Hackers in Greater China target online transactions, building ‘dossiers’ of information on individuals, expert says

Subway passengers using smartphones in Beijing, China. Online hackers have an enlarged base of targets using e-commerce as the number of smartphones in use in China has grown to more than 600 million | Shutterstock

Greater China is facing an increasing number of cyberattacks on online transactions, with e-commerce websites being the most vulnerable, according to a recent cybersecurity report.

The increasing number of attacks on e-commerce websites come about as the trend of cross-border e-commerce continues to grow, with more consumers shopping online for the best deals, according to cybersecurity firm ThreatMetrix’s Q3 2016 cybercrime report.

According to ThreatMetrix data, fraudulent log in attempts comprise about 11.8 per cent of e-commerce transactions in Asia-Pacific, compared to 4 per cent in the finance industry as hackers become more interested in gathering user data to exploit people’s identities down the road.

E-commerce sites often make it easy for customers to log in or create an account, forgoing extra layers of security such as two-factor authentication to create a frictionless shopping experience, said Alisdair Faulkner, chief products officer and co-founder of cybersecurity firm ThreatMetrix.

He added that e-commerce sites are often “sitting ducks” for such hackers because users often give such sites a wealth of personal information, including addresses and phone numbers, allowing hackers to compile “dossiers of information” for later use.

“With your identity, [hackers] could access your medical record, insurance, even your bank accounts. They could collect enough information, impersonate someone’s identity and apply for a loan at a bank … or commit tax fraud,” he said.

These same e-commerce sites often lack strong authentication measures for customer log ins, and often do not inform users about data breaches.

“E-commerce sites can’t force customers to have more security,” Faulkner said, adding that additional security measures may put off customers from purchasing from the merchant.

This is particularly true in countries like China, where over 600 million people user smartphones. Merchants today often make it easier to create accounts or log in on their mobile devices, where screens and keyboards are much smaller than on a desktop computer.

In particular, the Greater China region faces an extremely high number of automated bot attacks, which can be combined with identity or device spoofing in large scale cyberattacks, according to the report.

“There are no uniform standards around privacy … We don’t have the same level of guidelines for people’s identities and how it’s protected [compared to financial information] because data is typically treated as not encrypted whereas credit card data is,” Faulkner said.

He said that credit card data is much less valuable than identity and personal information, because hackers only make a one-time gain off credit card fraud whereas impersonating an identity may be more lucrative in the long run.

The Asia-Pacific region sees over 200,000 identity abuse attacks daily, according to ThreatMetrix data, an increase of about 50 per cent from last year.

“Anybody in Asia could be getting these attacks – they just don’t experience it directly,” Faulkner said, adding that companies like ThreatMetrix compile digital profiles of mobile devices and how they are used to help companies and merchants determine if transactions are legitimate or suspicious.

Suspicious transactions would get flagged by ThreatMetrix in real-time, allowing companies to manually review them and decide if they should allow a transaction to go through.

Read the original article on the South China Morning Post.