TransUnion reported strong transaction volumes and fraud attempts in mid-to-late June 2021
F
raudsters are re-focusing their efforts from financial services to the gaming, travel and leisure industries, according to TransUnion’s latest quarterly analysis released Wednesday.
Gaming and travel and leisure were the two most impacted industries globally for the suspected digital fraud attempt rate, rising 393% and 155.9% when comparing Q2 2021 to Q2 2020, respectively. In the U.S., this rate rose 261.9% for gaming and 136.6% for travel and leisure. As for online gambling, the year-over-year growth was 36%. Across industries, the rate of suspected digital fraud attempts rose 16.5% globally for the period.
“It is quite common for fraudsters to shift their focus every few months from one industry to another,” said Shai Cohen, senior vice president of Global Fraud Solutions at TransUnion. “Fraudsters tend to seek out industries that may be seeing an immense growth in transactions. This quarter, as countries began to open up more from their COVID-19 lockdowns and travel and other leisure activities became more mainstream, fraudsters clearly made this industry a top target. The immense growth in gaming fraud also can be attributed to the shifts in focus of fraudsters as this growing market becomes a larger target.”
In an email to Yogonet, Melissa Gaddis, senior director of customer success, Global Fraud Solutions at TransUnion explained that the large increase in suspected digital fraud in the gaming industry, including video games, mostly come from increased rates of fraud attempts at login integrations. She added they are capitalizing on their success at phishing.
“Transaction volumes remained consistent, but the rate of suspected fraud attempts at login integration points dramatically increased (~8% in Q2 2020 to ~56% in Q2 2021). In addition to this, we saw large amounts of Botnet activity and Transactions Per Account (i.e. too many attempts from a single account) in Q2 2021 that contributed to increased suspected fraud rates. The increase at login makes sense when you consider that phishing attempts rose during covid and fraudsters look to monetize their success of obtaining usernames and passwords. It’s likely that what we are seeing is credential stuffing,” Gaddis said.
Credential stuffing is a type of cyberattack in which stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords, often from a data breach, are used to gain unauthorized access to user accounts through large-scale automated login requests, according to the expert.
When asked about online gambling’s more moderate numbers (+36%), Gaddis said that with more business open to the public in 2021, she would expect to see gamblers returning to in-person gambling at brick & mortar casinos and moving away from digital gambling. “When looking at the data, we are seeing pretty consistent suspected fraud rates between the two periods for the Gambling industry. If it wasn’t for strong transaction volumes and fraud attempts in mid-to-late June 2021, we would have probably seen an overall decrease in transactions and fraud in Q2 2021 for the Gambling industry when compared to 2020. We saw a couple of large spikes in suspected fraud on 2021-04-01 and 2021-04-20/21, but fairly consistent other than that until late June where we saw a more sustained hump of transactions and suspected fraud.”
Policy/License Agreement Violations were the main type of fraud for gambling. “Frequently this involves people who are trying to game the system by taking advantage of offers of free bets or play. While these are legitimate players and this may not typically be behavior considered as ‘fraud’ this can account for significant monetary loss for businesses. Some business crack down on it harder than others. Also, as regulations shift and new jurisdictions enter the gambling space companies are indicating when people attempt to gamble and/or bet online outside of eligible jurisdictions as not adhering to their policy agreements.”
In addition, gold farming was the main type of fraud for gaming. Regarding ways in which gaming and gambling operators, and also regulators could prevent and tackle these particular types of fraud,
the TransUnion expert says the key comes down to understanding customers and traffic. “If an account is used in Indonesia and suddenly is accessed by someone in Minnesota that should raise a red flag. If 1000s of accounts are all accessed by the same device or groups of devices that also should raise a red flag. Once you understand what ‘normal’ looks like among your good players and what is acceptable for your business given regulations or internal policy you can start to look for the anomalies which indicate fraud or abuse. When real dollars are involved identity proofing and ensuring documents provided to prove identity are legitimate is important along with understanding the relationships between accounts given common device access.”
“Right now with the economy opening back and the unemployment rates lowering people have, or feel they have, more disposable income which increases the transactions within this industry, certainly as compared to the same time in 2020. We believe we will start seeing a leveling of the fraud rates to more pre-pandemic levels as we continue to move beyond the early days of the pandemic,” Gaddis concludes looking ahead.
TransUnion monitors digital fraud attempts reported by businesses in varied industries such as gambling, gaming, financial services, healthcare, insurance, retail and travel and leisure, among others. The conclusions are based on intelligence from billions of transactions and more than 40,000 websites and apps contained in its flagship identity proofing, risk-based authentication and fraud analytics solution suite, TransUnion TruValidate.
Original article: https://www.yogonet.com/international//noticias/2021/08/11/58784-digital-fraudsters-shift-focus-to-gaming-with-36por_ciento-growth-in-online-gambling-during-q2