Today’s e-commerce landscape is shifting quickly with consumer expectations. Industries that were primarily brick and mortar are now expanding into the online realm, or adopting omni-channel offerings to appease customer needs. This shift is expected by consumers. They want you to be where they are, whether that be strolling through the mall or scrolling through Instagram. But this growth in online and mobile shopping also leaves a huge opportunity for fraudsters to exploit.
E-commerce fraud shows no signs of slowing down. As merchants become smarter in their defense methods, so too do fraudsters in their attack methods. And not every industry is created equally. Fraudsters are leveraging innovative methods to target different industries and attacking some more often than others. Forter’s Sixth Fraud Attack Index explores these differences and the most common fraud methods and vulnerabilities.
Food and Beverage Fraud
Historically, restaurants and grocers have operated exclusively out of physical locations. But now it is the norm to buy groceries and alcohol online and get your favorite meal delivered to your doorstep. Unlike other industries, these merchants are somewhat late adopters of e-commerce offerings and have had less time to put protective fraud measures in place. Fraudsters know this, and they exploit this weakness.
According to Forter’s Fraud Attack Index, the food and beverage industry was the hardest hit in 2018, with a 79% increase in fraud attacks. This is the second year in a row that Forter has seen a significant increase in attacks in this sector, seemingly implying that fraudsters have found a valuable industry to exploit.
Typically fraudsters use this industry as a payments testing zone; they test out cards or wallets that have been stolen to see if the payment method works. Once successful, they then use the stolen payment method for a higher ticket item elsewhere. On more rare occasions fraudsters steal for their own direct benefit, especially with resellable items like high-end alcohol.
Apparel and Accessories Fraud
On the other end of the spectrum is apparel and accessories. As one of the first categories to move online, apparel brands have plenty of experience fending off e-commerce fraud. But apparel still remains popular with fraudsters, seeing an increase of 47% in attacks over the past year. Attempts to buy goods in bulk are often not flagged as suspicious within this industry, as good customers will commonly buy for groups or teams, or purchasing items in more than one color or material. Additionally, legitimate buyers are willing to make purchases from third-party sites, making reselling much easier.
In particular, Forter saw an increase in BOT attacks against limited edition shoes last year. BOTs are automated scripts, which can run specific actions over and over again with great speed. When speciality, limited edition items go on sale, fraudsters use this speedy attack method to swipe as many as they can before the item sells out. The rarity of these items ensures an eager market and an easy upsell opportunity.
Jewelry and Luxury Fraud
Luxury items have always been a favorite for fraudsters. Think about it: steal one diamond ring or designer watch and fraudsters can cash in on a massive payday. As a result, merchants in this category continue to see an increase in fraud attacks year over year, with a 19% increase tracked in 2018. The vast majority of fraudsters are in it for the money, and luxury items provide an evergreen draw for online criminals. But there’s one thing luxury merchants must keep in mind when fighting fraud: shoppers are looking for the same seamless, high-end customer experience online that they experience in-store. That means brands can’t put clunky fraud prevention in place, that could delay an order or insult a customer, even if most transactions are high-risk.
Land travel and accommodations, such as hotels, car rentals, and train services, saw a fraud attack increase of 19% over the past year. This sector experiences many challenges that other industries don’t. The travel customer is harder to “pin down”. They will often book in new locations (such as in airports or hotels), book for an entire group, book through an agency, and book on-the-go, leaving little time for review. This makes it harder for companies to rely on single data points to flag suspicious activity. It is important that online travel brands use an identity-based approach to decide if they can trust a user or not. Additionally, user expectations in the travel industry are shifting. Customers want to be able to book online and book instantaneously, without unnecessary identity checks. However, fraudsters are beginning to take advantage of these customer experience improvements to hide their true intentions and identities.
Interestingly, air travel has seen a dip in fraud attacks over 2018, of 29%. This indicates that the large data hacks within the industry, some of which made passport information available along with other stolen data, have yet to be reused to commit air travel fraud. This data is valuable enough to be leveraged for fully fledged identity theft rather than “thrown away” on a single fraud attempt.
Not every industry is created equal, and fraudsters know that. They are specializing in unique ways to exploit specific industries, and leveraging tools like BOTs to attack at scale. Merchants must protect their platforms from end to end, beyond just the point of transaction. Ignoring the vulnerabilities both before and after checkout could lead to lost revenue and lost customer trust. To learn how other industries were affected by fraud in 2018, and how to keep your e-commerce platform safe, download Forter’s Sixth Fraud Attack Index.