ThreatMetrix Q2 2018 Cybercrime Report

Threatmetrix shows mobile fraud growingWe all know the impact of the rapid rise of mobile transactions on e-commerce businesses. According to ThreatMetrix, in the last three years, mobile transactions have grown three times more than desktop transactions.

By the middle of this year, mobile transactions, including new accounts, logins and payments surpassed 58% of all traffic compared to just 19% when first measured by ThreatMetrix in 2015.

The bad news is mobile fraud rates in the first half of 2018 also rose 24% when compared to the first half of 2017. In the US, mobile fraud attacks rose even higher, showing an astounding 44% increase over the first six months of last year.

Mobile matters

The ThreatMetrix Q2 2018 Cybercrime Report notes:

“Almost two-thirds of all account creations now come from a mobile, while 76% of payments in the media industry come from a mobile device as consumers embrace digital wallets and mobile payments services such as Apple Pay.”

With GDPR now active in Europe and California adopting many of the same features to protect consumers, businesses now need to handle personal financial and payments data responsibly and transparently with the consumer firmly in command of their information.

The ThreatMetrix Digital Identity Network analyzed more than 8.3 billion transactions in Q2 2018, with 58% originating from mobile devices.

Of the 151 million fraudulent online attacks identified, 51 million (33.8%) were mobile attacks.

Evolution of mobile and fraud

ThreatMetrix tracked strong overall transaction growth – 41% year-on-year and 166% compared to the same quarter in 2015 – mobile transactions are growing at an even faster rate.

Let’s look at several key data insights on mobile transactions in the report:

  • total mobile transactions grew 72% year-on-year and 606% compared to the same quarter in 2015
  • mobile transactions totaled 58% of all network traffic but rose to 61% for all financial services account creations and 66% for all financial services account logins
  • one-third of all attacks come from a mobile device, so mobile is still a safer way to transact in comparison to desktop, despite an increase in attacks for some industries/use cases
  • overall mobile attack rate is 1.9% of all transactions
  • strongest mobile financial transactions growth comes from China, Southeast Asia, and India, while North America lags
  • mobile logins in the financial services sector showed a 200% increase compared to the same timeframe last year
  • mobile payments in the media industry showed a 51% increase in attack rate compared to last quarter, predominantly driven by an increase in attacks on the gaming and gambling industry
  • during the World Cup, mobile transactions from Russia to one gambling site grew 803% over the same period last year.

Other mobile fraud highlights & trends

ThreatMetrix Q2 2018 Cybercrime ReportStolen identity data is fueling the growth of cybercrime in developing economies. Bot traffic in Q2 predominantly originates from Vietnam, Indonesia, Russia, Malaysia, and South Korea.

An estimated 70 million bot attacks came from mobile devices and one global travel company showed a 46% growth in attacks from Russia, again seemingly linked to the World Cup event.

Mobile attack rates in China grew 127% and 64% in Southeast Asia compared with the previous quarter. Attack rates by volume and transaction type

Fraud attack rates by volume & transaction type

ThreatMetrix transactions span a range of industries including e-commerce, financial services, media, gaming/gambling, telco, and insurance.

Logins (82%) were the largest number of transaction types as the mobile commerce spreads globally and contributes to higher than ever overall transaction volumes and regular logins from hyper-connected users.

Payments made up 15% of all transactions and 3% were account creations.

Interestingly, when it comes to the attack rates by the type of transactions, 11.4% of total attacks were account creations, 4.7% were payments transactions and 2.6% were via account logins.

The picture changes substantially when the fraud attacks are identified as e-commerce transactions. 24.2% of attacks on e-commerce were account creations, 10.2% were account logins and 3.0% e-commerce payments.

Fraudsters are moving to mobile

Fraud attacks grew during Russia World Cup

It’s a simple market reality. As mobile transactions grow globally, so does mobile fraud.

In China, the sheer volume of mobile transactions means that the volume of fraud is substantial. In developing countries, mobile is the primary vehicle for transactions and less sophisticated users are more susceptible to device and identity spoofing, IP spoofing and bot takeovers.

“The sophistication of recent cybercriminal activity together with readily available customer data and automated tools, means that criminals can now easily target attacks aligned to world events – such as the World Cup,” ThreatMetrix reports.

And these challenges will only grow larger as mobile begins to dominate transactions in the future.