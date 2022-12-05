The bot attack rate for e-commerce businesses was significantly higher at 155%, according to the LexisNexis Risk Solutions’ first Global State of Fraud and Identity Report released on Tuesday.

The survey included interviews with almost 3,000 risk and fraud executives in retail, e-commerce and financial services/lending across the globe over the last year.

“Digital fraud has continued to grow as economies around the world re-opened in 2022, as we anticipated in our H2 2021 Cybercrime Report based on early trends in the United States, Europe, the Middle East and Africa.

“The latest surge in scams shows how the fraud landscape will continue to morph. Organisations need to use flexible fraud prevention models coupled with an adaptive authentication approach,” says Stephen Topliss, vice-president, fraud and identity, at LexisNexis Risk Solutions.

Topliss says a solution approach deep in layers, combining behavioural biometrics with global digital identity data and risk-appropriate authenticators, enables businesses to confidently make risk-based decisions while delivering a friction-appropriate customer journey.

The report demonstrates how digital transactions dominated the global marketplace as the pandemic-driven trend of consumers migrating to online interactions became commonplace behaviour.

Pandemic-driven digital transaction growth continued to attract fraud attacks, with global businesses recording a 32% jump in the human-initiated attack rate over the past year, while high-velocity automated bot attacks were up 38% year on year.

Shifts to mobile channels continued to increase, reaching 76% of all transactions in the digital identity network. Consumers today use an average of four connected devices to facilitate digital economy transactions.

The addition of new e-commerce channels via marketplaces and within the wider banking ecosystem, along with a proliferation of payment options such as Buy Now Pay Later (BNPL), digital wallets and QR codes, contributed to a growth in transactions across mobile channels.

As consumers adopt multiple digital channels and payment formats, they expect a positive experience and trusted security measurements at every touchpoint. Identification and authentication solutions across the entire customer journey are becoming mandatory, as fraudsters build attack strategies at every stage.

The report reveals that one in 12 new account openings, and one in 20 password resets, represent an attack.

“Cybercriminals quickly launch complex attacks on the weakest link in the omnichannel network, targeting individuals who are newer to transacting online with less cybersecurity awareness, while targeting companies that – in their rush to provide consumers with digital transaction options – have not deployed adequate defences,” Topliss says.

Key findings from the report include:

Fraud evolves with new payment methods: Increased adoption and strong demand for contactless payment methods are major contributors to the rise of QR code fraud. BNPL is gaining traction globally, leading to an increase in new account opening fraud.

Increased adoption and strong demand for contactless payment methods are major contributors to the rise of QR code fraud. BNPL is gaining traction globally, leading to an increase in new account opening fraud. Risks in the digital ecosystem: Fraud networks are increasingly pervasive in the omnichannel digital ecosystem leading to a dramatic rise in scams including social engineering, identity theft, password reset and account takeover fraud. The escalating risk of account takeover fraud is one of the biggest threats, as mobile app login attack rates increased 211% year on year.

Fraud networks are increasingly pervasive in the omnichannel digital ecosystem leading to a dramatic rise in scams including social engineering, identity theft, password reset and account takeover fraud. The escalating risk of account takeover fraud is one of the biggest threats, as mobile app login attack rates increased 211% year on year. Identity verification remains the top hurdle: Customer identity verification remains a top challenge for global businesses, which cited limited real-time third-party data (46%) and limited real-time transaction tracking (43%) as the two biggest challenges when it comes to verifying customer identity in online channels.

Locally, companies – particularly those in the financial services arena – have spent millions educating their customers about new and evolving security risks.

However, authentication expert Entersekt says South African consumers are now so hyper-aware of protecting their personal data, that many are inadvertently disabling their means to some of the strongest digital security available.

“Striking the balance between friction and security will require re-educating customers and making them part of the solution,” says Andries Maritz, product manager at Enterekt.

Maritz says authentication is generally viewed as a one-size-fits-all solution, but this approach is no longer appropriate and not only adds layers of friction that will hurt the customer experience, but also cuts the customer off from a better security option.

“Context-aware authentication looks at each transaction and each user profile and then makes a judgement call as to the most appropriate authentication journey for that transaction.

“The problem is that as customers take control of their data, many are switching off certain functions in apps, such as location data. While it’s understandable that users are mistrustful of being tracked, this could potentially force a shift in how authentication solutions operate and assess risk,” he explains.

The authentication method has evolved to accommodate the move towards omni-channel customer experience.

A Future of Authentication in Financial Services survey, conducted by PYMNTS and Entersekt, shows that 25% of consumers use multiple devices to check their bank accounts. This means banks and other financial services companies will need to build up data across all digital channels over a period of time in order to deliver accurate estimations of the legitimacy of users and transactions.

“Consumers are wary of the unknown. They may not immediately understand what companies are using their data for, and this can cause panic. For instance, your banking app may access your camera in order to compare your face to the picture it has of you on file.

“Or it may access your microphone, apply artificial intelligence to emit a noise, and see if that noise bounces back to ensure it is not dealing with a recording of your voice.

“There are also other liveness detection features, which may be startling if the user is not aware of them. We believe that organisations should inform customers and make them part of the security solution,” Maritz says. BM/DM