LexisNexis® Risk Solutions releases its biannual Cybercrime Report, which tracks global cybercrime activity from January 2020 through June 2020. The report dives deep into how the COVID-19 pandemic has impacted the global digital economy, regional economies, industries, businesses and consumer behaviour.

The period has seen strong transaction volume growth compared to 2019 but an overall decline in global attack volume. This is likely linked to growth in genuine customer activity due to changing consumer habits.

Mobile device transactions

The LexisNexis Risk Solutions Cybercrime Report analyses data from more than 22.5 billion transactions processed by the LexisNexis® Digital Identity Network®, a 37% growth year over year. Mobile device transactions also continue to rise, with 66% of all transactions coming from mobile devices in the first half of 2020, up from 20% in early 2015. The Digital Identity Network® also notes an uptick in transactions from new devices and new digital identities.

They attribute this to many new-to-digital consumers moving online to procure goods and services that were no longer available in person or harder to access via a physical store, during the pandemic. The Europe, Middle East and Africa region (EMEA) saw lower overall attack rates in comparison to most other global regions from January through June 2020. This is due to a high volume of trusted login transactions across relatively mature mobile apps.

Financial services organisations

The attack patterns in EMEA were also more benign and had less volatility and fewer spikes in attack rates

The attack patterns in EMEA were also more benign and had less volatility and fewer spikes in attack rates. However, there are some notable exceptions. Desktop transactions conducted from EMEA had a higher attack rate than the global average and automated bot attack volume grew 45% year over year.

The United Kingdom (U.K.) is also a particular pain point. The U.K. originates the highest volume of human-initiated cyber-attacks in EMEA, with Germany and France second and third in the region. The U.K. is also the second largest contributor to global bot attacks behind the U.S. One example of a U.K. banking fraud network saw more than $17 million USD exposed to fraud across 10 financial services organisations. This network alone consisted of 7,800 devices, 5,200 email addresses and 1,000 telephone numbers.

Human-initiated attack rate

Additional Key Findings from the LexisNexis Risk Solutions Cybercrime Report:

Decline in attack rate – The overall human-initiated attack rate across the Digital Identity Network fell through the first half of 2020, showing a 33% decline year over year. The breakdown by sector shows a 23% decline in financial services and a 55% decline in e-commerce attack rates.

Latin America experienced the highest attack rates of all regions globally and realised consistent growth in attack rates from March to June 2020. The attack patterns in North America and EMEA had less volatility and fewer spikes in attack rates from the six-month period observed.

Providing additional context

Financial services organisations experienced a surge in automated bot attacks

Attack Vector Global View - Media is the only industry that recorded an overall year over year growth in human-initiated cyber-attacks. The Digital Identity Network recorded the 3% increase solely across mobile browser transactions. Globally, automated bots remain a key attack vector in the Digital Identity Network. Financial services organisations experienced a surge in automated bot attacks and continue to experience more bot attacks than any other industry.

Across the Customer Journey - New account creations see attacks at a higher rate than any other transaction type in the online customer journey. However, the largest volume of attacks targets online payments. Login transactions have seen the biggest drop in attack rate in comparison to other use cases. Analysis across new customer touchpoints in the online journey is included in this report for the first time, providing additional context on key points of risk such as money transfers and password resets.

Changing geographical footprint

During COVID-19 - All industries have felt the impact of COVID-19. There are clear peaks and troughs in transaction volumes coinciding with global lockdown periods. Financial services organisations realised a growth in new-to-digital banking users, a changing geographical footprint from previously well-travelled consumers and a reduction in the number of devices used per customer.

There have also been several attacks targeting banks offering COVID-19-related loans. E-commerce merchants have seen an increase in digital payments and several other key attack typologies that coincide with the lockdown period. These included account takeover attacks using identity spoofing and more first-party chargeback fraud.

