The new edition of the LexisNexis Risk Solutions Cybercrime Report shows how some fraudulent behavior patterns have shifted during the COVID-19 pandemic. The report is published every six months, with this new edition covering the last six months of 2020.
Vice president of fraud and identity management strategy Kimberly Sutherland said 2020 was noted for the significant increase in digital transactions across all sectors. More than 47 billion transactions were processed across the network in 2020, up from 35 billion in 2019. The 24.6 billion transactions in the second half were a full 12 billion more than in the same period of 2019, as the COVID-19 pandemic persisted and people adjusted their behavior. Global transaction volume across the LexisNexis network rose 29 per cent in the second half.
Two-thirds of those transactions occurred on mobile devices. Interestingly, the rate of mobile transactions continues to be higher in Canada than the United States, though Americans are closing the gap.
This was the first time Lexis Nexis split data into different age groups and they were rewarded with some interesting results, Ms. Sutherland said. The age group experiencing the highest attack rate were people ages 25 and younger. While many of those attacks failed it highlights the fact younger people are most heavily invested in technology but many do not keep up with security protocols such as multi-factor authentication.
“They are the heaviest users of technology and generate the most digital transactions,” Sutherland said. “Fraudsters are going to go where the volume is.”
The young folks are joined by those aged 75 and up as the most frequent targets. While many are quite tech-savvy, others have been forced into digital behaviors such as shopping and banking by the pandemic and are still adjusting their habits, Ms. Sutherland suggested.
The best way for companies to protect their growing number of digital customers is to make the online experience as convenient as it is safe, Ms. Sutherland said.
“Security and CX have to go hand-in-hand,” she explained. “As long as there is no imbalance there is a high likelihood customers will adopt the behaviors presented to them as authentic options.”
As the pandemic stretched into 2020’s second half some patterns began to change. Whereas the first half saw many existing customers increasing their online activity, the second half saw many people create new habits as they adjusted to the pandemic. People who didn’t shop online now created accounts in order to buy groceries, clothing and office supplies.
“The U.S. is at the top year after year,” Ms. Sutherland said.
The largest growth countries for human-initiated attacks are Guatemala, Bahrain and Zimbabwe while the top new ones for bot activity are the Isle of Man, United Arab Emirates and Nigeria.
The best defence? Well-established, layered strategies appear to deter cybercriminals as they gravitate to the more vulnerable who have been forced online due to the pandemic.
I asked Ms. Sutherland if machine learning fraud detection models struggled to adjust to the sudden and dramatic behavior shifts due to the pandemic, but she said the good news is they held up quite well. In some sectors like financial services, the increased number of login attempts from trusted customers bolstered the models. The adaptive nature of the machine learning models, combined with a multi-factor approach that included behavioral biometrics meant many companies were well prepared for the major shifts. Behavioral biometrics were key as they track how users interact with their device. Should changes occur they are easily detected. If large patterns of similar actions appear, they could suggest machine activity.
Other key findings
- While financial services organizations saw an overall decline in bot volume, the absolute volume of attacks targeting this industry remains extremely high
- Mobile browser transactions continue to see the highest rate of attack, while mobile app transactions are attacked at the lowest rate.
- Fraudsters also preyed on consumer anxiety, with pandemic-related scams that offered products and services that were either in demand, or in short supply.