NATIONAL REPORT—E-commerce fraud prevention firm Forter has released its biannual Fraud Attack Index, which highlights the rapidly shifting e-commerce landscape and breaks down how changes in this fragile ecosystem can affect online merchants and their omni-channel offerings.
The report leverages Forter’s data to examine the trends in online fraud attacks across industries such as travel and food & beverage, exploring the fraudulent modus operandi (MO) or methods fraudsters may use to attack online retail platforms.
Forter has found that while fraud attack rates targeting land travel and hospitality increased 19% in 2018—the air travel industry saw fraud attack rates decrease 29% during the same time period. This surprising trend indicates that the massive amount of data stolen in 2018 breaches, such as those at Orbitz and Cathay Pacific Airways, hasn’t yet been used to scam merchants and customers, according to the company.
FORTER Q1 2019 FRAUD ATTACK INDEX FINDINGS
Spike in Cross-Industry Fraud: Numerous e-commerce industries experienced an increase in fraud attacks, including:
- Food & Beverage (+79%), between Q4 2017 and Q4 2018
- Electronics (+73%), between Q1 2017 and Q1 2018
- Apparel & Accessories (+47%)
Sophisticated Fraud Attack Methods Abound:
- Fraud rings, when bad actors band together to commit fraud, have grown 26% this year.
- Fraudsters increasingly use bots to run automated scams, like mass logins, performing upwards of 100 attacks per second.
- Policy abuse, when individuals cheat merchants through the use of coupons and discount codes, has increased 170% since Q4 2017.
- Returns abuse, when criminals abuse retailers’ return policies, has decreased by 90% compared to Q4 2017, likely because several large merchants amended their policies to restrict the number of returns per customers.
- Instrument manipulation—or the use of burner phones, virtual machines, bots, etc., to pose as a legitimate shopper—increased 13% in 2018.
Among the highlights of the report:
Food & Beverage
Attacks against online food and beverage businesses (including restaurants, delivery services and merchants in this industry) have shown an increase in fraud for the second year in a row. In 2017, there was an increase of 60%, and comparing the Q4 2017 numbers to Q4 2018 shows an increase of 79%, indicating that this sector has retained and if anything increased its appeal to fraudsters.
There are numerous examples of fraudsters stealing for their own direct benefit rather than for monetization, especially with resellable items like high-end alcohol. In general, the popularity of this industry with criminals is due to its use as a payment testing zone—fraudsters testing out cards or wallets to see if they can get away with the purchase. Once successful, they know it is worth trying for a higher ticket order elsewhere.
Air travel has seen a decrease in fraud attacks over 2018, showing a dip of 29%. This indicates that the large data hacks within the industry, some of which made passport information available along with other stolen data, have yet to be reused to commit air travel fraud. This data is valuable enough to be leveraged for full-fledged identity theft (which may have many stages) rather than “thrown away” on a single fraud attempt. Within this industry, it is notable that there is a difference between the fraud attack rates seen by major airlines and by low cost airlines, with major airlines attacked 37% more.
Land travel and accommodation, on the other hand, witnessed a 19% increase in attack rates. As hotels, car rentals and train services aim to optimize for customer experience, they face challenges when it comes to fraud prevention. An ideal customer experience means removing some of the traditional barriers like requiring proof of identity. This provides fraudsters with an opportunity. Transactions and bookings where the payment is made online in advance are particularly prone to attack but are also increasingly popular with good customers. This industry will need to be especially careful to emphasize accuracy in antifraud going forward, avoiding risk-averse approaches that often result in false positives while also minimizing fraud.
The Customer Journey
Merchants need to protect their platforms beyond just the point of transaction. For years, legacy fraud systems and rules-based solutions have focused on the point of sale, neglecting the larger picture and the vulnerabilities before a customer makes it through to checkout.
Protecting the customer journey means understanding each of the touchpoints and interactions a shopper may experience prior to the point of transaction. This ranges from the moment a customer navigates to a merchant’s site to the point at which they log into their account or try to redeem any reward points they may have. Merchants need an “always on” solution. Retailers and fraud prevention professionals will have to adopt a more nuanced understanding and holistic view of their customers’ shopping experience to understand how to protect them from end to end.