LexisNexis® Risk Solutions latest Cybercrime Report shows a significant swing in the composition of global fraud attacks, with first-party fraud now the leading type in the UK, representing more than half (51%) of all reported fraud in 2024. The report is an analysis of over 104 billion global transactions in the LexisNexis® Digital Identity Network® platform over the past 12 months.
First-party fraud includes customers misrepresenting or giving false personal or account information for financial gain, such as when applying for a loan; banking customers claiming a credit or debit card purchase is fraudulent in order to get a refund (known as ‘friendly’ fraud); or claiming goods ordered online were not delivered. Buy Now, Pay Later (BNPL) providers and financial institutions are among the organisations reporting a particular uplift in first-party fraud.
Key vulnerabilities
Other forms of fraud also remain a threat. Account takeover (ATO) fraud – fuelled by phishing and smishing activity – accounts for15% of reported fraud in the UK. Common amongst this is password reset fraud, where a victim receives a password reset email and inadvertently surrenders their login details to a fraudster. Analysis found one in ten (10%) password reset attempts in the UK was a fraud attack last year, rising to over one in four (27%) reset attempts initiated on a desktop computer.
“These findings represent a notable shift in global fraud patterns, with consumers now emerging as the single largest source of human-initiated fraud,” said Stephen Topliss, vice president of fraud and identity, LexisNexis Risk Solutions. “The change in composition of attacks presents a significant challenge for fraud prevention since detecting first party fraud requires a subtly different approach from detecting scams or account takeovers. Organisations can’t afford to be complacent, however – there were still more than three billion brute-force automated account takeover attacks detected last year alone and scams remain a global problem. It is vital for organisations to have models tuned to detect these varied forms of fraud.”
Sector and regional trends
On a global level, the attack rate on Communication, Mobile and Media (CMM) companies increased by 15% year on year and global Financial Services firms saw an 18% uplift in automated bot attacks. LexisNexis Risk Solutions believes this could indicate underlying signs of a coming ‘fraud storm’ powered by AI.
Attack rates also varied at a regional level:
- EMEA continues to see the lowest regional attack rate globally at 0.6% of transactions, according to the LexisNexis® Identity Abuse Index, which records daily attack rates.
- LATAM has also seen a sustained decrease in its attack rate (1.6%) since the end of 2023, now putting it lower than North America at 2.2%.
- In contrast, APAC’s attack rate grew significantly by 37% through 2024, now standing at 1.5% of all transactions in the region.
Topliss continued, “We are at a potential tipping point. While many organisations have improved their defences over the past few years, we also know that cybercriminals are embracing new innovative, AI-enhanced capabilities and we will likely see these extensively tested and executed over the coming months. Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks.”
Click Here For The Original Source.
