Online fraud research
Modern technologies such as EMV, 3D-Secure, fingerprint scanning were designed to secure payments and, if not eliminated, then significantly reduce the number of illegal card transactions. But, as studies show, these measures provide only temporary "relief", because fraudsters quickly find new ways to cheat. So, for example, active efforts to introduce fraud detection and countering systems (FDP) of some major airlines have significantly reduced the number of fraudulent operations, but the criminals immediately turned their attention to other weaknesses in the system. A similar situation is observed in almost all areas. Despite the introduction of new standards and the efforts of information security services, reports of theft of funds appear regularly, and, according to experts, the situation will not change in the coming years. In contrast, Juniper Research analysts predict an increase in online fraud, which by 2020, they estimate, will reach $ 25.6 billion.73% of financial companies report that they were subject to attacks or became victims of a card fraud in 2015. Over the past 10 years, such a large percentage was observed only once, in 2009. Since then, the proportion of organizations suffering from the actions of fraudsters has gradually decreased. But in 2015 there was a sharp jump, and the number of deceived rose immediately by 9%, to 73%.
We at PayOnline, being a processing company, are proud that the percentage of fraud transactions with us over the past 6 months is as follows:
- by the number of transactions: less than 0.05%
- total: less than 0.1%
And this is despite the fact that the conversion of terrain payments remains consistently at a height.
Data AFP (Association for Financial Professionals)
')
The amount of stolen funds grew every year. So, 5 years ago, losses from the card fraud all over the world barely reached $ 10 billion, but in 2014 the amount exceeded $ 16 billion.
The Nilson Report
At the same time, the size of the company did not matter much; they attacked both medium-sized companies with annual revenues of up to $ 1 billion and large corporations with revenues of $ 1 billion or more. But the number of accounts of the organization has influenced the choice of scammers. Companies whose cash flows were split into a larger number of settlement accounts (100 or more) were attacked much less frequently.
Data Association for Financial Professionals
The main areas of online fraud activities are e-commerce (according to Juniper Research, by 2020 the volume of illegal operations in e-commerce will reach $ 16.6 billion), banking operations (6.9 billion dollars by 2020) and tourism (1 , 5 billion US dollars).
Business Email Compromise
BEC attack
The attack, dubbed BEC (Business Email Compromise), is aimed at a wide variety of companies around the world - from large corporations to small businesses and non-profit organizations.
The attackers, having previously collected all kinds of information about the victim and her partnerships, imitate the correspondence of business partners. In the message, introducing themselves as financial or general directors, fraudsters report a change in the bank and account number for payment transfers. According to experts, fakes look very believable. Since 2013, the total amount of damage has already exceeded $ 2.3 billion.
The attackers, having previously collected all kinds of information about the victim and her partnerships, imitate the correspondence of business partners. In the message, introducing themselves as financial or general directors, fraudsters report a change in the bank and account number for payment transfers. According to experts, fakes look very believable. Since 2013, the total amount of damage has already exceeded $ 2.3 billion.
BEC is a relatively new type of fraud for financial companies. Despite the fact that financial security experts are well aware of email-phishing and are doing everything possible to prevent theft, more and more companies are suffering from the hands of BEC scammers. According to the FBI, from October 2013 to February 2016, more than 17.5 thousand companies from 79 countries of the world applied to law enforcement agencies for theft of funds. The average losses of the company from a successful attack range from $ 25 thousand to $ 75 thousand. The total amount of damage for the entire period exceeded $ 2.3 billion. And the total number of incidents has increased by 270% since January last year.
A significant increase in the number of successful BEC attacks may indicate that preventing this type of fraud is much more difficult than previously thought, because the main tool of a fraudster in this case is information about the victim company, often public, which is freely available. At the same time, only 45% of organizations worldwide are confident that their information security systems are able to counteract modern cyber threats.
In 2015, the majority of finance professionals (64%) reported that they had been subjected to a BEC attack. The victims of fraudsters often become large companies with an annual income of at least $ 1 billion.
Data Association for Financial Professionals
56% of companies caught on the bait, transferred funds through electronic payment systems. 29% used checks. The next most popular means of payment were credit cards and ACH (Automated Clearing House), an electronic payment network that combines various regional electronic interbank systems, designed for mutual settlements between individuals, enterprises, financial institutions and government organizations.
Data Association for Financial Professionals
Source: https://habr.com/ru/post/394367/
All Articles