payment systems such as PayPal, ApplePay, Android pay or Zelle to avoid providing payment details directly to an unknown merchant.
- Use strong, unique passwords when logging into each site you register with.
- Change your passwords regularly. Change your passwords regularly. Oh, and Change Your Passwords Regularly. There are some terrific (and free!) password managers out there such as LastPass. Get informed, and then get your digital life protected.
- Never use public computers or free, unencrypted Wi-Fi to conduct any sort of financial or e-commerce transaction. (We’ll address more about mobile security in a later blog post.)
- Don’t become the next victim of an email-and-phone scam. If someone calls asking for personal/financial/account information from your bank or your store, be on the safe side. Hang up, and call your known and trusted number directly. It’s on the back of your bank card, or somewhere similarly convenient.
- If it sounds too good to be true, it likely is.
Want to read more posts like this? See our full blog here.