Beyond Digital Identity: 2018 Predictions
Posted December 6, 2017
When it comes to digital identity, cybercrime and the state of the digital economy, it looks to be a bumpy 2018.
Not that 2017 was a big party. Whether it was WannaCry, NotPetya, stolen NSA cyber-weapons or the mother of all credit agency hacks, this outgoing year was enough to make security and fraud teams want to cry.
Cybercrime led to as much as $1 trillion in global losses — a figure that could top $6 trillion by 2021. Indeed, if you think things couldn’t possibly get any worse than 2017, think again. As we head into the new year, the risks for every business grow more alarming by the day.
Here is a look at what to expect in 2018:
1. Digital Transformation Ignites (and Endangers) New Industries
Digital transformation efforts (especially the mobile-first variety) will accelerate with rising consumer expectations for fast, frictionless experiences at scale. Incumbents in financial services, in particular, will be forced to fend off nimble entrants unencumbered by legacy systems. Forrester predicts 20 percent will fail to achieve meaningful transformation, putting their businesses at risk in 2018. Our fear is that estimate may be far too conservative.
2. ‘1-Click’ eCommerce Kicks Online Retail into Higher Gear
With Amazon’s patent on 1-Click commerce now expired, online retailers that have managed to accelerate checkout speeds as much as 40 percent through their own innovations are likely to see explosive new gains. But, eCommerce players will need to carefully balance friction and fraud to achieve optimal ROI — without turning off customers or rewarding savvy cyberthieves.
3. Cyber Fraud and Financial Crimes Converge
Cyberthieves have stolen $35,000 per minute from financial institutions during the past six years. With our own data showing fraudulent account creations up 240 percent in Q3 compared to the same period in 2015, we believe 2018 will see cyber fraud combine with traditional financial crimes, such as the use of “money mules.” Look for fraudsters to use automated bot attacks to apply for fraudulent loans or hijack existing accounts and transfer the money to other countries. Hired hands or unwitting accomplices withdraw the money and deposit it elsewhere to hide perpetrators’ tracks.
4. Faster Payments Means Faster Theft
Among those expected to face issues next year: Peer-to-peer and sharing-economy platforms. With velocity as the name of the game, new fraud tactics are quickly emerging — from Uber or Lyft rides that never take place to Saturday afternoon Venmo or PayPal transactions that turn into Monday morning nightmares. The fact is, the same technologies that streamline operations can be used to rob businesses blind. The forecast for 2018 isn’t going to be more of the same. It’s going to be worse.
5. Connected Devices Form an Internet of Threats
In the year ahead, there’ll be more connected devices than you can shake a botnet at. From wearables to thermostats to refrigerators to baby cams, the number of IoT devices will surge from 8.4 billion this year to 20.4 billion in 2020. Just as with the user devices that business systems transact with today, success will hinge on the ability to safely and accurately recognize legitimate users, and block out fraudsters, without added friction.
6. Fake News is Coming to a Company Near You
There’s a reason “fake news” was named the Collins Dictionary Word of the Year. But beyond politics, a growing number of businesses will be targeted by computational propaganda, usually in conjunction with other forms of fraud. Just ask Los Angeles-based Pure Daily Care, which reports losing $400,000 after a rival allegedly cloned its marketing pitch and tricked customers into posting poor Amazon reviews. While small companies will be low-hanging fruit, large companies could soon be in fraudsters’ crosshairs.
7. Identity Credentials Hit the Bargain Bin
In a post-breach world, look for downward pressure on the cost of personal identity records. The price of your credit card number could sink as low as $1 in 2018. According to a recent study from Google, in just one year, nearly 2 billion login credentials went up for sale on dark web forums. And with “fullz” — highly detailed personal identity files — now only fetching $10, social security numbers, birthdates, usernames, passwords, challenge questions and more could soon come cheaper by the dozen.
8. The Threat Map Goes Wide as the Attack Surfaces Expand
According to the latest stats from ThreatMetrix, the cyberattack volumes seen in 2017 have been driven by the rapid dissemination of stolen identity data worldwide. There’s even a tempo to it — sharp spikes after major breaches, followed by sustained attacks that wind their way around the planet as thieves exploit fresh data. In 2018, look for attack origins to shift with each new quarter, while targets take on an increasingly international flavor. At the top of the menu this coming year: the U.S., Brazil, India and China.
Identity data’s not the only thing feeding cybercrime’s global free-for-all. There’s also plenty of fresh meat. In 2018, the number of new netizens could approach 1 billion. According to Information Age, there are already 3.8 billion internet users worldwide. By 2020, it’ll be 6 billion. Unfortunately, density is destiny: As transaction volumes spike, so does cybercrime. With a record 171 million cyberattacks worldwide in the third quarter of this year — a 100-percent increase from Q3 2015 — all signs point to more turbulence ahead.
9. Vulnerable Consumers Make Valuable Targets
In emerging economies, nearly 1 billion people who’ve never even owned a bank account will soon find themselves managing their entire financial lives on mobile devices — without understanding the dangers of phishing attacks and other forms of fraud. In advanced nations, young consumers are embracing a host of new connected devices and otherwise savvy seniors are venturing online with nary a thought about privacy or security. These and other vulnerable populations will prove tempting targets to cyberthieves.
10. This Terrorist Attack Made Possible by Victims Like You
Groups backed by nation-states and networked ideologues will increasingly turn to cybercrime to raise money for launching terror attacks — or as a means to conduct it. Last year’s $81 million heist at the Bangladesh Central Bank is believed to have helped fund North Korea’s nuclear program. The regime was also behind this spring’s WannaCry ransomware attack, which crippled key infrastructures in 150 countries. Russia and Iran are expected to up their cybercrime efforts, as is ISIS or associated groups.
11. At Least One ‘Attack the World Isn’t Ready For’
Earlier this year, IDT Corporation was hit by a cyberattack that leveraged two separate cyber-weapons stolen from the NSA. Hackers used ransomware as a smokescreen for an attack that stole employee credentials — giving them free rein of the company’s data. More than 10,000 computers worldwide have been hit by these same weapons, which are virtually undetectable. “This is a nuclear bomb compared to WannaCry,” IDT CIO Golan Ben-Oni tells the New York Times. “The world isn’t ready for this.” We agree.
12. It Takes a Network to Fight Back
Now more than ever, one company’s data set, or even dozens of companies’ data sets will not be enough to differentiate legitimate users from cybercriminals using stolen identity credentials. As the company behind the world’s largest Digital Identity Network, we know it takes a global network of thousands of companies spanning every industry. A key capability: The computing power to ensure that the moment fraudsters and cyberattacks are identified by one member company, they are known and neutralized by all.
With the kind of threats coming our way in 2018, this may be the only hope we have to fight back.
Originally published at www.threatmetrix.com on December 6, 2017.