Professional Documents
Culture Documents
Fraud Payments Report Q1 2021
Fraud Payments Report Q1 2021
Fraud Attack Type Distribution 05 EMV 3DS v2.x Mobile App Transaction Trend 14
Top Phishing Target Countries 06 Global 3DS v2.x Transaction Volumes Trend 15
Overview 16
Executive Summary
• In 2020 Outseer identified over 195,000 global cyber attacks
• Cybercriminals exploiting the pandemic made Brand Abuse attacks the
The Outseer
fastest growingFraud & Payments
attack vector this Report presents
year, almost an analysis
doubling from 14%ofinfraud
2019
to 27% of
attack allconsumer
and attacks in 2020
fraud(See
dataFeature Article:
collected 2020
by the - The Year
Outseer teamof in
Brand
the
Abuse)
course of work identifying threats for Outseer customers. As such, it
• Phishingaattacks
provides glimpsecontinued
into theto be the
cyber predominant
fraud attack
landscape for vector, representing
consumer-facing
42% of all attacks;
organizations of all sizes and types.
• South Africa experienced the highest attack rate increase of phishing
attacks in 2020 (35%)
• The United States was the top hosting country for phishing attacks, with 74%
of attacks originating there
Executive Summary • The volume of 3DS eCommerce transactions analyzed by Outseer increased
by 73% in 2020 from the previous year
• The number of fraudulent payment transactions increased by 8%; the value
The Outseer Fraud & Payments Report presents an analysis of fraud attack of fraudulent chargeback transactions increased by 94% YTY
and consumer fraud data collected by the Outseer team in the course
• The portion of mobile vs web transactions increased by 43% in Q4 compared
of work identifying threats for Outseer customers. As such, it provides a
to the same quarter last year
glimpse into the cyber fraud landscape for consumer-facing organizations
• The share of 3DS 2.x transactions increased dramatically across all
of all sizes and types.
geographies, especially in Americas where it grew from 1% in Q1 to 26% in
Q4. Support for mobile apps in 3DS 2.x is fueling increased adoption of the
protocol to authenticate transactions in this fast-growing area.
Trojan Horse
Stealthy malware installed under false pretenses, attempting to
stealth personal user information.
27% 23%
Brand Abuse Rogue Mobile
Apps
51,762
BRAND ABUSE ATTACKS
8% WERE DETECTED IN 2020,
Trojan Horse 40% INCREASE THAN 2019
42%
Phishing
5% Slovakia
Sweden
Finland
Iceland
Denmark
CANADA
62% United Kingdom
Russian Federation
EMEA
IRELAND
1% TURKEY
NORTH
Poland
Belgium
Germany 1%
AMERICA
Luxembourg Ukraine
France Kazakhstan
SPAIN Switzerland
5%
APAC
INDIA Republic of Korea
CHINA
5% 2%
Gibraltar Lebanon
UNITED STATES Italy Greece Israel
7%
Czech Republic
Bermuda Qatar Japan
Austria
Macau
Cyprus
Haiti Taiwan
Saudia Hong Kong
MEXICO Dominican Republic Slovenia Arabia Myanmar
Puerto Rico
PHILIPPINES
1% Jamaica Barbados
Trinidad and Tobago
Venezuela Nigeria
Kuwait Bangladesh
Vietnam
Philippines
3%
ALL OTHERS United Arab Emirates Thailand Brunei Darussalam
1%
Colombia
Singapore
LATAM
PERU Brazil Pacific Ocean
1%
Indonesia
Peru Mozambique
growth, South Africa had the highest increase of phishing attacks, with
the highest number in Q4. This increase may well be related to the large
breach announced by Experian in August 2020, affecting 24 million South
Africans and almost 800 local businesses.1 At 7%, the United States was
second in line in 2020, replacing Spain. Spain, Netherlands, India and
South Africa each had 5% of all phishing attacks in 2020. Chile, Australia,
Peru and Ireland joined the list in 2020.
Hosting Countries
2 China 7 Canada
3 Germany 8 France
Phishing Hosts
As it has since 2017, when Outseer started publishing this report, the United States continues to be the top hosting country for phishing
attacks, accounting for 74% of ISPs hosting these types of attacks. This is largely attributable to a handful of large-scale hosting
authorities, whose sheer magnitude makes it easy for fraudulent activity to go undetected. China, consistently hosting under 2% of
phishing attacks since 2017, increased to 7% in 2020. For most of the other countries in the top ten, the percentage for hosting phishing
attacks is in the low single digits.
