Predictions season is upon us once again and after some successful speculation for 2016, we decided to take another Nostradamus-like crack at it again with what we predict will happen in the world of online fraud in 2017. Fraud and security are interesting areas in which to try to make predictions since the enemy is constantly changing. Fraudsters are constantly beating defenses and developing new ways to break, or break into, organizations. If we really could predict what they were going to do, we’d all be a lot safer online. But as in any good fight, that doesn’t mean we shouldn’t ready our defenses the best way we can based on what we know to face fraudsters head on. Given what transpired in 2016, as well as what we see in our own data, here’s what we expect in 2017…
ATO – You Ain’t Seen Nothing Yet
BTO says “You Ain’t Seen Nothing Yet” but when it comes to ATO, it’s truer now than ever. Account takeovers will continue to be the biggest challenge for companies trying to protect their users and themselves. Usernames and passwords for 167,370,910 LinkedIn accounts landed on LeakedSource in May, 427 million passwords stolen in 2013 from MySpace released in June (in other news, who knew MySpace had 427M accounts?), some 32 million Twitter users found their accounts locked after credentials were sold on the dark web in June, and that’s not even the tip of the iceberg. These credentials are going to be tested and used everywhere in 2017, while companies scramble to help identify real users who have simply gone bad via the digital bodysnatchers.
Posers Making Purchases – Fraudsters Getting Really Good at Looking Real
For mobile games, or any app really, growing user numbers is a big deal and a big expense. When looking at a growing user base, active users who are downloading your app, logging in regularly and even making purchases may seem ideal, but they might not be real at all. Advanced engagement by fraudulent users is going to be a much bigger issue in 2017 as advertisers and ad platforms adopt more sophisticated tracking technology and fraudsters become more experienced at mimicking the behavior of real users to game the system and gain a big payoff.
Fake Accounts Have the Attention of your Board – Here Comes the Crackdown
Whether it’s insiders creating new accounts to meet sales goals or outside fraudsters committing identity theft, fake accounts are a huge problem being faced by any company with users and you better believe your corner offices and boards of directors are paying attention now. Fake accounts hit the headlines after federal regulators said Wells Fargo employees created millions of fake bank and credit card accounts since 2011. The CEO resigned, the treasurers of both California and Illinois stopped doing business with Wells Fargo, they were slapped with a $185M fine and new account creation is down 27%. Unfortunately, as we saw with the decreased effectiveness of CAPTCHAs, SMS and email verification are also becoming too easy of a barrier to overcome for fraudsters opening new, and fake, accounts. In 2017, we anticipate increased scrutiny on account openings and the need for additional proof that a new account is legitimate.