Detecting the full spectrum

The move to digital, for both businesses and consumers, has been significant"

This is the first LexisNexis Risk Solutions Cybercrime Report to include data on the new reality of conducting business during a pandemic,” said Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions. “The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry.”

We need to ensure that all consumers, especially those who might be new to digital, are protected. Businesses must arm themselves with a layered defence that can detect the full spectrum of possible attacks and is future-proofed against evolving threats.”

Global digital economy

While the face of cybercrime will continue to re-shape to fit the growing global digital economy, the ability for businesses to reliably recognise good, trusted customers must remain constant,” added Dr. Stephen Topliss, vice president of fraud and identity at LexisNexis Risk Solutions.

We must identify and block fraudsters – whether opportunists or highly networked fraud rings – the moment they transact and knowledge sharing must be as pivotal to global businesses as it is to the cybercriminals that attack them.”

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Why the touchless office is another argument for going passwordless
Why the touchless office is another argument for going passwordless

Security experts have discussed the demise of the passwords for years. As early as 2004, Bill Gates told the RSA Security Conference that passwords “just don’t meet the challenge for anything you really want to secure.” Change has been slow, but the sudden increase in remote working and the need for enterprises to become touchless as they try to encourage teams back to the office is increasing traction. Here we look at the future of passwordless authentication - using the example of trusted digital identities - and share tips on choosing a solution that works for your organisation. The move away from passwords was beginning to gain momentum pre-pandemic. Gartner reported an increase in clients asking for information on ‘passwordless’ solutions in 2019. Now Gartner predicts that 60% of large and global enterprises, and 90% of midsize enterprises, will put in place passwordless methods by 2022. This is up from 5% in 2018. The many limitations of passwords are well-documented, but the cost of data breaches may be the reason behind this sharp upswing. Stolen credentials – usually passwords – and phishing are the top two causes of data breaches according to the 2019 Verizon Data Breach Incident Report. Each breach costs businesses an average of anywhere between £4M to £8M depending on which studies you read. A catalyst for change As in so many other areas, the pandemic has been a catalyst for change. Newly remote workers using BYOD devices and home networks, sharing devices with other family members, and writing down passwords at home all make breaches more likely. And seasoned home workers represent a risk too.  It also means that enterprises are developing new procedures to mitigate the spread of disease. This includes a thorough examination of any activity that requires workers to touch surfaces. Entering passwords on shared keyboards or touchscreens falls squarely in this area of risk. As does handling physical smart cards or key fobs. Enterprises are expanding their searches from “passwordless” to “passwordless and touchless,” looking to replace physical authenticators. In the quest to go touchless these are items that can be easily eliminated. The future of passwordless authentication Using fingerprint or facial recognition often only provides a new front-end way to activate passwords Common alternatives to passwords are biometrics. But, using fingerprint or facial recognition often only provides a new front-end way to activate passwords. Passwords are still required for authentication after the biometric scan and these live in a central repository vulnerable to hackers. With one successful hack of the central repository, cyber-criminals can swipe thousands of details. In other words, biometrics on their own are not an improvement in security, only a better user experience. They need to be combined with a