- Periods of inflation and rising living costs likely contribute to an increase in opportunistic fraud against financial services, ecommerce and other sectors
- AI-powered fraud expected to increase in 2025
LexisNexis® Risk Solutions releases its annual Cybercrime Report, an analysis of over 104 billion global transactions in the LexisNexis® Digital Identity Network® platform during 2024. The report, The Calm Before the Storm?, shows a significant swing in the composition of global fraud attacks, with first-party fraud now the leading type globally, representing a third (36%) of all reported fraud in 2024, up from 15% the year before.
First-party fraud includes misrepresenting or giving false personal or account information for financial gain, such as when applying for a loan, claiming a credit or debit card purchase is fraudulent in order to get a refund (known as friendly fraud), or claiming ordered goods were not delivered. Buy Now, Pay Later (BNPL) providers and financial institutions are among the organisations reporting an uplift in first-party fraud, which is known to be exacerbated by periods of inflation and the rising cost of living. Increased institutional liability for scams, driven by regulation, is also likely having an impact.
Key vulnerabilities
Account takeover (ATO) fraud – fuelled by phishing and smishing activity – represents a further 27% of global reported fraud (down by ~2% year on year), while scams, including authorised push payment (APP) fraud, represent 11% of cases (down from 16% of cases in 2023). The report also found one in nine (11%) password reset attempts in 2024 was a fraud attack, rising to over one in four (27%) reset attempts initiated on a desktop computer.
“These findings represent a notable shift in global fraud patterns, with consumers now emerging as the single largest source of human-initiated fraud,” said Stephen Topliss, vice president of fraud and identity, LexisNexis Risk Solutions. “The change in composition of attacks presents a significant challenge for fraud prevention since detecting first party fraud requires a subtly different approach from detecting scams or account takeovers. Organisations can’t afford to be complacent, however – there were more than three billion brute-force automated account takeover attacks detected last year alone and scams remain a global problem. It is vital for organisations to have models tuned to detect these varied forms of fraud.”
Sector-specific and regional trends
After two years of substantial increases in overall global[1] attacks, the latest Cybercrime Report finds that rates began stabilising in 2024, with only a marginal (1%) increase in the human attack rate and a 15% decrease in global bot attacks – algorithms designed to break into customer accounts using stolen credentials. However, LexisNexis Risk Solutions believes this relatively calm global picture may obscure underlying signs of a coming storm powered by AI.
The attack rate on Communication, Mobile and Media (CMM) companies increased by 15% year on year and global Financial Services firms saw an 18% uplift in automated bot attacks.
Attack rates also vary at a regional level:
- EMEA continues to see the lowest regional attack rate globally at 0.6% of transactions, according to the LexisNexis® Identity Abuse Index, which records daily attack rates.
- LATAM has also seen a sustained decrease in its attack rate (1.6%) since the end of 2023, now putting it lower than North America at 2.2%.
- In contrast, APAC’s attack rate grew significantly by 37% through 2024, now standing at 1.5% of all transactions in the region.
Topliss continued, “We are at a potential tipping point. While many organisations have improved their defences over the past few years, we also know that cybercriminals are embracing new innovative, AI-enhanced capabilities and we will likely see these extensively tested and executed over the coming months. Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks.”
Methodology: The LexisNexis Risk Solutions Cybercrime Report analyses over 104 billion transactions through its LexisNexis Digital Identity Network between January and December 2024. It identifies fraud attempts during near real-time analysis of consumer interactions across the online journey, from new account creations, logins and payments to non-core transactions such as password resets and transfers.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
