Can we expect any better in 2018? As we start out the new year, BioCatch’s head of cyber strategy, Uri Rivner, put together a list of the top ten types of cyber fraud that have a strong chance of making headlines this year. Here are his predictions.
Cyber fraud predictions for 2018
1. Blockchain hacking will intensify
In 2018, cyber attacks on digital currency wallets and exchanges will intensify. We will see the first cyber attacks against non-Bitcoin blockchain networks and the first serious attempts to breach the trust in blockchain based networks. So far, the Bitcoin distributed ledger has survived many takeover attempts. But now, organizations are privately building blockchain-based technologies that are inherently less secure and more susceptible to hacking.
2. Cybercriminals will target financial institutions with chatbot takeover
Banks that use text-based chatbots for payments will experience the first fraud cases this year. Chatbots are highly-efficient automated or semi-automated channels for assisting users and are popular in the fintech industry. As financial institutions begin using chatbots to facilitate payments, cybercriminals will impersonate good users and take over their accounts, possibly using remote access into the regular user PC to neutralize any device-based recognition.
3. Fraudsters will employ OpenBanking API attacks
New EU regulations scheduled to go into effect by the end of 2018 will require every bank to offer open APIs that can be used by any third party to initiate payments from their customers’ accounts. Once implemented, fraudsters will immediately begin attacking banks via third parties – and there is little the banks can do, as many of the security and fraud controls currently protecting their digital channels will not be monitoring those sessions. As a result, European banks will begin experiencing fraud via taking over third-party relationships.
4. Children database breaches will lead to greater synthetic identity fraud
Following massive data breaches targeted at credit bureaus, the next wave of fraud will focus on the PII of children in order to conduct synthetic identity fraud. Synthetic IDs often use a child’s social security number with a fake name and date of birth to avoid clashing with a real identity. The criminals then use various gaps in the credit scoring system to generate a perfect record for this non-existent person.
5. Personal attribution will help track the digital patterns of hackers
With the new U.S. administration declaring a tougher stance on state-sponsored cyber attacks, clear and decisive attribution will become a priority for government and industry players. One of the most interesting trends will be personal attribution – the ability to know which specific hackers within the actor’s organization were responsible for the act. New advances in behavioural and cognitive biometrics will allow tracing the subtle digital patterns of individual hackers.
6. Malware-augmented account openings will become more efficient
Sophisticated gangs will begin using malware to take over victims’ email accounts in order to pass email and social media checks.
7. Smartphone-originated fraud will intensify
Today many attacks on mobile apps use PC emulators. These are easy to detect. In 2018, fraudsters will move to using actual smartphones to commit mobile fraud.
As the US and other countries move to faster payments, account takeover fraud levels will rise and fraud teams will need to re-arrange their operations. The speed and volume of transactions will make it easier for fraudsters to act undetected and harder for banks to respond, as thousands of additional transactions per day will have to be reviewed.
9. Retro fraud will bring back 10-year-old cyber threats
Many banks now deploy next-generation fraud defences that can deflect advanced cybercriminals. With cybercriminals up against tougher security, we’ll see more “retro fraud” cases in 2018. Ten-year-old attacks, such as automated MITB and data switching, will be a threat to cybersecurity once again.
10. Collaboration between AML and fraud teams will improve
This year, more banks will establish joint AML-Fraud operations as the resources cybercriminals use for both — new fake accounts and collaborator accounts (mules) — become more and more shared in both schemes.
A new year offers a prime opportunity to stop and reflect and make changes toward a more secure digital environment. Though cyber fraud is on the rise, there are ways for businesses to stay one step ahead of cybercriminals, keep consumers secure and avoid falling victim to the predictions outlined above. In particular, new behavioural biometrics solutions are helping companies across industries reduce the astronomical losses associated with fraud while also providing smooth and secure user experiences. From banking and payments to the insurance industry, 2018 will be a year of forward movement toward more powerful fraud prevention solutions.
Interested in learning more? Take a look at our data sheet on how BioCatch accomplishes real-time fraud detection.