different approach that adds another layer of security. A more secure option is to move away from the centralised credential repository to a decentralised model. For example, one based on trusted digital identities. This is where digital certificates are stored on users’ phones. Think of encrypted digital certificates as virtual passports or ID cards that live on a worker’s device. Because they are stored on many separate phones, you are able to build a highly secure decentralised credential infrastructure. A solution that uses people’s phones is also compatible with touchless authentication systems. You can replace smart cards and key fobs with a phone-based security model and reduce the number of surfaces and items that people touch. This is especially beneficial for workplaces where people have to visit different sites, or for example in healthcare facilities. Replacing smartcards with a phone in a pocket reduces the number of items that clinicians need to take out and use a smartcard between and in different areas, which may have different contamination levels or disease control procedures. How do trusted digital identities work?   Workers unlock their mobile devices and access their trusted identity using fingerprint or facial recognition Here’s an example installation. You install a unique digital certificate on each user’s mobile device — this is their personal virtual ID card. Authorised users register themselves on their phones using automated onboarding tools. Workers unlock their mobile devices and access their trusted identity using fingerprint or facial recognition. Once they are authenticated, their device connects to their work computer via Bluetooth and automatically gives them access to the network and their applications with single sign on (SSO). This continues while their phone is in Bluetooth range of their workstation, a distance set by IT. When they leave their desk with their phone, they go out of range and they are automatically logged out of everything. Five tips on choosing a passwordless solution More automation means less disruption Consider how you can predict and eliminate unnecessary changeover disruptions. The task of onboarding large or widely dispersed employee populations can be a serious roadblock for many enterprises. Look for a solution that automates this process as much as possible. Scalability and your digital roadmap Will you maintain remote working? Having a high proportion of your team working remotely means that passwordless solutions will become more of a necessity. Are you expecting to grow or to add new cloud apps and broader connectivity with outside ecosystems? If so, you need password authentication that will scale easily. Encryption needs and regulatory requirements If your workers are accessing or sharing highly sensitive information or conducting high-value transactions, check that a solution meets all necessary regulatory requirements. The most secure passwordless platforms are from vendors whose solutions are approved for use by government authorities and are FIDO2-compliant. Prioritise decentralisation Common hacker strategies like credential stuffing and exploitation of re-used credentials rely on stealing centralised repositories of password and log-in data. If you decentralise your credentials, then these strategies aren’t viable. Make sure that your passwordless solution goes beyond the front-end, or the initial user log-in and gets rid of your central password repository entirely. Make it about productivity too Look for a solution that offers single sign on to streamline login processes and simplify omnichannel workflows. For workers, this means less friction, for the enterprise, it means optimal productivity. Security improvements, productivity gains and user goodwill all combine to form a compelling case for going passwordless. The additional consideration of mitigating disease transmission and bringing peace of mind to employees only strengthens the passwordless argument. The new end goal is to do more than simply replace the passwords with another authenticator. Ideally, enterprises should aspire to touchless workplace experiences that create a safer, more secure and productive workforce.

