Identity Theft Is Exploding in Developing Countries

The Cantagalo shantytown community next to neighboring Pavao-Pavaozinho in Rio de Janeiro, Brazil, February 21, 2014
The Cantagalo shantytown community next to neighboring Pavao-Pavaozinho in Rio de Janeiro, Brazil, February 21, 2014
Photo: Getty

New data reveals the global circulation of stolen identities is leading to major shifts in cybercrime worldwide, with developing countries cultivating newly formed internet-based economies responsible for a generous amount of fake and stolen account activity.


Notably, as ecommerce markets in Latin America continue to expand, incidents of fraud are beginning to skyrocket. Stolen and forged identities used to create fake accounts is, in turn, becoming a market unto itself.

ThreatMetrix, the threat solutions division of research service LexisNexis, reports flourish fraud in the developing world, largely involving identity abuse, with particular emphasis on South America.

“Global cybercrime expansion is being driven by developing economies recently emerging as major perpetrators of fraud, creating new epicenters of cybercrime off the back of attacks that extend beyond their own borders into the surrounding region,” the company says.

ThreatMetrix cites as an example a swell of identity-based attacks originating from Brazil, where neighboring countries such as Columbia and Argentina are prime targets, in addition to the U.S. and U.K. In early 2018, Brazil found its way into the top five on a list of attacking nations.

“Billions of online users are generating huge swathes of data and unfortunately it is becoming easier and easier for cybercriminals to steal and monetize this, wherever they are in the world,” said Vanita Pandey, VP of marketing and product strategy at ThreatMetrix.

“Stolen data gives cybercrime a fraudulent mask, as they hijack identities to open new accounts, takeover legitimate user accounts or perform fraudulent transactions,” Pandey said.


In the first quarter of 2018, researchers registered more than 150 million rejected transaction, indicating online fraud is soaring; the figure represents an 88 percent increase from the same period in 2017.

Moreover, new and emerging economies—Egypt, South Korea, Ecuador, Ukraine, and Vietnam, are offered as examples—have contributed to 820 million bot-based attacks targeting ecommerce sites worldwide.


ThreatMetrix reports:

These attacks continue to be focused on identity abuse and testing. As a result, the overall attack rates for account logins and new account creations have steadily grown in the ecommerce sector, with fraudsters targeting account takeovers to access sensitive personal credentials and saved credit cards.

Specifically, fraudulent new account registrations increased more than 30 percent over the previous year, as fraudsters used the relatively modest sign up requirements of ecommerce vendors as a breeding ground to test stolen identity credentials. And these tests often serve as a gateway to further attacks in other industries.


Attacks on mobile account creations, meanwhile, have risen by 150 percent in 2018's first quarter, compared to the same period last year.

Per ThreatMetrix, 58 percent of all accounts are now created using mobile devices and 51 percent of financial transactions are now completed using a mobile device, a 200 percent increase since early 2015.


Senior Reporter, Privacy & Security


Might as well. Most countries have *terrible* laws on cyber security. Just like how Equifax lost the personal information for hundreds of millions of people, all the data that a person would need to steal an identity, yet no government regulation, no oversight. They provide 1 year free credit monitoring, then toss all those people back to the wolves and say “good luck. Your data is now floating around the web for the next 200 years because of our terrible security, but 1 year credit monitoring is all we will provide you. Maybe you should sign up for our $20 per month identity protection program? You know, now that your data is out there and you are at high risk for identity theft.” Boggles the mind. Those victims should have been provided with lifetime credit monitoring for free, if nothing else.