Anti-fraud experts have warned e-tailers that this year could be the biggest Christmas for cybercrime ever, after 45 million attacks on e-commerce firms were stopped in Q3.
The ThreatMetrix Q3 Cybercrime Report draws its conclusions from the firm’s Digital Identity Network, which analyses over one billion transactions each month to protect customers around the globe from fraud.
Despite the third quarter being typically a quiet period as fraudsters gear up for the big festive season, ThreatMetrix blocked 45 million fraud attempts over the past 90 days—a 25% jump from the previous quarter.
This indicates a busy Christmas for fraudsters in 2015, the firm predicted.
In fact, this year is likely to see fraud attempts double that of the 11.4 million blocked by ThreatMetrix in 2014, representing millions in potential losses, the vendor claimed.
In Q3, it was account creation rather than payment fraud which was the most “risky.”
Although account creation transactions represented only 1% of the total analysed by the Digital Identity Network, 7% were blocked as fraud.
This is compared to the 21% that were payments, 3.2% of which were classed as “high risk,” and the 78% of transactions that were account log-ins, 5% of which were blocked.
ThreatMetrix senior director of strategy and product marketing, Vanita Pandey, said the spike is being driven by a rise in device spoofing tools combined with hacked and breached identities.
“We expect this to continue to be one of the biggest attack vectors during the holiday season,” she told Infosecurity.
“The biggest risk from these attacks would be for retailers who are using first generation browser fingerprinting technology.”
She added that low frequency attacks using botnets designed to evade current security measures are also increasingly the norm as fraudsters become more sophisticated in their attempts to trick e-tailers.
“These attacks use slow traffic that appears legitimate and doesn't violate any triggers that are set around protocols and rules. Hence they are able to pass undetected and evade the tools that businesses have deployed,” she revealed.
“This exposes retailers to increased fraud losses, customer attrition due to lack of trust and insult due to false positives, and ultimately a loss in shareholder value and brand equity. A new layer of digital-identity aware security solutions is required to stop these bot-breaches and reduce false positives causing loss in revenue and productivity.”