Be our guest: How to manage visitors with both safety and service
Be our guest: How to manage visitors with both safety and service

In today’s fraught times, business continuity and success hinges on how you manage the visitors to your company. By prioritising safety and security, and coupling them with top-notch attention and customer service, you win loyalty and gain a reputation that will serve you in years to come. An excellent way to accomplish this is by identifying and implementing the best visitor management system for your company. And visitor management systems go beyond ensuring the safety of your visitors and staff safety from your visitors. A feature-rich VMS will track your guests' activities, so you can better understand their preferences for future visits. That way, you can manage visitor experience and tailor amenities and preferences. Both customer loyalty and brand reputation benefit. Visitor management systems: who uses it, and why is it used? Visitor management refers to all the processes put together by an organisation to welcome, process, and keep track Visitor management refers to all the processes put together by an organisation to welcome, process, and keep track of all the guests daily. A visitor management system (VMS) is the technology used to manage guests for their convenience, safety, and security. Several features are typical in today’s applications. They include preregistration tools,  video intercoms, self-check-in stations, and health screening. In visitor management, the term "visitor" doesn't only refer to guests but also anyone without an authorized access credential. For instance, an employee without their access credential logs in as a visitor. The same applies to a delivery man or a technician carrying out routine maintenance. A VMS helps to account for everyone within the organisation at any given time. Who uses visitor management systems? You need a visitor management system to manage a school or hospital, an office, or even a residential building. Here's why: Visitor management system for schools: schools are among society’s most vulnerable facilities. A VMS is almost mandatory in this setting. It helps to identify visitors, detect intruders, and alert security of any unauthorised access. Visitor management system for offices: A VMS accounts for guests at all times. They include clients, maintenance contractors, delivery men, employees without credentials, friends, and family, Visitor management system for hospitals: access control is essential in hospitals, and managing visitors plays a major role. Hospitals offer access to pharmaceuticals, medical records, newborns, and expensive equipment. It is crucial to monitor restricted hallways and sections with video intercoms and track unauthorised persons' movements. Residential visitor management system: tracking people's movement is a key VMS component. In case of a crime, knowing who had access to the building within a specific time frame can help in the investigation. Plus, tracking the activities of visitors can deter future crime. Why is the visitor management system important? A video intercom makes it much more difficult for a visitor to impersonate a known guest. VMS accounts for everyone within the organisation in cases of emergency. VMSs can prevent intruders and alert the security department of a breach. A VMS creates a positive visitor experience, which shapes perception of the organisation. With a trusted VMS in place, employees can focus on being productive. Health screening gives staff peace of mind. It increases employees' willingness to return to work in the midst of the COVID 19 pandemic. How does a good VMS address occupant and visitor safety? The necessary technology to ensure building safety The best visitor management systems contain the necessary technology to ensure building safety. To maximise occupant and visitor safety, a VMS should have the following features: Job one of a VMS is visitor identification. It also helps deter potential criminals. Some VMSs go beyond identification by running a quick check on the visitor's ID and alerting security of any discrepancies. By identifying and proving a visitor's identity, the VMS ensures the safety of employees and other visitors. VMS helps with compliance A good visitor management system helps the organisation follow regulations, such as for occupancy. In the COVID era, some states may require health screening for guests. Health screening helps protect the building's occupants from exposure to health hazards. Information security VMSs also aid in information protection. It takes mere seconds for a rogue visitor to download files into a jump drive, photograph exposed blueprints, or copy customer lists. Visitor management systems restrict visitor access to parts of the building and track the whereabouts of guests. Visitor privacy With pen and paper systems, walking up to the receptionist often gives visitors full view of the visitors list. Visitor management systems seal that vulnerability. Visitors can check in without fear that anyone nearby can see their information. Emergency evacuation With a good VMS, the exact number of people within the building is always known. In the case of an emergency, first responders can use VMS data to identify everyone on site. This is a safety net for both the occupants and visitors to the organisation. How to manage building visitors System features depend on the purpose and setting of the VMS. Yet certain features and processes are essential. Preauthorisation and health screening The first step is knowing the visitors upfront. Preauthorisation allows everyone to know who is coming and when. Guests specify the time and purpose of their visits. You get to welcome and accommodate your visitors accordingly. Some systems may also be able to upload documents of interest, such as proposals, contracts, presentations, or agendas. Health screening is critical today. It signals that the organisation cares about its guests. A visitor is more likely to visit an organisation that prioritises health and safety. Health screening is a way to protect your staff and send the right message. Video intercom Along with health screening, video intercom is a key element of VMSs. It enables secure video identification with remote, touchless, and COVID-safe access into buildings. Intercoms are a safe and secure way to communicate with audio and video without physical contact. Video allows you to visually verify the visitor. The audio component enables spoken communication. Some systems even use facial recognition technology and mobile app unlock. When integrated with access control, visitor arrival is seamless. Upgrade to touchless access Touchless access is the safest and most secure VMS option Touchless access is the safest and most secure VMS option. It is more sophisticated because it receives visitors without them having to lift a finger. It's also convenient and effective. In this time of the novel coronavirus, the demand for hands-free systems is surging. VMS has pivoted to met this demand. Many organisations are finding how touchless systems increase safety in the workplace. Visitor logging is essential for managing guests to your building. Besides being a source for verification and data tracing, it also helps in real-time to know who signed into the building and who hasn't signed out yet. Tracking the movement of visitors within the facility makes it clear where they are at all times. This way, there can be an effective emergency action plan for visitors and other occupants. This feature has use in contact tracing, health investigations, and other investigations, such as for theft.

