In a time when criminal access to consumer data has never been more common, merchants continue to experience pervasive and persistent fraud attempts. That’s the key takeaway from the 2019 sixth annual Fraud Attack Index from Forter Inc. released Thursday.
How bad is the problem? Fraud grew in 2018 in every online merchant segment tracked by New York City-based Forter. Fraud attacks increased 79% for food-and-beverage merchants, followed by electronics at 73%; digital goods, 66%; apparel and accessories, 47%; and at 19% each for jewelry and luxury, and travel.
“While some might expect that luxury or electronic retailers would be the clear target for bad actors given the larger return from just one fraudulent transaction, the online food-and-beverage industry is actually an ideal testing zone for fraudsters to see if they can get away with a purchase using stolen credentials, making it especially vulnerable to attacks,” says Michael Reitblat, Forter founder and chief executive, in an email to Digital Transactions News. “Once successful, online criminals know it’s worth trying for a higher ticket order elsewhere.”
Compounding the fraud problem for this merchant group is that “online food-and-beverage merchants are later to the game of online and mobile transactions compared to retailers in other industries, and therefore haven’t had enough time to build up their fraud defenses, making them even easier to take advantage of,” Reitblat says.
As for how criminals like to attack, each of the methods tracked by Forter increased. At the top is policy abuse (gaming the rules for things like coupons and offers) at a 170% growth rate since the fourth quarter of 2017. Next is returns abuse, 90%; account takeover, 45%; fraud rings, 26%; and instrument manipulation, 13%.
The question with policy abuse is, how do e-commerce merchants address it without alienating consumers?
“With a 170% year-over-year increase in policy abuse targeting online merchants, the abuse of coupon codes and other promotions can severely impact a retailer’s bottom line, costing them hundreds of billions of dollars in annual losses,” Reitblat says.
“The solution for online retailers is not to implement more-complicated redemption processes that will have a negative impact on the customer experience, but to take an identity-centric approach to fraud prevention,” he says. “This way, e-commerce retailers can monitor shopper behavior during the browsing stage, account creation, loyalty-point redemption, and all the way through checkout. This approach will allow online merchants to provide a seamless shopping experience for good customers that are simply trying to save a few dollars on their purchase, and stop friendly fraudsters that are attempting to abuse the retailer’s system.”
While all merchant segments saw increases in fraud attack rates, the air component within travel actually experienced a 29% decrease.
“This surprising trend indicates that the massive amount of data stolen in 2018 breaches likely hasn’t been used to scam merchants and customers at its full potential,” Reitblat says. “Further, this finding raises the possibility that high-quality data stolen from breaches is being stockpiled to use in future attacks, meaning that the worst may still be yet to come for the industry.”