27% 20%
59% 46% 43%
21% 21% 21% 21% 22% 21% 21% 35% 32% 26%
25% 26% 27% 33% 24% 13%
31% 36% 49% 43%
45% 45% 44% 45% 44% 44% 45% 50% 47% 45% 44% 37%
8%
32% 35% 29% 27% 30%
28% 57% 62% 28% 28% 31% 33% 43%
24%
2017 2018 2018 2018 2018 2019 2019 2019 2019 2020 2020 2020 2020 2017 2018 2018 2018 2018 2019 2019 2019 2019 2020 2020 2020 2020
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
Web Mobile Browser Mobile App Web Mobile Browser Mobile App
2020 saw several changes in transaction behaviors as the pandemic forced many to work from home and The share of fraud originating in the mobile channel continued to decrease in Q4 2020. The distribution
altered the way businesses and users interact. Continuing the upward trend observed throughout the year, of fraud within the mobile channel, however, shifted throughout 2020. For example, in Q4 the portion of
in the fourth quarter mobile browsers and mobile applications accounted for 76% of overall transactions fraud from mobile apps more than tripled relative to the same quarter in 2019. This shift corresponds
observed by Outseer, reflecting a 21% increase from the previous quarter. Clearly the pandemic drove with wider deployment and use of mobile apps – and the response from fraudsters who quickly adapt
wider deployment of mobile applications and growth in mobile transactions.* and follow the money.*
*Outseer modified its data collection process in Q4; future reports will closely monitor results to understand the impact
on previous results as well as trends going forward.
Outseer Fraud & Payments Report: Q1 2021 9
Consumer Fraud Trends: Q4 2020
Average Credit Card Transaction and Fraud Transaction Values
(E-Commerce, by Region)
$385
$163 Americas had the smallest difference between the value of genuine and fraudulent
credit-card transactions. The average fraud transaction value was slightly over 2x that
of genuine transactions in EU; it was 2.6 times in Australia/New Zealand. It is worth
$149 noting that although genuine transaction values overall did not change significantly
$141
$135 over the year in any of the geographies, the average fraud transaction value was more
than double the value of genuine transaction in EU and Australia during all of 2020.
The average value of fraudulent payment transactions in the mobile channel increased
significantly throughout 2020; in fact, in 4Q 2020 it was over 4x the average value in 4Q
2019, increasing from $480
to $1,981.
“Device Age” refers to how long the Outseer Fraud Platform has “known”
E-COMMERCE PAYMENT ONLINE BANKING LOGIN ONLINE BANKING PAYMENT
or “trusted” a given device (laptop, smartphone, etc.). “Account Age” refers
to how long the Outseer Fraud Platform has “known” or “trusted” a given
account (login, etc.). This data demonstrates the importance of accurate
device identification to minimize false positives and customer friction
during a login or transaction event.
67.2%
37.0
64.9% 65.6%
E-Commerce
56.7%
In Q4 2020 67% of fraud transaction value originated from a new device but 49.5% 12.0
49.2%
trusted account. After a 10% increase in Q3, this reflects a small but upward
change from the previous quarter, continuing the trend of account takeover 35.7%
activity being a preferred attack vector.
Fraud from logins from new devices or new accounts was down 3.8
14%
significantly in 4Q; this was a reveOutseerl from all other quarters 19.5
11.7% 11.4%
4.1
12.6%
transaction values. While 11% of logins were accessed from a combination 4.7%
4.8
of a new device but trusted account in Q4, they resulted in 66% of fraud 2.5
1.5% .3% 32.0
0.4% .6% 0.4% 32.0
.1% 1.4%
transaction values, a sharp increase from previous quarters. While this
New Account/ Trusted Account/ Trusted Account/ New Account/ Trusted Account/ Trusted Account/ New Account/ Trusted Account/ Trusted Account/
could be a result of increased account takeover, these deviations will be New Device Trusted Device New Device New Device Trusted Device New Device New Device Trusted Device New Device
tracked in future reports to validate possible trends and causes.
4,000,000
Analysis
In 2020 Outseer recovered over 23 million unique
compromised cards and card previews from
3,000,000 online credit card stores and fraud communication
channels, with 4,341,559 in 4Q alone. Outseer™
FraudAction service collects CVV2-related
data, which is card data compromised through
cyber attacks targeting online transactions or
2,000,000
e-commerce. This type of compromised card
1,843,693 data can be used for a variety of fraudulent
1,601,044 activities, including “carding,” which refers to using
compromised cards to buy goods both in physical
1,000,000 stores and on e-commerce websites.
