The LexisNexis Risk Solutions Cybercrime Report concisely describes how fraud has evolved over the past two years. First-party fraud, for one, surged in 2024, with BNPL and financial services companies popular targets.
Fraudsters’ attack modes are also changing. In 2023, the top three types were identity theft (32.6%), third-party account takeover (24.6%) and “other” (11.2%). One year later, third-party fraud took the top spot at 30.5%, a 5.9% gain in one year. First-party fraud quadrupled from 7.6% in 2023 to 30.4% in 2024. True identity theft was third at 20.8%.
“First-party fraud schemes, including bonus abuse and chargeback abuse, are harder to detect than third-party fraud because they involve real account holder data and require analyzing customer intent,” the report states.
The type of fraud also varies depending on the targeted industry. In gambling and gaming, bonus abuse is by far the most popular at 64.7%, followed by third-party account takeover at 24.7%. In e-commerce, first-party fraud is 42.5%, and third-party account takeover 32.5%. Those are also the two most popular types in financial services at 37.3% and 26.2%.
One reason for the increased activity is that European-initiated attacks on North American mobile banking apps occurred in January and May of 2024. Domestic account takeover attacks on American e-commerce sites also rose. Human-initiated attacks in North America grew 31% as bot volume remained stable. Across the planet, human-initiated attacks were up 15% as bot volume dropped 15%.
“In the US, … human-initiated attacks grew substantially at a rate of 24% while automated bot attacks fell 8%—but from an already elevated level, with 1.2 billion attacks tracked,” the report states. “…bot growth fell by almost half in e-commerce.”
Bots legitimately used by businesses have become attack targets. Fraudsters are targeting chatbots to request fraudulent refunds. AI doesn’t seem to be a legitimate factor; most attacks are human-driven.
However, retailers are using AI to respond. Some deploy AI models on chatbots to identify fraudulent patterns and to improve support for actual customers and staff.
In Canada, human-initiated attack volume rose 36% year over year, with automated bot attack volume climbing 32%. Attacks on e-commerce surged by 36%, while financial services saw their attack rate increase by 18%. Bot attack volume was double that, growing by 37%.