Andreas Baumhof, ThreatMetrix CTO, looks at how, as cybercriminals continue to take advantage of the downstream effects of data breaches, businesses protect consumers against emerging threats.
Following a number of recent high profile data breaches, cybercriminals are seizing the opportunity to use stolen identities to their advantage and exploit hosted servers. More specifically, breached identities are being funneled through rented online servers using stolen credit cards.
Our recent analysis shows that fraudulent attacks rose 20 per cent in the second quarter of this year to reach 36 million fraud attempts. The same analysis showed that cybercriminals targeting financial institutions are increasingly focusing on the online lending space.
Attacks in this space spiked significantly, primarily in the new accounts originations and payment disbursements areas. Online lending is seen as an easier way for the unbanked and underbanked to gain access to loans in a matter of days, making it a top target for cybercriminals.
For example, Zopa, a major UK peer-to-peer lender, has issued £829 million in loans since they started ten years ago.
So, as cybercriminals continue to take advantage of the downstream effects of data breaches, including compromising digital identities and hosted data centers, how can businesses protect consumers against emerging threats?
1. Flag transactions coming from hosted servers and data centres
These transactions should automatically set off a red flag to businesses, as fraudsters use these servers to route traffic using stolen data. Instead of hosted servers, authentic customer transactions are likely to come from business, consumer and mobile networks.
2. Leverage global shared intelligence
To proactively counter cyber threats, your organisation needs to look beyond its own walls to share anonomysed- but actionable- intelligence about compromised identities and devices. With every data breach, all businesses operating online become targets of the digital debris, as pieces of a user’s digital identity can be used over and over again, with each attack increasing in sophistication on a daily basis.
By sharing threat information across a global network, businesses can ensure suspicious transactions and activities are blocked without adding friction for authentic and returning customers.
3. Assess digital identities
Every business should have a cyber security strategy that includes real-time decision analytics that dynamically assess consumer digital identities, devices and behaviour across channels and institutions – in an anonymised way which protects their customers’ privacy.
As millions of stolen identities are in use following high profile data breaches, a digital identity network analyses consumers’ digital information – including devices and behaviour – in one place and flags it if compromised credentials are not being used by their legitimate owner, in real time.
In addition to businesses implementing advanced security strategies to protect against emerging threats — including cybercriminals targeting data centres — consumers need to take caution with online activity.
All too often, consumers overlook security for the sake of convenience, but taking a few simple steps — such as using unique passwords across websites, limiting the amount of personal information shared online, avoiding use of public Wi-Fi and flagging suspicious transactions or account activity — can go a long way in staying protected online.