2019 predictions: Top four threats to digital and mobile banking
The following post was provided by Frank Teruel, SVP and GM of ThreatMetrix, a LexisNexis Risk Solutions company
1. Fraud attacks will continue to move to mobile-first as customers rely heavily on mobile banking
Based on current data, we predict that mobile attack rates will continue to accelerate and catch up to PC and MAC attack rates across all industries by the end of 2019. Mobile attacks are growing at around 24 percent, year-on-year, but currently lag behind the attack rates on transactions made from traditional PC and MAC browsers. More and more, banking customers rely heavily on the mobile channel for their day-to-day needs. In fact, financial services mobile transactions have tripled over the last three years. Today, more than 66 percent of all banking logins come from mobile devices. Undoubtedly, growth in the mobile channel for financial services will continue to accelerate throughout 2019 and fraudsters will follow suit, leading to perhaps the biggest ever uptick in mobile attacks in one year. Fraudsters prey on the fact that mobile users have a very low tolerance for the friction typically associated with security controls. Banks will need to walk a tightrope between appropriate protection and frictionless authentication to ensure their response is suitable for the mobile-first consumer.
2. Credential stuffing epidemic will lead to multiple high-profile data breaches for banks
We predict that banks will see a continued assault as fraudsters seek to carry out mass credential stuffing attacks using bots, in order to mine breached accounts for sensitive personal data. These types of bot attacks are becoming increasingly sophisticated, incorporating “low and slow” bots that try and mimic human behavior to counteract the deployment of technologies like behavioral biometrics that differentiate between legitimate customers logging in and bots. In a very real sense, 2019 will be a year where the lines between network security, fraud, identity, and authentication issues become blurry.
3. Identity factories hit peak production levels, targeting banks and lenders with synthetic IDs
We may look back next year and crown 2019 as the year of “synthetic identities.” The disparity between the number of new identities added to the US credit system, compared to birth and immigration rates, is glaring and indicative of the push by fraudsters to create and harvest synthetic identities as an effective fraud vector. In our hunt for synthetic identities, we have seen an ~800 percent increase in suspicious identities since 2012, and this trend will certainly accelerate in 2019. This vector is tricky and will push organizations toward making technology investments that offer insight into the true digital identity of users, based on multiple connections and identity attributes seen for that user across the web, in a way that cannot be synthesized.
4. The AI Arms Race will Hit Global Fraud Departments
With more pervasive and affordable AI, the arms race is on! And it’s the banking sector that is leading the charge to deploy machine learning and AI to better detect anomalies from legitimate customer behavior indicative of fraud. It turns out, however, that the fraudsters are also deploying artificial intelligence to launch sophisticated fraud attacks. So, 2019 will be the year where banks double down on machine learning technology and evolve models to this newest twist in the threat landscape. Doing so is crucial in ensuring maximum protection of their customers’ accounts with the lowest intervention rates, ensuring a digital and mobile banking experience that is both friction and fraud-free.