If you are a believer that the best predictor of future events is based on those of the past, I’d like to share insights based on real-world fraud data from the past year and offer ideas on what we can expect from the global cybercrime landscape in 2017.
Mobile Eats the World
Yes, mobile is literally eating the world. It has become the dominant channel for instant communication and the expressway for banking and commerce worldwide. As organizations use mobile to transform the way they interact with customers, cybercriminals have also taken note, as evidenced by the rise in fraud attempts originating in the mobile channel. In the past year, RSA has uncovered that 60 per cent of transactions confirmed as fraud originated from a mobile device. And, mobile traffic is also growing at unprecedented rates, with RSA witnessing a nearly 1:1 ratio between mobile and web transactions.
Predictions for 2017:
- Mobile transactions will outpace web transactions for the first time. Fraud will continue to grow rapidly within the mobile channel, particularly from mobile applications, as banks, retailers, and other service providers offer more services to their customers via mobile apps.
- Biometric authentication will start to take off for mobile users. Many such initiatives are happening now, and cyber security is not the main driver. User experience is key to driving adoption of the mobile channel. Biometrics are considered the best option, as opposed to the traditional username/password combination, which is not ideal as a user access method for mobile customers. Fingerprint, voice, and eye print, combined with risk-based transaction monitoring, will be the predominant technology combinations for authentication and fraud management in the mobile channel.
Fraudsters Will Go Shopping On You
As the opportunity for in-person fraud diminishes with the rollout of EMV, card-not-present (CNP) fraud will dramatically increase, reaching over $7 billion in the U.S. by 2020. As fraudsters move from in-store card present fraud to purchasing goods with stolen cards from the comfort of their couch, retailers are likely to feel the effect. Today, online money transfer and bill pay services account for approximately 1 in 5 e-commerce fraud transactions, followed by the hospitality and airline, electronics, jewelry and fashion, entertainment (i.e., event ticketing sites), and gaming industries.
Predictions for 2017:
- The launch of 3D Secure 2.0, led by EMVCo, is going to change the game for the e-commerce ecosystem. There has been a flurry of renewed interest in the wake of the recent announcement. The new protocol offers many enhancements to the 1.x password-based, “challenge all” approach. Merchants and issuers are at least 12 – 18 months out from any major technology deployments as they just begin to formulate their strategies to adopt the 2.0 framework. As a result, there is still a massive window of opportunity for fraudsters to capitalize on card-not-present e-commerce fraud in 2017.
Don’t Let the Phish Bite
Among the headlines spouting ransomware hostages and DDoS botnets knocking entire countries offline, phishing is still a very real threat. From the CEO to the consumer, phishing is alive and well – and growing like never before. RSA identified more phishing attacks in the second quarter of 2016 than in all of 2015 combined; this equates to a new phishing attack launched every 30 seconds. The cost to organizations is hardly anything to scoff at either. When factoring in the average uptime of a phishing attack and the average cost for every hour an attack is live, phishing is estimated to cost global organizations an estimated $9 billion in losses in 2016.
Predictions for 2017:
- Phishers will continue to innovate in the coming year by improving on existing methods to host their attacks in order to increase the longevity that an attack is live. It is also a strong possibility that clever phishing attacks will emerge targeting cardholder information as breaches and skimming of POS terminals and ATM machines will be far less effective as more terminals are upgraded to support EMV cards.
This is just a glimpse into the 2017 fraud and cybercrime forecast. Stay tuned for more on DDoS attacks, botnets, credential stuffing, and account takeover when we deliver the full 2017 forecast in our Current State of Cybercrime series.
To access the 2017 Global Fraud & Cybercrime Forecast infographic, click here.
Marcus Lecuyer is area vice-president for Canada at RSA Security. Marcus is responsible for leading the overall business operations and go to market sales functions for RSA Security in Canada.Prior to this role as area vice-president, Marcus managed the Canadian financial services vertical for RSA focused on supporting the 5 largest banks in Canada. He brings over 20 years of experience in the IT industry with an infrastructure background before transitioning into Cyber Security.Marcus is an active member of the IT security community in Canada participating in user groups and advisory roles to educate customers, partners and consumers on the risks related to cyber security.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…