2019 Predictions - 10 Cybercrime Trends to Expect in the New Year

Dec. 14, 2018 | by Uri Rivner

Heading into the new year, everything from your washing machine to your mobile banking app will be a potential source of fraud risk. It’s the challenge of living and doing business in the age of digital transformation. As our day-to-day lives becomes more convenient through all that technology has to offer, fraud becomes simpler for cyber criminals.

With 2019 just around the corner, Uri Rivner, Chief Cyber Officer at BioCatch, predicts ten cybercrime trends to look out for in the days ahead.

2019 Cybercrime Trends

1. IoT payments impersonation will increase

Security professionals have been announcing the dangers of IoT devices for awhile now. The latest threat is IoT payments impersonation. It’s pretty nifty that your smart fridge can online grocery shop for you, or that your coffee machine can reorder pods when you’re running low. However, connected devices, from smart fridges to washing machines, are already producing unattended payments that a user cannot personally verify. The IoT market will only expand in 2019, and fraudsters will begin to take a closer look at the new opportunities for fraud provided by highly-vulnerable IoT devices.

2.Targeted malware will continue Fortnite’s cybercrime woes

The online game that became the single most popular post-school activity already attracts a lot of cybercrime attention. But Fortnite faces another problem: the game doesn’t run on normal browsers. In 2019, well-funded cyber gangs will transition from their existing attack tools to targeted malware, using the browser vulnerability to takeover Fortnite accounts. Once an account is compromised, fraudsters can rack up large credit card bills filled with fraudulent purchases.

3. Phone scams will begin to utilize malware

Authorised Push Payments (APP) fraud is a huge source of losses for UK banks. Over the phone, scammers convince victims to transfer money from their personal account to a fraudster’s. In 2019, UK banks plan to slow down the wave of APP fraud by allowing users to see the name of the beneficiary they are sending money to online, not just their account number. But as a counter move, fraudsters are likely to adopt malware to conceal their identity from victims, initiating the same phone-based attack, but using malware to hide or alter their displayed name.

4. IDs will still be up for sale

The US Senate passed a law requiring the social security administration to expose an API to check if an SSN matches an individual’s other personal details, like name and date of birth. Once deployed, the measure will make creating fully synthetic identities difficult. Forward-looking fraudsters will prepare for that future by targeting individuals with no credit history, such as new immigrants or young children, and use their details to create fake identities.

5. Card not present fraud will decline

Card not present (CNP) fraud is a headache for online merchants and issuers. Thankfully, CNP fraud is one cybercrime trend predicted to decrease in 2019 for three key reasons. First, 3D Secure, an authentication scheme for CNP transactions, will enable far better detection of fraud on the card issuer side by sending new data points connected to transactions. Second, PSD2 will force retailers in the EU to adopt much more aggressive fraud prevention controls. Finally, behavioral biometrics will become a powerful tool used by fraud management platforms to analyze the way shoppers fill up their cart and go through the checkout process.

6. Account opening attacks will spread to smaller targets

Small financial services companies are far more exposed to application fraud than their larger counterparts. Further, they cannot afford to equip themselves with next-gen tools. Think about this: If a small-sized digital bank that typically receives 100 applications per day is suddenly flooded with 1000 fake applications per day, they would have to stop accepting new business as the fraud losses would be paralyzing. Such an attack is not inconceivable. Fraudsters already conduct them, but in 2019, their target will shift.

7. Instant credit offerings will be sitting ducks

Banks that offer instant credit ordinarily market the service to pre-approved individuals, lessening their exposure to fraud. Competition with Fintech companies, however, will force banks to offer instant credit to anyone visiting their site. You guessed it. 2019 will see a surge of identity theft and synthetic ID fraud as a result.

8. Explainable AI will change the way credit risk is assessed

To comply with discrimination laws, US lenders have to be able to explain why they declined a credit request. As a result, they cannot use regular machine learning tools that take into account hundreds of small parameters to produce a decision. New forms of AI can produce a clearly explainable rationale of why the model suspected an application, opening up the black box so that auditors can verify there was no discriminatory bias.

9. Attacks on telcos will move to social engineering and remote access

Mobile carriers are suffering from a surge of attacks in which cyber criminals take over a user’s account, order new phones, and ship them to the criminal’s address. The industry’s response has been to introduce device based analytics to make sure requests originate with a recognized device and not a stolen one. Fraudsters will adjust to the change by shifting to tried-and-true methods, such as social engineering and remote access tools, to make it appear as though request are coming from a trusted device.

10. Authentication-less authentication will break onto the scene

“Friction” is anathema to user experience, but companies have to be able to authenticate users effectively. The dilemma is a hot topic, and solutions are popping up left and right. 2019 will see greater advances in and adoption of digital user identity analysis, device reputation, behavioral biometrics, and AI. Solutions like these allow highly-accurate, 100% friction-free access to websites and mobile apps – essentially allowing not just passwordless authentication, but rather retiring ALL authentication controls. Binary yes-no answers at login will give way to a risk-based approach in which most sessions are verified behind the scenes with no visible authentication control.


At the core of our cybercrime problem is a lack of effective methods for establishing and verifying digital identity. New solutions are addressing the challenges, replacing outdated approaches that rely on static information, with much more effective, multi-factor tools. Though fraud risk will always be with us, organizations can lead the way in combating these cybercrime trends in 2019 and beyond by adopting powerful fraud prevention and authentication solutions.


Interested in learning more? Read up on why new approaches to digital identity are the solution to the explosion of fraud risk.

Topics: Fraud, Fraud Prevention, fraud detection