Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Digital Fraud Jumps Dramatically Due to COVID-19 Pandemic, Increased E-Commerce and Digital Banking Traffic

Wednesday, February 3, 2021

Categories: ASCF News National Preparedness Cyber Security

Comments: 0

While one might reasonably infer on their own that digital fraud is on the rise due to the pandemic conditions, a new report from fraud detection firm DataVisor breaks down the current trends and finds a confluence of causes. Mass moves to online work and shopping due to safety and movement restrictions are certainly part of the picture, but criminals are also rapidly developing sophisticated new techniques to take advantage of a more general and long-term shift to handling matters of both personal finance and business online.

Digital fraud spiking on social media, jailbroken mobile devices

The report observes three major factors driving the present jump in digital fraud attempts: a significant shift from offline to online transactions in retail sales (4% in the first two quarters of 2020), the widespread turn to remote work (and schooling) that was done so rapidly that security holes inevitably developed, and a longer-term shift to mobile device usage for shopping and banking that continued during this period.

Financial services, e-commerce and travel platforms all saw tremendous spikes in digital fraud activity during various portions of 2020, and there was consistent growth across all of these verticals in terms of event volume. However, the steadiest growth in digital fraud rates in 2020 was seen on social media platforms.

Digital fraud on financial platforms is something of a unique pattern. This is the only vertical in which fraud rates started high in March of 2020 but then substantially declined through the rest of the year. Additionally, the vast majority (79 to 90%) of this activity consists of account takeover attempts. New account fraud and transaction fraud had some spikes in activity throughout the year, but have overall been substantially lower than attempts to obtain banking credentials or find some other backdoor into an existing account.

Though social media is being heavily targeted and mobile devices are playing a growing role in digital fraud attempts, the bulk of these attempts (a little over 50%) are still coming from Windows computers. The fraud rate among all desktop computer users is at 7.4%, while it remains at only 0.5% for users of mobile operating systems. This stands to reason as computers provide criminals with more powerful tools for perpetrating schemes. However, the report estimates that the rates of fraudulent user accounts operating on the web are more balanced — 34% from computer web browsers versus 26% from mobile browsers.

That accounts for the major social and economic trends contributing to the present jump in digital fraud, but it is not the full fraud risk picture. Criminals have also been developing (and making use of) more sophisticated identity fraud techniques as of late. These new attacks are overwhelmingly aimed at “rooted” or “jailbroken” mobile devices; one of these devices is 22 times more likely to be the source of a fraud attempt than any other category. For criminals, the primary appeal of this attack is to be able to “spoof” a physical device to obtain all the permissions and personally identifiable information that it would normally have if held in the hand (such as passing device fingerprinting checks and the ability to intercept calls and messages). 10% of the initial wave of financial fraud in March 2020 came from devices such as these. When criminals compromise one of these unlocked devices, they can run a special emulator that essentially creates a virtual clone of the device that can be used in nearly all of the same ways.

Fighting digital fraud

What can organizations do to stop these emerging digital fraud techniques and head off data breaches? The report finds that “reputation score” fraud detection systems, or those that assign a value to accounts based on previous indicators of questionable activity, have limited utility in modern settings and are only catching about 4% to 6% of financial fraud. A more useful tool for fraud prevention in e-commerce is software that scans for “profile re-use” elements, given that some 40% of accounts that commit digital fraud re-use some piece of contact information such as an email address or phone number.

The report also finds that 100% of fraudulent accounts are making use of automation or machine learning at some point in executing financial crimes. Most often this is the use of bots to do things like automate multiple attempts at new account creation or coordinate attacks that involve multiple devices. The report finds that anywhere from 55% to 90% of new accounts created for the purpose of digital fraud were done so with some sort of automated scripting. With financial institutions that have stronger-than-usual identity verification elements for the creation of new accounts (such as banks and investment brokers), 10% of the fraudulent accounts were created by a spoofed or emulated device. CAPTCHAS still provide strong protection against these scripting elements, but are not perfect; 2% of fraudulent accounts were found to have beaten a CAPTCHA, and the systems tend to have an 8% false positive rate which jumps to 29% when they are case-sensitive.

Photo: Digital Fraud Jumps Dramatically Due to COVID-19 Pandemic, Increased E-Commerce and Digital Banking Traffic

Link: Digital Fraud Jumps Dramatically Due to COVID-19 Pandemic, Increased E-Commerce and Digital Banking Traffic - CPO Magazine

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.