adimas - Fotolia
The report, which is based on an analysis of 20 billion online transactions, reveals that cyber criminals are seeking to capitalise on alternative lending and payment models.
Online fraudsters are exploiting the time delays inherent in reporting loan agreements to credit bureaus for substantial financial gain.
This attack method is expected to grow in 2017, with the number of attacks specifically targeting alternative lending up by 150% since the third quarter of 2016.
ThreatMetrix detected 80 million attacks using fake or stolen credentials during 2016 in the finance sector alone.
Another significant industry trend is the 250% growth in mobile transaction volume year on year, with almost 55% of financial services transactions now coming through mobile devices.
In the UK, the fourth quarter of 2016 saw a 10% growth in overall financial services transaction volumes from an already high level of close to one billion in the previous quarter.
This growth is mainly driven by an increase in financial services account log-ins coming from mobile devices, the report said.
Financial services had its biggest mobile quarter ever in the UK, with 76% of transactions coming from mobile devices.
In addition, the report said UK consumers are now also increasingly opening new accounts on mobile devices, with steady growth in mobile account applications in the past year.
“Due to its surge in popularity, and fast transaction cycles, online lending has become a prime target for cyber criminals,” said Vanita Pandey, vice-president of strategy and product marketing at ThreatMetrix.
“Online lenders are under increasing pressure to adopt smarter authentication methods that leverage real-time, behaviour-based intelligence to accelerate genuine loans and prevent fraud,” she said.
According to Pandey, this approach is the only way for financial services firms to thrive in an increasingly competitive market.
Read more about online banking and cyber security
- Financial Conduct Authority concerned about cyber security of banks.
- There was a 48% rise in the amount of money stolen from UK online bankers in 2014 as criminals pilfered more than £60m.
- Advanced Trojan that has been targeting different regions is now preparing to hit UK banks, according to IBM X-Force Research.
- A reporter on the BBC Radio Four You and Yours programme has managed to hack a NatWest online bank account and extract cash.
Besides the US, ThreatMetrix saw this type of fraud originating in developing countries, including Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia. This is in keeping with the rise of emerging nations as players in online fraud across all industries, the report said.
Brazil emerged in the fourth quarter as a major attack destination, and ThreatMetrix saw a significant increase in attacks coming from emerging economies, including Tunisia, Ukraine, Malaysia, Bangladesh, Pakistan, Serbia, Morocco, Guadeloupe, Qatar and Cuba. Identity spoofing is the leading attack vector in such economies.
“The fact that developing nations are becoming bigger players in the online fraud game demonstrates the spread of breached identity data to countries across the globe,” said Pandey.
“One in four transactions on our network is now cross-border, illustrating a global village economy that’s continuing to take root. Global data breaches are making stolen identity data globally available via the dark web, and this information is traded by organised and networked crime rings,” she said.
Increase in financial attacks numbers
The ThreatMetrix report comes just days after Kaspersky Lab reported that the number of people hit by financial cyber attack grew in 2016 after falling in the previous two years.
The report said financial phishing attacks were at an all-time high in 2016, with financial attacks accounting for nearly half (47.48%) of the 155 million phishing scams recorded in total.
In 2016, there was also an almost 30% increase in the number of users attacked with banking Trojans in 2016, with just more than one million hit.
Kaspersky Lab said while financial services firms have been working hard to make financial transactions online more secure through things such as multifactor authentication and customer education, more needs to be done.
“Our threat statistics show there is still plenty of room for financial fraud operations involving phishing and specific banking malware in this sphere,” the report said.