Throughout the past years, the number of unauthorised transactions has been on the rise as well as the associated costs. Today, it is vital for online businesses to follow the upcoming fraud trends in order to improve their decision making processes and to gain market insight. Fraud, like any other crime, can best be described by the existence of the following three factors: the steady resource of likely offenders, the availability of suitable targets and the lack of capable guardians against the crime. We have compiled the latest trends and forecasts that are worth keeping an eye on throughout the oncoming year.
Stolen creditcards will continue to dominate
The past years have shown an increase in stolen credit card information. Cost of fraud as percentage of annual revenues has increased from an average of 1.32% as of 2015 to 1.47% by the end of 2016. In 2017, this trend will continue with fraudsters using a variety of methods.
- Zero day vulnerabilities: Abusing zero-day vulnerabilities in e-commerce platforms will continue to be the major source of creditcard theft. In these cases, the delinquent exploits a bug right before the developer has the opportunity to create a patch fix.
- Phishing sites: Stealing credit card information through phishing sites is still going to be among the most common ways of deceiving. Fake websites are created by fraudsters in order to fool law-abiding-citizens into providing their valuable information. Taking this to the next level, fake e-commerce stores started popping up as of 2016 which also serve to steal credit card information. Some fraudsters may even go as far as setting up legit e-commerce stores selling inexpensive mobile phone accessories and actually shipping said products, with the sole purpose of misleading customers into handing over their credit card information.
- Point-of-sale (PoS) malwares: Point-of-sale malwares are software solutions designed to steal credit card information. The biggest PoS breach of 2016, involved the identity and payment information theft of HEI Hotels & Resorts customers. As of last year, several US based top-tier hotels as well as luxury retailers have been breached through PoS malwares, leading the statistics based on industry. The good news is that, currently there seems to be a halt in the appearance of new PoS malwares.
Account takeovers and phishing will be a massive trend
Identity theft due to hacking and malwares is still the most common way of breaching across all industries. The two trends that are next in line are portable device loss and unintended disclosure, which are both reported to be secondary ways of breach methods. During these data breaches, personal information is most commonly stolen, as well as login credentials. Financial data is next in line, containing banking, insurance and billing information. In the case of personal information theft, there is a 21.8% probability that financial data is also being breached at the same time. The personal information of individuals is then distributed in batches through several Deep Web marketplaces. Compromised accounts for PayPal, eBay, Netflix, Amazon, Uber can easily be obtained. Account takeovers will continue to be a massive problem for online retailers and service providers as of 2017.
Phone spoofing will be a major method of deceit
The newest trend of identity theft involves telephone number spoofing. There are several providers out there that specialize in allowing their customers to call from any given phone number. Therefore, fraudsters are easily able to impersonate any given phone number, be it institutional or personal. This is a massive opportunity to convince a customer representative that the person calling is a legitimate user. A common method of deceiving involves the fraudsters calling their victims from the number of a financial institution, and demanding their financial information or even credentials. If succesfull, the delinquent then calls the financial institution from the spoofed number of the victim and impersonates said person. The bank verifies the fraudulent caller to be the legit customer and therefore allows them to conduct financial activities under their persona. At this stage, the deceiver has full access to verify high volume transactions as well as reset 3-D Secure (VbV/MSC) passwords. Phone spoofing is a very recent technique of deceipt and there is a lack of valid solutions out there. It seems as if this will be a major method of circumventing in 2017.
Key takeaways: Fraudsters are adapting intricate methods of deceit. Old school phishing is getting replaced by a new wave of fake e-commerce web-shops. Phone spoofing is also a topic worth keeping an eye on.