Brazil becomes a hotbed of financial cybercrime

Register now

The spread of breached identity information has resulted in an outbreak of new account creation fraud with a new ground zero for the crimes pointing right at Latin America.

Developing economies are emerging as epicenters for global cybercrime expansion, with Brazil being in the top five attacking nations during the first quarter of the year. Those attacks center on neighboring countries such as Argentina and Colombia and spread into key digital economy areas in the U.S. and U.K.

One-quarter of all account registrations from Latin America is being rejected as fraudulent, according to the first-quarter cybercrime report from ThreatMetrix. The stolen and synthesized identities are being used to attack the growing Latin America e-commerce market, as well as major global American retail corporations.

It was a busy quarter for San Jose, Calif.-based ThreatMetrix, as it says it detected and stopped 210 million cyberattacks in real time, a 62% year-over-year increase. In addition, the company's digital identity network spotted a record 1 billion bot attacks, many originating from Egypt, South Korea, Ecuador, Ukraine and Vietnam.

"We used to see 300 million bot attacks or so, and people's eyes would just roll back in disbelief," said Vanita Pandey, vice president of product marketing and strategy at ThreatMetrix. "Now we are seeing 1 billion and that is just a matter of criminals constantly testing their attacks."

Those bot attacks manifest themselves in some cases as phony representation of popular media sites, those in which consumers spend only $8 to $10 a month for digital content.

"While $10 a month may not seem like much, it is a lot of money in South America or India, and they will create a bot to create a fake account in offering these services," Pandey said. "And then they just take the money."

Stolen data is at the root of all attacks, providing a gold mine for criminals to open new accounts or takeover current accounts.

To combat this, digital businesses must embrace "360-degree identity insights that would stitch together both offline and online attributes to confirm users really are who they say they are," Pandey added.

Payment processors are increasingly becoming targets as well, in part because they offer many value-added services for clients, thus they hold more customer information and data in addition to transaction information.

Transaction volume among payment processors in the ThreatMetrix digital identity network grew to 361 million in the past quarter, with 43% coming from mobile devices. More than 50% of transactions among payment processors are cross-border, which averages 30% more attacks than domestic transactions, the report said.

Even though the first quarter of a new year represents a post-holiday lull in e-commerce traffic, the overall attack levels online remained high with almost 150 million rejected transactions, the report said. It represented an 88% increase in fraud attacks over the previous year's first quarter.

E-commerce sites were hit with 820 million bot attacks and, on average, the attack rates were 10 times higher than attacks on financial services transactions.

As a result, the overall attack rates for account logins and new account creations have steadily grown in the e-commerce sector, with fraudsters targeting account takeovers to access sensitive personal credentials and saved credit cards.

Specifically, fraudulent new account registrations increased more than 30% over the previous year, as fraudsters used the relatively modest sign up requirements of e-commerce vendors as a breeding ground to test stolen identity credentials. And these tests often serve as a gateway to further attacks in other industries.

Considering how much stolen data is circulating from high-profile breaches, many consumers who haven't experienced a problem yet may face one in the future.

"We have heard instances of accounts being created that lay dormant for more than a year as they are using the data to create an account, and then when the initial flurry (of the breach) has blown over, they go back and activate that account and attack with it," said Rebekah Moody, product marketing director at ThreatMetrix.

The data can be used for years to come, Moody said. "It may be better to use it when it is fresh because it is easier to validate, but the opportunity remains to immediately open an account and let it sit dormant for a long time," she added.

While Vietnam has topped the list of locations in which cybercrime most often originates, it is not unusual for the hot spots of fraud to move around the globe.

"In the cyber world, you don't have to be in a certain place to commit the fraud," Pandey said. "They just need the perfect data set, which is global and readily available, and they don't have to just rob the 'house' down on the corner, they have global information to work with."

At this point in the digital age, it doesn't take much to set up a cybercrime shop, Pandey added.

"The tools are there, almost like cybercrime in a box, and anyone can assemble it," she said. "A small town in Romania has been found to be the center of cybercrime, so it can happen anywhere."

For reprint and licensing requests for this article, click here.
Cyber attacks Cyber security Online payments Brazil