Pandey says ThreatMetrix sees a lot of fraud being committed with accounts that have five or even six years of credit history and a big credit file. Even victims who regularly check their credit reports may not pick up on the fraud, as the criminals take care not to damage their victims' credit ratings until the accounts mature.
"Due to its surge in popularity, and fast transaction cycles, online lending has become a prime target for cybercriminals," she says. "Online lenders are under increasing pressure to adopt smarter authentication methods that leverage real-time, behavior-based intelligence to accelerate genuine loans and prevent fraud. This is the only way to thrive in an increasingly competitive market."
Developing countries becoming bigger players in online fraud game
This type of fraud isn't limited to the U.S. and other developed nations. ThreatMetrix says it has seen this type of fraud originating in developing countries including Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia. ThreatMetrix also reports a significant increase in attacks, particularly identity spoofing attacks, from emerging economies including Tunisia, Ukraine, Malaysia, Bangladesh, Pakistan, Serbia, Morocco, Guadeloupe, Qatar and Cuba.
"The fact that developing nations are becoming bigger players in the online fraud game demonstrates the spread of breached identity data to countries across the globe," Pandey says. "One in four transactions on our network is now cross-border, illustrating a global village economy that's continuing to take root. Global data breaches are making stolen identity data globally available via the dark web, and this information is traded by organized and networked crime rings."
How to keep the online digital world safe
With cybercriminals becoming more ambitious and more sophisticated, Pandey says it's becoming clear that text-based authentication needs to be deprecated. In fact, she says, any static information used for authentication that must be stored by a company is susceptible to a data breach and therefore an outdated way of thinking about secure authentication, identity verification and fraud prevention.
"It is becoming increasingly clear that the only true way to keep the online digital world safe and secure, (and processing transactions in the manner that technology-savvy consumers expect), is by analyzing the digital identity of every online user, an identity that is built on dynamic, shared intelligence harnessed from sources far wider than the individual companies a user transacts with," the ThreatMetrix report says.
Behavioral analytics and machine learning are the keys to making this work.
"It is only by using this holistic, crowdsourced approach to digital identities that companies can be more confident of accurately differentiating fraudsters from genuine customers," the report concludes. "In the case of Yahoo, the cookies might have been forged, but the online footprint of those fraudsters would have been markedly different to the genuine users, and it is up to Yahoo to be able to detect that in order to protect sensitive customer data."