Following the Money: Online Fraud Attacks in 2017
What percentage of online orders are at risk of fraud? 2.32 percent of U.S. transactions in 2017, and 5.07 percent of international orders. That’s the data from the latest Fraud Attack Index from end-to-end fraud protection company Forter, in collaboration with the Merchant Risk Council.
In some ways, that’s good news: it’s less than last year. Both domestic and international fraud attack rates have dropped compared to 2016, which was characterized by sharp, scary spikes as new fraudsters came online and criminals stepped up the scale and scope of their attacks.
Unfortunately, there's bad news as well.
Online Fraud Attacks: A Problem That’s Not Going Anywhere
Compared to the first half of 2015, the fraud attack rate during H1 2017 was two-and-a-half times higher domestically, and twice as high internationally.
Interestingly, fraudsters tend to bounce around from industry to industry as sectors get smarter and implement tougher defenses. Electronics was hit the worst in 2017. Fraud attempts in the sector rose 62 percent domestically, likely because fraudsters shifted away from luxury and apparel as those industries improved their defenses following periods of vulnerability.
Surprisingly, the food and beverage industry witnessed a 117 percent increase in attacks compared to the start of 2016. This astonishing figure is not due to fraudsters desire for these goods, but because these sites have emerged as testing grounds for criminals who use them to attempt low-value purchases to make sure the stolen financial information is still available to them. If it is, they’ll go on to bigger fraud elsewhere.
More Fraudsters Attacking With Greater Sophistication
It’s no secret that e-commerce is continuing to grow. In 2017 alone, e-commerce sales increased 16.3 percent year-over-year in Q2, and 15.5 percent in Q3. Fraudsters aim to take advantage of the flood of legitimate orders to slip fraudulent orders in unnoticed and get them approved. Retailers that rely on manual reviews to catch fraud struggle to keep up with the sheer volume of transactions.
Ordinary buyers are getting in on the fraud as well. Sadly, there’s nothing new about customers trying to cheat their way to getting unfair discounts. However, "real" customers (as opposed to professional fraudsters) are starting to carry out policy abuse such as coupon abuse and referral abuse far more effectively.
They’re also starting to form communities that work together to explore the best ways to defraud merchants. For example, Facebook group members share information about which payment methods are most vulnerable at which online stores. This kind of "friendly fraud" tripled in 2017 compared to 2016.
Technology in the Hands of Criminals
In the online arms race against fraud, it can often feel as though technology is on the side of fraudsters. Criminals today are part of an extremely sophisticated ecosystem that uses artificial intelligence and machine learning to carry out attacks, supports marketplaces where stolen data is bought and sold, and fosters forums where attacks are planned. This environment has spawned a subset of criminals focused on creating tools and programs that make fraud easier than ever.
For example, there are apps that allow fraudsters to change one online identity to match the identity of a designated victim, as well as programs that automate attacks aiming to hack into victims’ accounts with stolen information.
The massive data breaches of recent years such as Equifax and Target have also had their impact. Stolen data is abundant, cheap and easy to access. The Fraud Attack Index found that account takeovers — an increasingly popular method of fraud that’s made easier when the sort of consumer data stolen in these hacks enters the dark web — accounted for 38 percent of attacks in 2017.
The Bottom Line
Ultimately, the bottom line is that fraudsters will always have their eyes on their own personal profit. They’ll attack anywhere they find a weakness. The data from the latest Fraud Attack Index shows that while the frightening spikes of 2016 have subsided, the retail industry now faces a new normal consisting of many more fraud attempts and more sophisticated fraud.
Retailers need to be prepared to operate in this new reality. It's not enough to optimize a manual review process. Merchants must remain active and agile by keeping up with the latest trends and evaluating their personalized vulnerabilities. In order to respond to fraud effectively, it's equally important for online retailers to find a fraud prevention solution that’s accurate without being risk averse by turning away legitimate customers that are mistakenly rejected as fraud threats. Increasingly, succeeding in both of these areas must involve a deep understanding of what customers — both legitimate and fraudulent — are doing at every step in the consumer lifecycle. A fixed focus on checkout and the transaction level will only leave fraud teams with half the picture.
Michael Reitblat is the CEO and co-founder of Forter.