The EMEA region is a patchwork quilt of cultures and languages, defined as much by its diversity as by the commonalities shared by geographical proximity. These unique factors create a complex cybercrime landscape that continues to be shaped by evolving consumer behaviour, economic growth and technological development.
This is evidenced by the transaction trends and attack patterns seen in the ThreatMetrix EMEA Cybercrime Q1 2019 report. At the same time the region is in the midst of huge regulatory reform.
One year on from GDPR and on the cusp of the Strong Customer Authentication (SCA) mandate for PSD2, businesses are being forced to address customer security, streamlined authentication and fraud control in equal measure.
The handling of personal information is now front and centre of the consumer psyche. Since the advent of GDPR in May 2018, the BBC reports that there have been nearly 90,000 notifications of data breaches and over 140,000 complaints from the public across EU countries that have implemented the regulation.
Consumers now have more control over their data than ever before – a real game-changer for companies that historically developed their own corporate privacy policies. As reports on data breaches and fake news stories fuel headlines across the world, consumers are now demanding a greater say in how their data will be used.
Trust and brand loyalty, in addition to large fines, are key risks for companies who violate the privacy of today’s consumer.
At the same time PSD2 is mandating that financial services organisations more rigorously authenticate the identities of consumers accessing account services and making payments, presenting a further challenge around how personal data is collected, stored and verified.
This is an interesting paradox when the regulation is also seeking to promote open banking. It has been over a decade since Clive Humby was credited as saying that ‘data is the new oil’, but the analogy still holds true today.
However, the ownership of, and responsibility for, data is returning to the consumer, despite the fact that businesses are under greater scrutiny than ever before to differentiate between trusted consumers and bad actors.
This continues to drive a metronomic tension between security and streamlined access to online goods and services, with businesses constantly balancing the somewhat competing demands of effective fraud detection and low user friction.
Consumers do not expect the care of their personal data, or strong authentication strategies, to come at the expense of laborious identity verification processes or unnecessary step ups. Likewise, businesses must continue to protect and prioritise the interests of vulnerable customers who may be more susceptible to unwittingly sharing their personal data or less able to authenticate themselves via the usual channels.
This is particularly important given cybercriminals are in a continual drive to modify their attack methods to target new weaknesses.
In many cases this path of least resistance is not a vulnerability in online processes, but comes from consumers themselves. They are unwittingly becoming involved in pitch perfect scams that lead to them divulging personal credentials, downloading malware or allowing remote access, thereby giving the fraudster unfettered access to personal accounts and customer data.
Organisations that succeed in this landscape of robust regulatory reform, diverse consumer behaviour and complex fraud will be those that can accurately differentiate consumers from fraudsters in real time, layering low-friction authentication solutions that promote rather than hinder a streamlined user experience.
This relies on having a single user view across the entire consumer journey; combining physical and digital identity verification, authentication and fraud detection capabilities so that businesses can truly know their customer, wherever, whenever and however they choose to interact.
The ThreatMetrix EMEA Cybercrime Report: Q1 2019 is based on cybercrime from January – March 2019, during real-time analysis of consumer interactions across the online journey, from new account creations, to logins and payments.
Key Findings from the Cybercrime Report
- EMEA represents a less risky online environment, compared to the rest of the world, despite pockets of growing attack rates for some industries and use cases.
- Top attackers in the region are targeting growth and emerging economies, like Poland and the Ukraine, highlighting the continued widespread dissemination of breached identity data.
- The UK’s digital economy is driving higher use of mobile devices and lower attack rates.