896,822
0
OCTOBER NOVEMBER DECEMBER
Browsers App
94% 94%
100%
82%
80%
75%
50%
20% 18%
25%
6% 7%
0%
March 2020 September 2020 January 2021 February 2021
14%
15%
26
10%
%
9%
10%
7%
6%
4%
of Americas’ 3DS 4%
5%
3%
transactions were 3DS v2.x
transactions in Q4, up from 1% 0%
1% in Q1. 0%
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
Overview
2020 will be remembered as the year when how we do nearly themselves. In fact, 2020 might also be remembered as the year Hovering at 14-16% of total
everything changed; from the way we work, educate, exercise and that Brand Abuse became a major attack vector. Fraudsters flocked
socialize to how we shop, what we buy and even where we bank. In to perpetrating Brand Abuse on the web, in mobile channels, on attacks since 2017, Brand
fact, total eCommerce sales in 2020 jumped 32% over the previous social media platforms and via email, voicemail and text messages
at unprecedented rates. A prominent example of Brand Abuse
Abuse detected by Outseer
year2. Businesses also transformed throughout 2020, accelerating
nearly doubled
their digital transformations through broader use of digital platforms involved cybercriminals hacking into a verified Twitter account and
such as social media, web and cloud-based collaboration tools to made to look like Elon Musk’s account. The tweet encouraged users
better engage with employees, customers, and partners alike. Always to deposit bitcoin to a fraudulent account. Within hours of being
looking to exploit new attack vectors and vulnerabilities, fraudsters posted, the bogus tweet led to the collection of more than $150,000
also adapted their targets and methods throughout the year. They worth of bitcoin.3 in 2020 as it exceeded more than a quarter
embraced the same digital platforms to attack businesses, their VIPs, of all attacks.
and their customers – as well as to collaborate and trade amongst
$1.7 billion
30%
27%
25%
20%
16% 16%
in 2019 alone4, with senior executive impersonations
15%
14%
at 150 companies in just 5 months5.
10%
5%
The negative impact and cost of Brand Abuse can be very high. Damage to company reputations can
0%
2017 2018 2019 2020 destroy customer trust, which can negatively impact performance. It takes years to build brand value
and customer loyalty, which can be lost in a matter of days. In addition, the disruptions of managing a
brand crisis can overwhelm legal, communications, marketing and support functions.
Another type of Brand Abuse is VIP impersonation which often leads to Business Email Compromise
(BEC), where fraudsters impersonate a VIP’s email credentials to trick a victim into sending money.
In many of these cases, criminals create fake email server domains and social media profiles to
convince victims of the validity of the request.
b. Social media is also used to sell stolen credentials, IP, PII as well as other assets such
as stolen credit cards. Keep an eye on fraud forums to ensure your company’s data isn’t
Phishing Atttacks 2020 compromised.
c. Employees can inadvertently put your brand at risk. Monitor employee use of social media
27,054 to make sure employees’ posts aren’t creating legal, reputation or compliance risks for your
organization.
20,373 20,089
Monitor Authorized and Unauthorized Mobile App Stores
14,672 4%
a. Fake apps masquerading in your company’s brand can swindle your customers and steal
credentials and personal information. Monitor authorized and unauthorized app stores
and work with app stores to ensure your organization is part of their vetting process when
onboarding new apps involving your brand.
Q1 Q2 Q3 Q4
b. Be on the lookout for apps from 3rd party stores, where app validation processes may be
lacking.
c. It is important to quickly identify false or copied apps, as well as those infected with
malware. Use automated tools or services to detect any apps using your name.
b. Develop and test takedown processes so they are ready to deploy when needed. Consider
partnering with a proven takedown service that has established processes and partnerships
to swiftly take down
the malicious apps.
1 South African Risk Business Center (SABRIC) ©2021 RSA Security LLC or its affiliates. All rights reserved. RSA and the RSA logo are registered
2 https://www.businessinsider.com/ecommerce-helped-retail-2020-consumers-adopted-online-shopping-2021-2 trademarks or trademarks of RSA Security LLC or its affiliates in the United States and other
3 https://qz.com/1451226/a-twitter-account-impersonating-elon-musk-collected-over-150000/) countries. All other trademarks are the property of their respective owners. RSA believes the
4 The Federal Bureau of Investigation (FBI) has released the Internet Crime Complaint Center (IC3) “2019 Internet Crime Report.” information in this document is accurate. The information is subject to change without notice.
5 BEC gone Wild”, Forbes, September 2020 Published in the USA. 3/21 W444280
20