Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

Posted By Wanda Rich

Posted on May 22, 2024

Why Online Fraud Prevention Is Getting Harder Than Ever

Why Online Fraud Prevention Is Getting Harder Than Ever

Online fraud prevention is often likened to a game of cat and mouse, where determined cybercriminals are constantly innovating with new techniques to [1]bypass security systems, infiltrate networks and perform illegitimate financial transactions.

Almost every day, a fraudster somewhere is able to exploit some new kind of vulnerability and steal money, which often comes at the expense of brands and their customers. Given this situation, organizations have no choice but to remain vigilant and adapt to the evolving threat landscape.

The Increasing Sophistication of Hackers

Cybercriminals have been around ever since the internet first emerged, and the techniques they employ now are far more sophisticated than the old “advance fee scams” that involved tall tales of Nigerian princes requesting “help” in moving millions of dollars offshore.

These days, hacking is all about “phishing” for employees’ and consumers’ login credentials, social media and investment scams, and advanced “client-side attacks” that take advantage of vulnerabilities in JavaScript code. These techniques are often alarmingly effective making online fraud prevention challenging.

This is evidenced by a February 2024 report by the Federal Trade Commision, which revealed that U.S. consumers lost more than $10 billion to online fraud scams in 2023, up 13% from the previous year[2]. Some of the most common attacks included online shopping fraud, investment scams, imposter scams, and business and job opportunity scams, the report found.Why Is Online Fraud on the Rise?

One major reason for the growth in online fraud is the accelerating shift towards digital payments. This trend got a huge boost with the COVID-19 pandemic, when millions of consumers turned to online shopping and contactless payments.

A 2022 report from McKinsey shows that global payment revenues hit an astonishing $1.9 trillion in 2020, making the burgeoning industry an increasingly attractive target for cybercriminals[3]. In North America and Europe, digital payments have expanded at twice the rate of GDP growth in those regions, McKinsey found, while in Asia their adoption is growing at an even faster rate.

More consumers buying goods and services online using digital payment tools means more user accounts and transactions for hackers to target. A second report by KPMG notes that cybercriminals are actively trying to develop new strategies to exploit digital payment services, leading to an increase in fraud, money laundering, terrorist financing and other risks[4].

Fraud as a Commodity

Not only do hackers have more targets than ever, but their job is also getting much easier thanks to the commoditization of fraud. Online fraud prevention efforts are increasingly hampered by the growing availability of stolen credentials, which are openly sold on dark web marketplaces, enabling hackers to bypass the most capable security systems.

In 2022, cybercriminals stole a staggering 22.62 billion credentials and personal records, including account logins, financial information, email addresses and social security numbers, according to a report from the security firm Flashpoint[5]. These stolen credentials have become a valuable commodity for hackers, since they can be purchased relatively cheaply to obtain direct access into corporate networks, databases and other digital assets.

The same report details that 190 illicit marketplaces for stolen credentials emerged on the dark web in 2022. Apparently, one forum alone – advertised as the successor to the infamous Raid Forums site that was taken offline by law enforcement – grew from just 1,500 members in March of that year to more than 190,000 by the year’s end.

One worrying trend that has emerged from this flourishing marketplace for stolen credentials is the rise of ransomware gangs that operate on an “as-a-service” business model. Rather than attempt to hack victims themselves, ransomware creators will either purchase stolen credentials, or more commonly, collaborate with hackers to infiltrate organization’s IT systems and share the ransom payments they collect.

Rising Client Side Attacks

The demand for stolen credentials has led to a significant rise in security breaches that happen on the client side. Traditionally, hackers used to focus their efforts on corporate data center servers, but as these targets have become much tougher nuts to crack, the trend now is to focus on the clients, or the content they see on websites and applications, often exploiting vulnerabilities to steal valuable information.

Generally, client-side attacks rely on the overwhelming popularity of the JavaScript programming language, which, according to W3Techs, is used by 99% of all websites and applications today[6]. JavaScript is especially useful because it enables rich functionality such as the ability for users to log into accounts and manipulate elements on a website or app (such as posting a comment), and read data.

But the power of JavaScript also makes it extremely vulnerable to malicious code injection, which gives hackers almost unlimited access to any data that’s entered into the website or app.

The risks of client-side attacks are ever-present, with Tala Security’s 2020 Global Data at Risk report finding vulnerabilities in 92% of the 1000 most-trafficked websites, enabling potential client-side attacks such as cross-site scripting, form-jacking and credit card skimming[7].

Bots Getting More Sophisticated

The data stolen from client-side attacks and sold on illicit marketplaces is often leveraged by increasingly more sophisticated bots, which aim to automate attacks such as carding, account takeovers and data scraping.

The 2023 Enterprise Bot Fraud Benchmark Report highlights how account takeover attacks increased by 123% in the second half of 2022, while carding attacks, where bots make repeated attempts to authorize stolen credit card information, were up 161%[8]. Moreover, scraping attacks, which is where bots scrape websites for information that could be used to perpetrate fraud, were up 112%.

These numbers provide a stark reminder of the threat of bots, which have evolved to perform many different tasks associated with hacking. Once used almost exclusively for distributed denial-of-service attacks, bots can now automate almost every aspect of hacking, creating enormous headaches for online fraud prevention teams.

One growing trend involves the use of bots that combine both automation and human input to create “mule accounts” at financial services institutions. These bots have evolved to evade the most rigorous fraud detection systems used by banks, enabling hackers to open multiple accounts that can be used for money laundering and scams.

Cybersecurity Must Evolve Accordingly

The threat of online fraud is evolving rapidly, and the only way for organizations to respond is by reacting as fast as the changing nature of the threats they face. These days, cybersecurity strategies must be made up of a combination of advanced authentication, integrated AI-powered threat detection, account takeover protection, client-side attack prevention and bot detection systems.

By embracing these innovations, organizations can build a robust cybersecurity system that allows them to stay one step ahead of the bad guys in the never-ending battle against online fraud.

[1] https://www.globalbankingandfinance.com/enhancing-safety-and-security-through-ai-powered-fraud-prevention/
[2] https://www.ftc.gov/news-events/news/press-releases/2024/02/nationwide-fraud-losses-top-10-billion-2023-ftc-steps-efforts-protect-public
[3] https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/managing-financial-crime-risk-in-digital-payments
[4] https://kpmg.com/us/en/articles/2023/rising-financial-crime-risks-digital-payments.html
[5] https://flashpoint.io/resources/report/state-of-cyber-threat-intel-2023/
[6] https://w3techs.com/technologies/details/cp-javascript
[7] https://www.securitymagazine.com/articles/92824-of-top-websites-provide-attackers-with-access-to-customer-data
[8] https://www.humansecurity.com/hubfs/HUMAN_Report_2023-Enterprise-Bot-Fraud-Benchmark-Report.pdf

Recommended for you

  • Factbox-What does Len Blavatnik’s streaming platform DAZN do?

  • Exclusive-Synopsys’ $35 billion Ansys acquisition to be approved in EU, sources say

  • Italy fines OpenAI over ChatGPT privacy rules breach