What does 2020 mean for the future of security trade shows?
What does 2020 mean for the future of security trade shows?

Trade shows have always been a basic element of how the security industry does business - until the year 2020, that is. This year has seen the total collapse of the trade show model as a means of bringing buyers and sellers face to face. The COVID-19 pandemic has effectively made the idea of a large trade show out of the question. Today, even air travel seems incredibly risky, or at minimum a huge hassle. The good news is that the industry has adapted well without the shows. A series of “on-line shows” has emerged, driven by the business world’s increasing dependence on Zoom and other video conferencing platforms. The fact is, 2020 has provided plenty of opportunities for sellers to connect with buyers. It’s easy to dismiss these sessions as “Death by PowerPoint,” but some of them are incredibly informative. And conveniently accessible from the comfort of a home office. Internet transforming businesses We have already seen how the online world makes it easier than ever to connect with customers. In the consumer space, businesses like Uber, Shopify and Airbnb have proven that the Internet can transform how business is done. But in the security industry, we hear: “You can’t replace the value of meeting face to face.” That’s definitely true to some degree. A lesson of 2020 is the need to take a hard look at the economic model of trade shows However, the reality of 2020 suggests that there are alternatives that are almost - emphasis on almost - as good. And that don’t cost as much. And that don’t take away as much time from the office. And that don’t involve the effort of schlepping luggage through an airport yet again to a hotel in a beautiful city you will never see where you will spend three days in a big exhibit hall eating overpriced hot dogs and regretting your choice of footwear. Economic model of trade shows Sure, you’ll meet up with old pals, and get some value out of the experience. But how much value versus the cost? A lesson of 2020 is the need to take a hard look at the economic model of trade shows - how much they cost versus the value they provide. Considering how well we have gotten along without them, one wonders how and why trade shows have become such an integral part of our industry, and of hundreds of other industries, for that matter. I have had many conversations with exhibitors at trade shows in the last several decades. I have heard probably thousands of complaints about the slowness of the foot traffic, the high costs of exhibiting, the price and hassles of travel. The question I have often wondered (and asked): Is it worth it? Defray the costs Usually, the complaining exhibitor will reluctantly admit that it is, and/or provide some other justification, such as one of the following: All my competitors are here. If I don’t exhibit, it sends the wrong message to the market. That’s why I need to have the largest booth near the front of the show, too, because it’s all about perception and positioning ourselves in the market. We need the show for the sales leads, which drive our sales for the next six months. If I meet one large end user who turns into a big sale, the extra revenue pays for it all and makes everything worthwhile. This is the only time I get to see my sales staff or other coworkers from around the country. We have a sales meeting this week, too, so it helps to defray the costs. Success of alternatives The realities of 2020, and the challenges to the business world, will impact the nature of commerce for years to come Given the experience of the year 2020 without any trade shows, might some of these justifications melt away? At a minimum, companies will be taking a hard look next year to evaluate what they missed about the trade show experience, and more importantly, what the impact was on their business (if any). What is the future of trade shows? After the 2020 hiatus, exhibitors and attendees alike will be starting with a clean slate, taking a fresh look, reexamining the value proposition with new eyes, braced by the successes (while acknowledging the failures) of alternatives that emerged as necessities during a global pandemic. Ensuring safety and security The realities of 2020, and the challenges to the business world, will impact the nature of commerce for years to come - including trade shows. During the pandemic, we have all had to reinvent ourselves, deploy new strategies, work around new challenges, and in the end, hopefully, emerge better for it. There’s no reason trade shows shouldn’t undergo the same transformation. And it’s likely the “new normal” could look very different. The security market has found new opportunities during the pandemic, including new applications for existing technology and a renewed emphasis on the importance of ensuring safety and security. That positivity will hopefully carry our industry triumphantly into the new decade, and trade shows will adapt to find their place in the newly revitalised industry. As it should be.