Financial institutions around the world are facing a surge in fraud and cyberattacks. A new report by LexisNexis Risk Solutions explores the state of digital fraud, revealing a 17% increase in digital fraud attacks within the financial services sector in 2023.
According to the report, human-initiated attacks in financial services rose to 1.2% last year, up 8% year-over-year (YoY). Notably, North America saw a 30% rise in attack rates, in contrast to declines in Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA), where rates dropped by 15% and 24%, respectively.
In 2023, the financial services industry continued to sustain the most automated bot attacks, with 1.8 billion attacks, representing half of the global total of 3.5 billion. Despite this high volume. the number of bot attacks in the sector decreased by 6% YoY.
In financial services, new account creation attacks increased by 12% YoY, driven by increases on the mobile channel, primarily mobile browser. New account creation fraud refers to the act of fraudsters creating new accounts, often using stolen or synthetic identities, to access online services or obtain lines of credit.
Payment fraud, in which stolen payment credentials are used to make illegal transactions, rose by 9% YoY, signaling heightened financial risks for banks. The growth in payment fraud primarily occurred through mobile channels, with attackers increasingly leveraging alternative payment methods, such as direct deposit.
Digital fraud on the rise
The annual LexisNexis Risk Solutions Cybercrime Report shares key trends in digital fraud, drawing from cybercrime attacks detected within the LexisNexis Digital Identity Network. The analysis, which takes into account activities that occurred between January and December 2023, examines consumer interactions across various stages of the online journey, including account creation, logins, payments, password resets, and monetary transfers.
Overall, the research reveals that digital fraud attacks across all sectors increased by 19% YoY in 2023, with the most significant rise seen in North America, up 43% YoY, and the e-commerce sector, which rose 59% YoY.
Automated bot attacks remained stable in 2023 compared with the previous year, though the targets shifted. Gaming and gambling organizations saw a 103% increase in bot attacks in 2023, while e-commerce bot attacks remained elevated after significant increases last year, signaling a possible new benchmark. Financial services, meanwhile, continued to sustain the most attacks overall.
Third-party account takeover as the top fraud type
Third-party account takeover was the most common type of fraud in 2023, accounting for 28.7% of all cases. This type of attack occurs when a malicious actor gains unauthorized access to a user’s account on a third-party platform, service, or application. This typically happens through phishing, credential stuffing, social engineering, or exploiting vulnerabilities in the platform’s security.
Other prevalent types of fraud in 2023 included scams (16%); bonus abuse (16%), where a malicious actor exploits promotional offers or incentives provided by online platforms for fraudulent gain; and first-party fraud (14.6%), where legitimate customers intentionally misrepresent themselves or their actions to gain financial or material benefit.
The report also notes the rapid rise in authorized payment fraud, also known as authorized push payment (APP) fraud, particularly in Southeast Asia where scam centers have proliferated.
Several well-connected organized criminal groups, mostly originating from China, operate cyber scam centers across Southeast Asia, mainly in the poorer states of Cambodia, Laos, and Myanmar. Their scams usually are efforts to con unwitting victims around the world out of their financial savings.
These scam centers are often staffed by thousands of people, most of whom the criminal groups have illegally trafficked and forced to work in inhumane and abusive conditions. The UN High Commissioner for Human Rights estimates that more than 200,000 people have been trafficked into Myanmar and Cambodia to execute these online scams.
These organized crime rings rake in close to US$3 trillion in illicit revenue annually, CNN reported in March 2024, with one international group reportedly making a whopping US$50 billion a year.
For more insights on the fraud landscape across APAC, download the “Confidence Amid Chaos: Managing Fraud and Scams with Data and Analytics” Report at this link.
Featured image credit: edited from freepik