Currently, the whole EMEA region is in the midst of huge regulatory reform. The first one being GDPR, now SCA and PSD2 are forcing businesses to address customer security, streamlined authentication and fraud control in equal measure.
The Global Identity and Fraud Report showed that security is the most important part of the online experience for 74% of people around the world, followed by convenience. That is why handling of personal information is now front and centre of the consumer psyche.
At the same time, PSD2 is mandating that financial services and related organizations more rigorously authenticate the identities of consumers accessing account services and making payments, which of course then presents a challenge regarding how personal data is collected, stored and verified.
This is particularly important given cybercriminals are in a continual drive to modify their attack methods to target new weaknesses with the new and emerging technologies in the payment game.
Luckily, the ownership of data is returning to the consumer, despite the fact that businesses are under greater scrutiny than ever before.
The ThreatMetrix EMEA Cybercrime Report: Q1 2019, based on cybercrime attacks detected from January to March 2019, during real-time analysis of consumer interactions across the online journey, from new account creations, to logins and payments, gives a valuable insight in how cybercriminals are behaving in the new era.
Transactions and attacks
This is the overview of EMEA region in numbers when it comes to cybercrime:
Attack patterns in EMEA are mostly consistent with the rest of the world. However, the attack rate in EMEA is lower. Logins remain the safest transaction type, while new account creations are the most risky transaction, attacked at a rate of more than one in ten transactions.
Interestingly, device spoofing is more prevalent in EMEA than in the rest of the world. This may be, according to the report, when a fraudster is using a virtual machine to impersonate a good customer device, or when a fraudster is attempting to bypass normal device fingerprinting techniques, for example by repeatedly wiping cookies, or using a jailbroken or rooted phone. The report also concludes that EMEA transactions have a higher percentage of events coming from jailbroken and rooted phones in comparison to the rest of the world.
When it comes to payments in EMEA, these are main takeaways from the report:
- E-commerce payment transactions have a strong mobile footprint, at 71%, while in the rest of the world it is 55%. This perhaps explains the slightly lower attack rate in EMEA in comparison to the rest of the world.
- Financial services payments in EMEA are attacked at a lower rate in comparison to the rest of the world. This is perhaps explained by the prevalence of financial transactions via full service mobile banking apps which can leverage the in-built security features of mobile devices for authentication.
- Media payments in EMEA see a very high prevalence of mobile transactions at 81%, higher than the global figure of 77%.