1. Police will need new legislation to make prosecution viable
The longer that crimes committed with card details purchased on the dark web go unpunished, the more incentive there is for people to participate. It’s already the most common crime in the UK, with an estimated 2.3 million incidents in 2015-2016.
There needs to be a way for businesses to report these crimes to police and have offenders face the consequences of what is, unambiguously, the crime of theft. This will require not just legislation but determination on the part of the legal authorities to act.
2. Account takeover will rival card fraud for frequency
The typical source of cybercrime is credit card details bought on the dark web with Bitcoins, and it will continue to be so. However we are now seeing the emergence of widespread account takeovers focused at the weak points of security – often user passwords. Details are cheap to buy, the takeover is relatively simple to execute, and the rewards can be rich.
>See also: The evolving face of cybercrime
3. Data breaches will target passwords as much as credit cards
While credit cards details will remain the top target for breaches, the login details to popular services – username and password combinations that can be tried in multiple environments – are increasingly valuable, especially as credit card checks toughen up.
4. The growth in payment options will increase the fraud opportunity
Android Pay, Apple Pay, PayPal – no individual payment scheme thinks seriously about security when they launch. The plethora of payment choices results in complexity for a merchant’s payment processing, often leading to opportunities for something to go wrong. While no one wants to slow the emergence of alternative ways to pay, they do need to be considered in the aggregate rather than as discrete services.
5. Declined good payments will increase as systems struggle to cope with fraud volumes
Most of the world’s transactions are still being screened for fraud by a combination of rules and manual review. These processes are struggling to cope with the volume and the sophistication of the fraud threat that is out there. 2017 will see the continued transition to more scalable methods of managing fraud, but the cost while that happens is the frustration of increased declines of good transactions.
6. Companies will fail specifically due to fraud threat
Some companies in high-risk industries will cease trading specifically due to their inability to manage the volume of fraud that they are seeing. This will either be because of losses to fraud or because their merchant accounts are suspended.
7. Manual review of transactions rapidly decline
It’s a surprising fact that human analysts undertake the majority of high-risk transaction reviews at merchant level. Human insight is a vital tool in the battle with crime, but the actual review of transactions at anything approaching a scaled-up business is difficult to support. 2017 will see the transition of that activity into the creation, correction and maintenance of algorithms that will automate the approval process.
>See also: 11 trends that will dominate cyber security in 2016
8. Fraud detection algorithms will need to broaden their horizons
Algorithms, or more likely combinations of algorithms, will need to cope with the threats that merchants face. Customers and orders will need to be assessed not just for a single threat vector (e.g. card crime) but also whether there is a risk of account takeover or a breach of some policy that the business has in place. An analyst’s instinctive feel that something is ‘wrong’ with an order is a challenge to replicate, but one that data science needs to work hard to do so.
9. Social media will become an increased focus for criminals and detection
Both cybercriminals and fraud detection tools will increase their usage of social media. Fraudsters will use social media for reconnaissance and identity theft. Fraud detection tools would leverage social media to prove an online identity. Following BYOD, bring your own identity will grow as people use their private accounts in multiple sites, making social media attacks even more popular
10. The rise of the AI fraud attacks
As criminals become more organised we will start to see the rise of services whose purpose is to trawl the web in search of vulnerabilities. The level of technical skill required and the relative cost of computing power has limited the extent that artificial intelligence (AI) has been used by criminals. But bot attacks will evolve and become hard to differ from ‘normal’ human activity, which in turn will require more sophisticated approaches to detect and prevent these attacks.
Sourced from Gerry Carr, CMO, Ravelin