Online Security: RSA Report Shows Increasing Card Fraud

RSA has just launched its Q3 Fraud Report, which found that there were increases in comprised credit card activity and the average value of fraudulent transitions. Fraudulent activity is expected to climb further in these areas across Q4 in anticipation of Black Friday/Christmas shopping.

The report, which represents a snapshot of the cyber fraud environment between July 1 and September 30 2018, found that:

• RSA recovered nearly 5.5 million unique compromised cards in Q3, an 8% increase from the Q2.
• In Europe, the average value of a fraudulent transaction was $420, a 90% difference than the average genuine transaction and a 7% increase in the average fraud transaction value.  
• 57% of card-not-present fraud transactions originated from trusted accounts with new devices, indicating an increase in password-guessing attacks from the same device across multiple merchants.
• Online banking fraud attacks originating from a trusted account and device decreased to 15% in Q3 (from 27% in Q2), indicating a decrease in fraud attacks by financial malware.

It also found that phishing scams were the most prolific tactic for scammers, accounting for 50% of all fraud attacks observed by RSA in Q3 and a 70% increase from Q2.

The report states that it isn’t unusual to see such a steep rise in the volume of phishing during the third quarter. Fraudsters are usually more active now as they will be seeking to harvest fresh credential to commit fraud during holiday shopping periods, such as Black Friday and Cyber Monday.

Another type of scam the report warns about is vishing, or voice phishing – an attack where fraudsters use phones to misrepresent their authority or affiliation, hoping that victims will reveal credentials or other personal information. Although vishing only accounts for nearly 1% of total phishing attacks, it remains a threat due to its evolution through ‘SEO poisoning’.

By seeding false information and phone numbers throughout legitimate webpages, social media posts, online help forums and media comment sections, they can actually get victims to call them or give up their information willingly over the internet without being cold called.

Other Key stats from the report include:

• 9,329 rogue apps were detected, accounting for one-quarter of all fraud attacks in Q3.
• Fraud from mobile browsers and mobile applications increased in Q3 2018 and represented 73% of total fraud transactions. Year-over-year, fraud from mobile applications increased 27%.