14 DAY TRIAL // Based on data gathered during a six-month period by its TrustDefender Cybercrime Prevention Platform from 1,500 customers, ThreatMetrix has been able to come up with some interesting statistics regarding new account registrations, online payments fraud, and account takeovers.
According to the security firm, almost one in ten registrations for online services is done by using a spoofed or a synthetic identity.
“Account registrations saw the highest rate of attack among the key customer engagement use cases,” said Alisdair Faulkner, chief products officer at ThreatMetrix.
“This isn’t surprising in light of large scale data breaches recently highlighted by Symantec in their Internet Security Threat Report 2013 and Verizon in its 2013 Data Breach Investigations Report. These breaches underscore the relative ease of obtaining a person’s full identity information sufficient enough to bypass most identity verification capabilities,” he added.
“The economic impact of these attacks varies by industry. However, the common thread is that without automated visibility into the true device, persona, relationship and global behavior, the only alternative is additional verification roadblocks put in front of legitimate customers and extended review and hold-out periods.”
As far as payments fraud is concerned, the company says that it increased from 3.1% to 6.4% in a six-month period ending in March 2013.
This increase might be explained by several factors, including the use of banking malware by credit card fraud gangs, and the overall increase in global commerce.
When it comes to account takeovers, the number of attempts to take over accounts has grown by 180% between October 2012 and March 2013.
Usually, cybercriminals try to take over banking and brokerage website accounts, but now they’ve also turned to e-commerce sites that store credit card details, and SaaS firms that don’t have all the necessary protections in place.
The sophistication of account takeover attempts is also growing. ThreatMetrix says cybercriminals are using multi-stage malware exploits and multi-stage scripted attack exploits to carry out the task.